Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: golang/sys
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.5.0
Choose a base ref
...
head repository: golang/sys
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.6.0
Choose a head ref
  • 19 commits
  • 96 files changed
  • 10 contributors

Commits on Feb 8, 2023

  1. unix: fix a use-after-free bug in PtraceIO on freebsd 

    In CL 419915, both pointer fields of the PtraceIoDesc struct were
converted to type uintptr to address golang/go#54113.

However, that change was overzealous: the fix needed to convert fields
that refer to addresses in the child process, but the Addr field of
PtraceIoDesc is not even in the child process! It is instead an
address in the parent (Go) process.

Go's unsafe.Pointer rules prohibit converting a Go pointer to a
uintptr except when immediately converting back to an unsafe.Pointer
or calling a system call. Populating a PtraceIoDesc struct is neither
of those things, so converting the Addr field to uintptr introduced a
use-after-free bug.

This change reverts the change to the Addr field from CL 419915 and
consolidates the implementation of PtraceIO to reduce the the amount
of code that varies with GOARCH.

This change does not address the remaining ptrace uintptr bug
(golang/go#58387), which is also present in the Linux implementation.

Fixes golang/go#58351.
Updates golang/go#54113.
For golang/go#41205.

Change-Id: I14bdb4af42130aa7b4375e3f53fd1a0435f14307
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465676
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
    @gopherbot
    Bryan C. Mills authored and gopherbot committed Feb 8, 2023
    Configuration menu
    Copy the full SHA
    c79a742 View commit details
    Browse the repository at this point in the history

  2. windows: Add WSALookupService syscall wrappers 

    Create WSAQUERYSET struct, add LUP_XX constants,
implement wrappers around WSALookupService functions.

Fixes golang/go#54232

Change-Id: I26624df1b2b44cd8750350fe4526b806513913fe
Reviewed-on: https://go-review.googlesource.com/c/sys/+/461296
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>
    @PumpkinSeed @gopherbot
    PumpkinSeed authored and gopherbot committed Feb 8, 2023
    Configuration menu
    Copy the full SHA
    4fee21c View commit details
    Browse the repository at this point in the history

Commits on Feb 17, 2023

  1. cpu: get hwcap/auxv from the Go 1.21+ runtime 

    Depends on https://go.dev/cl/458256

This change only does Linux for now.

Updates golang/go#57336

Change-Id: I0659697c1bdc6e2577c6251b964a0df32047ee12
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465295
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
    @bradfitz
    bradfitz committed Feb 17, 2023
    Configuration menu
    Copy the full SHA
    2da1413 View commit details
    Browse the repository at this point in the history

  2. unix: Faccess: check CAP_DAC_OVERRIDE on Linux 

    CL 126516 added support for flags argument, implemented in the same way
as glibc does (it tries to guess what the kernel would do).

CL 246537 added using faccess2(2) Linux syscall which supports the flags
directly. For older kernels, though, the syscall is not available, and
the code uses glibc-like fallback.

There is one very specific scenario in which the fallback fails.
The scenario involves all these conditions:
 - no faccessat2 support available (i.e. either Linux kernel < 5.8,
   or a seccomp set up to disable faccessat2);
 - the current user is not root (i.e. geteuid() != 0);
 - CAP_DAC_OVERRIDE capability is set for the current process;
 - the file to be executed does not have executable permission
   bit set for either the current EUID or EGID;
 - the file to be executed have at least one executable bit set.

Unfortunately, this set of conditions was observed in the wild -- a
container run as a non-root user with the binary file owned by root with
executable permission set for a user only [1]. Essentially it means it
is not as rare as it may seem.

Now, CAP_DAC_OVERRIDE essentially makes the kernel bypass most of the
checks, so execve(2) and friends work the same was as for root user,
i.e. if at least one executable bit it set, the permission to execute
is granted (see generic_permission() function in the Linux kernel).

Modify the code to check for CAP_DAC_OVERRIDE and mimic the kernel
behavior for permission checks.

This is essentially the same fix as CL 468735 for Go syscall package.

Tested on CentOS 7 with the repro similar to the one from [2].

[1] opencontainers/runc#3715
[2] golang/go#58552 (comment)

Change-Id: I726b6acab6a6e6d0358ef98e6a582b405c347614
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Reviewed-on: https://go-review.googlesource.com/c/sys/+/468877
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
    @kolyshkin @gopherbot
    kolyshkin authored and gopherbot committed Feb 17, 2023
    Configuration menu
    Copy the full SHA
    3b9b58b View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2023

  1. unix: add ioctlPtr with unsafe.Pointer arg on other unices 

    This is a followup for CL 340915 that adds ioctlPtr for all other
UNIX-like platforms.

