github.com/metacubex/gvisor@v0.0.0-20240320004321-933faba989ec/pkg/sentry/platform/systrap/sysmsg_thread.go (about)

     1  // Copyright 2020 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package systrap
    16  
    17  import (
    18  	"fmt"
    19  
    20  	"golang.org/x/sys/unix"
    21  	"github.com/metacubex/gvisor/pkg/abi/linux"
    22  	"github.com/metacubex/gvisor/pkg/bpf"
    23  	"github.com/metacubex/gvisor/pkg/log"
    24  	"github.com/metacubex/gvisor/pkg/seccomp"
    25  	"github.com/metacubex/gvisor/pkg/sentry/arch"
    26  	"github.com/metacubex/gvisor/pkg/sentry/memmap"
    27  	"github.com/metacubex/gvisor/pkg/sentry/platform/systrap/sysmsg"
    28  )
    29  
    30  // sysmsgThread describes a sysmsg stub thread which isn't traced
    31  // and communicates with the Sentry via the sysmsg protocol.
    32  //
    33  // This type of thread is used to execute user processes.
    34  type sysmsgThread struct {
    35  	// subproc is a link to the subprocess which is used to call native
    36  	// system calls.
    37  	subproc *subprocess
    38  
    39  	// thread is a thread identifier.
    40  	thread *thread
    41  
    42  	// msg is a pointer to a shared sysmsg structure in the Sentry address
    43  	// space which is used to communicate with the thread.
    44  	msg *sysmsg.Msg
    45  
    46  	// context is the last context that ran on this thread.
    47  	context *platformContext
    48  
    49  	// stackRange is a sysmsg stack in the memory file.
    50  	stackRange memmap.FileRange
    51  
    52  	// fpuStateToMsgOffset is the offset of a thread fpu state relative to sysmsg.
    53  	fpuStateToMsgOffset uint64
    54  }
    55  
    56  // sysmsgPerThreadMemAddr returns a sysmsg stack address in the thread address
    57  // space.
    58  func (p *sysmsgThread) sysmsgPerThreadMemAddr() uintptr {
    59  	return stubSysmsgStack + sysmsg.PerThreadMemSize*uintptr(p.thread.sysmsgStackID)
    60  }
    61  
    62  // mapStack maps a sysmsg stack into the thread address space.
    63  func (p *sysmsgThread) mapStack(addr uintptr, readOnly bool) error {
    64  	prot := uintptr(unix.PROT_READ)
    65  	if !readOnly {
    66  		prot |= unix.PROT_WRITE
    67  	}
    68  	_, err := p.thread.syscallIgnoreInterrupt(&p.thread.initRegs, unix.SYS_MMAP,
    69  		arch.SyscallArgument{Value: addr},
    70  		arch.SyscallArgument{Value: uintptr(p.stackRange.Length())},
    71  		arch.SyscallArgument{Value: prot},
    72  		arch.SyscallArgument{Value: unix.MAP_SHARED | unix.MAP_FILE | unix.MAP_FIXED},
    73  		arch.SyscallArgument{Value: uintptr(p.subproc.memoryFile.FD())},
    74  		arch.SyscallArgument{Value: uintptr(p.stackRange.Start)})
    75  	return err
    76  }
    77  
    78  // mapPrivateStack maps a private stack into the thread address space.
    79  func (p *sysmsgThread) mapPrivateStack(addr uintptr, size uintptr) error {
    80  	prot := uintptr(unix.PROT_READ | unix.PROT_WRITE)
    81  	_, err := p.thread.syscallIgnoreInterrupt(&p.thread.initRegs, unix.SYS_MMAP,
    82  		arch.SyscallArgument{Value: addr},
    83  		arch.SyscallArgument{Value: size},
    84  		arch.SyscallArgument{Value: prot},
    85  		arch.SyscallArgument{Value: unix.MAP_PRIVATE | unix.MAP_ANONYMOUS | unix.MAP_FIXED},
    86  		arch.SyscallArgument{Value: 0},
    87  		arch.SyscallArgument{Value: 0})
    88  	return err
    89  }
    90  
    91  func (p *sysmsgThread) Debugf(format string, v ...any) {
    92  	if !log.IsLogging(log.Debug) {
    93  		return
    94  	}
    95  	msg := p.msg
    96  	postfix := fmt.Sprintf(": %s", msg)
    97  	p.thread.Debugf(format+postfix, v...)
    98  }
    99  
   100  func sysmsgThreadRules(stubStart uintptr) []bpf.Instruction {
   101  	rules := []seccomp.RuleSet{}
   102  	rules = appendSysThreadArchSeccompRules(rules)
   103  	rules = append(rules, []seccomp.RuleSet{
   104  		// Allow instructions from the sysmsg code stub, which is limited by one page.
   105  		{
   106  			Rules: seccomp.MakeSyscallRules(map[uintptr]seccomp.SyscallRule{
   107  				unix.SYS_FUTEX: seccomp.Or{
   108  					seccomp.PerArg{
   109  						seccomp.GreaterThan(stubStart),
   110  						seccomp.EqualTo(linux.FUTEX_WAKE),
   111  						seccomp.EqualTo(1),
   112  						seccomp.EqualTo(0),
   113  						seccomp.EqualTo(0),
   114  						seccomp.EqualTo(0),
   115  						seccomp.GreaterThan(stubStart), // rip
   116  					},
   117  					seccomp.PerArg{
   118  						seccomp.GreaterThan(stubStart),
   119  						seccomp.EqualTo(linux.FUTEX_WAIT),
   120  						seccomp.AnyValue{},
   121  						seccomp.EqualTo(0),
   122  						seccomp.EqualTo(0),
   123  						seccomp.EqualTo(0),
   124  						seccomp.GreaterThan(stubStart), // rip
   125  					},
   126  				},
   127  				unix.SYS_RT_SIGRETURN: seccomp.PerArg{
   128  					seccomp.AnyValue{},
   129  					seccomp.AnyValue{},
   130  					seccomp.AnyValue{},
   131  					seccomp.AnyValue{},
   132  					seccomp.AnyValue{},
   133  					seccomp.AnyValue{},
   134  					seccomp.GreaterThan(stubStart), // rip
   135  				},
   136  				unix.SYS_SCHED_YIELD: seccomp.PerArg{
   137  					seccomp.AnyValue{},
   138  					seccomp.AnyValue{},
   139  					seccomp.AnyValue{},
   140  					seccomp.AnyValue{},
   141  					seccomp.AnyValue{},
   142  					seccomp.AnyValue{},
   143  					seccomp.GreaterThan(stubStart), // rip
   144  				},
   145  			}),
   146  			Action: linux.SECCOMP_RET_ALLOW,
   147  		},
   148  	}...)
   149  	instrs, _, err := seccomp.BuildProgram(rules, seccomp.ProgramOptions{
   150  		DefaultAction: linux.SECCOMP_RET_TRAP,
   151  		BadArchAction: linux.SECCOMP_RET_TRAP,
   152  	})
   153  	if err != nil {
   154  		panic(fmt.Sprintf("failed to build rules for sysmsg threads: %v", err))
   155  	}
   156  
   157  	return instrs
   158  }