For golang/go#44834

Change-Id: I0ecf84e53f13e5a8da736b3ba7f643262596d23c
Reviewed-on: https://go-review.googlesource.com/c/sys/+/469315
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Dmitri Goutnik <dgoutnik@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
    @dmgk
    dmgk committed Feb 21, 2023
    Configuration menu
    Copy the full SHA
    b13f40e View commit details
    Browse the repository at this point in the history

  2. execabs: don't override Go 1.19 error with our error 

    Go 1.19 incorporates the functionality of execabs directly.
If it has already reported an error, don't report our own error.

In particular Go 1.19 moved the error from lookPathErr to Err.
The code was already checking to not override lookPathErr.
With this change we also do not override Err.

Tested with Go 1.17 through Go 1.20.

Fixes golang/go#58606

Change-Id: I110127a3925f3800cc058d93e704604a59aa38f7
Reviewed-on: https://go-review.googlesource.com/c/sys/+/469735
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
    @ianlancetaylor @gopherbot
    ianlancetaylor authored and gopherbot committed Feb 21, 2023
    Configuration menu
    Copy the full SHA
    6877dcc View commit details
    Browse the repository at this point in the history

  3. unix: add ptracePtr that accepts pointer arg as unsafe.Pointer 

    The existing ptrace wrapper accepts pointer argument as an uintptr which
often points to the memory allocated in Go. This violates unsafe.Pointer safety
rules.

For golang/go#58387

Change-Id: Ib3b4c50368725191f0862c6c7c6d46b0568523c7
Reviewed-on: https://go-review.googlesource.com/c/sys/+/469835
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
    @dmgk @gopherbot
    dmgk authored and gopherbot committed Feb 21, 2023
    Configuration menu
    Copy the full SHA
    2977c77 View commit details
    Browse the repository at this point in the history

Commits on Feb 22, 2023

  1. unix/linux: add TUN flags and virtio_net_hdr constants 

    Change-Id: I10c86c100f4db77740eff6f07d91d6489b21b6f8
GitHub-Last-Rev: 3e8d734
GitHub-Pull-Request: #148
Reviewed-on: https://go-review.googlesource.com/c/sys/+/468656
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
    @jwhited @gopherbot
    jwhited authored and gopherbot committed Feb 22, 2023
    Configuration menu
    Copy the full SHA
    71a906e View commit details
    Browse the repository at this point in the history

  2. unix: use SYS_PTRACE in generated ptracePtr 

    CL 469835 broke the syscall wrapper generation on linux and freebsd by
generating a wrapper for the inexistent SYS_PTRACE_PTR syscall. The
ptracePtr added by CL 469835 correctly uses SYS_PTRACE, likely because
it was manually edited in that CL. However, the incorrect SYS_PTRACE_PTR
syscall is used when regenerating the syscall wrappers.

Change-Id: I270d66511f926d30a9d347930e977a026e033998
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470175
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
    @tklauser @gopherbot
    tklauser authored and gopherbot committed Feb 22, 2023
    Configuration menu
    Copy the full SHA
    a3b23cc View commit details
    Browse the repository at this point in the history

  3. unix: use C.ioctl in generated ioctlPtr 

    Changes made in CL 469315 broke aix syscall wrapper generaton by
generating a wrapper for a non-existent C.ioctl_ptr() function.

Change-Id: Iaeee3056480637c62a09ea61e2ec14793c59790a
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470235
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Dmitri Goutnik <dgoutnik@gmail.com>
    @dmgk
    dmgk committed Feb 22, 2023
    Configuration menu
    Copy the full SHA
    cc0b67d View commit details
    Browse the repository at this point in the history

Commits on Feb 23, 2023

  1. unix/linux: update to Linux kernel 6.2, glibc 2.37 and Go 1.20.1 

    Also remove some manually defined AT_* contstants which are now defined
in the libc headers.

Change-Id: I342976a22948e9b05e38dc7503d9dd356cee6c7b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470176
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
    @tklauser @gopherbot
    tklauser authored and gopherbot committed Feb 23, 2023
    Configuration menu
    Copy the full SHA
    972870e View commit details
    Browse the repository at this point in the history

  2. unix: pass PROT_MPROTECT(PROT_READ|PROT_WRITE) to initial Mmap on netbsd 

    On NetBSD PAX mprotect prohibits setting protection bits
missing from the original mmap call unless explicitly
requested with PROT_MPROTECT.

Fixes golang/go#58660

Change-Id: I1e97e920bc617ed1674855adaae5047638a30394
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470775
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
    @tklauser @gopherbot
    tklauser authored and gopherbot committed Feb 23, 2023
    Configuration menu
    Copy the full SHA
    748af6e View commit details
    Browse the repository at this point in the history

Commits on Feb 24, 2023

  1. unix: add Dup3 on FreeBSD 

    Other BSDs provide dup3(2) syscall, on FreeBSD it is implemented as libc
function using fcntl(2). This CL adds similar Go implementation.

Fixes golang/go#55935

Change-Id: I9c6d762415c7bed5442966a7fcbf9a6f8dfdaf2a
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470675
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
    @dmgk
    dmgk committed Feb 24, 2023
    Configuration menu
    Copy the full SHA
    92c4c39 View commit details
    Browse the repository at this point in the history

  2. unix: add ioctlPtr with unsafe.Pointer arg on other unices (cont) 

    CL 469315 missed a few conversions, this CL adds them. While
here, also update syscall wrapper generators.

For golang/go#44834

Change-Id: I4418a8c177ee6d1a269c1cc2c806b199dc7ccf0b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/471119
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Dmitri Goutnik <dgoutnik@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
    @dmgk
    dmgk committed Feb 24, 2023
    Configuration menu
    Copy the full SHA
    10499f4 View commit details
    Browse the repository at this point in the history

Commits on Feb 28, 2023

  1. unix: define extended TCPInfo on Linux 

    On Linux platforms, the kernel can fill out an extended version of
the tcp_info struct. Allow users of the sys package to have access to
that information.

Change-Id: Ib42ad572dd56c774c6d9e8b17fe3bdd8126147bb
Reviewed-on: https://go-review.googlesource.com/c/sys/+/471275
Run-TryBot: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
    @hawkinsw @gopherbot
    hawkinsw authored and gopherbot committed Feb 28, 2023
    Configuration menu
    Copy the full SHA
    6f25076 View commit details
    Browse the repository at this point in the history

  2. windows: use unsafe.Slice in (*RawSockaddrAny).Sockaddr on windows 

    Same as CL 472035 did in package syscall.

Change-Id: I153dfaa19933a2707848e4183d6ca704c2800a0e
Reviewed-on: https://go-review.googlesource.com/c/sys/+/472016
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
    @tklauser @gopherbot
    tklauser authored and gopherbot committed Feb 28, 2023
    Configuration menu
    Copy the full SHA
    c10701f View commit details
    Browse the repository at this point in the history

  3. unix: use unsafe.Slice in anyToSockaddr 

    Same as CL 471436 did in package syscall.

Change-Id: Ic3f3a5ebb7ebe0cc7b6bbf377dd993cdbeaaa961
Reviewed-on: https://go-review.googlesource.com/c/sys/+/472015
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
    @tklauser @gopherbot
    tklauser authored and gopherbot committed Feb 28, 2023
    Configuration menu
    Copy the full SHA
    a6bfb89 View commit details
    Browse the repository at this point in the history

Commits on Mar 2, 2023

  1. unix: add SetsockoptTCPMD5Sig on linux 

    This allows to set the TCP MD5 signature (see
https://www.rfc-editor.org/rfc/rfc2385) using TCPMD5Sig introduced in CL
106656.

Also export the storage data field in SockaddrStorage and convert it to
a byte array so the address in TCPMD5Sig.Addr can be set from an net.IP
without conversion.

Change-Id: I6bccfab57c188fcef857a6a3c514c943ca00b670
Reviewed-on: https://go-review.googlesource.com/c/sys/+/472835
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
    @tklauser @gopherbot
    tklauser authored and gopherbot committed Mar 2, 2023
    Configuration menu
    Copy the full SHA
    1470852 View commit details
    Browse the repository at this point in the history

Commits on Mar 4, 2023

  1. unix: define PerfBitWriteBackward 

    Change-Id: I0b95006039b4efcd0094ba96281100abeafc993e
GitHub-Last-Rev: 43383aa
GitHub-Pull-Request: #149
Reviewed-on: https://go-review.googlesource.com/c/sys/+/473135
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
    @gopherbot
    Francis Laniel authored and gopherbot committed Mar 4, 2023
    Configuration menu
    Copy the full SHA
    c7a1bf9 View commit details
    Browse the repository at this point in the history
Loading