systrap: Replace all instances of unix.RawSyscall with pkg/hostsyscal…

…l variants.

PiperOrigin-RevId: 681941600

pkg/sentry/platform/systrap/BUILD

@@ -82,6 +82,7 @@ go_library(
         "//pkg/cpuid",
         "//pkg/fd",
         "//pkg/hostarch",
+        "//pkg/hostsyscall",
         "//pkg/log",
         "//pkg/memutil",
         "//pkg/metric",

pkg/sentry/platform/systrap/context_queue_unsafe.go

@@ -19,10 +19,11 @@ import (
 
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 )
 
 func (q *contextQueue) wakeupSysmsgThread() {
-	unix.RawSyscall6(unix.SYS_FUTEX,
+	hostsyscall.RawSyscall(unix.SYS_FUTEX,
 		uintptr(unsafe.Pointer(&q.numThreadsToWakeup)),
-		linux.FUTEX_WAKE, 1, 0, 0, 0)
+		linux.FUTEX_WAKE, 1)
 }

pkg/sentry/platform/systrap/shared_context.go

@@ -22,6 +22,7 @@ import (
 	"time"
 
 	"golang.org/x/sys/unix"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
 	"gvisor.dev/gvisor/pkg/sentry/platform/systrap/sysmsg"
@@ -140,7 +141,7 @@ func (sc *sharedContext) NotifyInterrupt() {
 	}
 
 	t := sysmsgThread.thread
-	if _, _, e := unix.RawSyscall(unix.SYS_TGKILL, uintptr(t.tgid), uintptr(t.tid), uintptr(platform.SignalInterrupt)); e != 0 {
+	if e := hostsyscall.RawSyscallErrno(unix.SYS_TGKILL, uintptr(t.tgid), uintptr(t.tid), uintptr(platform.SignalInterrupt)); e != 0 {
 		panic(fmt.Sprintf("failed to interrupt the child process %d: %v", t.tid, e))
 	}
 }

pkg/sentry/platform/systrap/stub_unsafe.go

@@ -23,6 +23,7 @@ import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/bpf"
 	"gvisor.dev/gvisor/pkg/hostarch"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/safecopy"
 	"gvisor.dev/gvisor/pkg/sentry/platform/systrap/sysmsg"
@@ -88,7 +89,7 @@ func copySeccompRulesToStub(instrs []bpf.Instruction, stubAddr, size uintptr) {
 	sockProg.Len = uint16(len(instrs))
 	sockProg.Filter = (*linux.BPFInstruction)(unsafe.Pointer(progPtr))
 	// Make the seccomp rules stub read-only.
-	if _, _, errno := unix.RawSyscall(
+	if errno := hostsyscall.RawSyscallErrno(
 		unix.SYS_MPROTECT,
 		stubAddr,
 		size,
@@ -176,7 +177,7 @@ func stubInit() {
 		// something that may have been there already. We just walk
 		// down the address space until we find a place where the stub
 		// can be placed.
-		addr, _, _ := unix.RawSyscall6(
+		addr, _ := hostsyscall.RawSyscall6(
 			unix.SYS_MMAP,
 			stubStart,
 			stubROMapEnd,
@@ -188,7 +189,7 @@ func stubInit() {
 		}
 		if addr != 0 {
 			// Unmap the region we've mapped accidentally.
-			unix.RawSyscall(unix.SYS_MUNMAP, addr, stubROMapEnd, 0)
+			hostsyscall.RawSyscall(unix.SYS_MUNMAP, addr, stubROMapEnd, 0)
 		}
 		stubStart = uintptr(0)
 	}
@@ -246,7 +247,7 @@ func stubInit() {
 		stubSyscallRules, stubSyscallRulesLen)
 
 	// Make the stub executable.
-	if _, _, errno := unix.RawSyscall(
+	if errno := hostsyscall.RawSyscallErrno(
 		unix.SYS_MPROTECT,
 		stubStart,
 		stubROMapEnd-stubStart,

pkg/sentry/platform/systrap/subprocess.go

@@ -25,6 +25,7 @@ import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/atomicbitops"
 	"gvisor.dev/gvisor/pkg/hostarch"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/pool"
 	"gvisor.dev/gvisor/pkg/seccomp"
@@ -181,7 +182,7 @@ type subprocess struct {
 var seccompNotifyIsSupported = false
 
 func initSeccompNotify() {
-	_, _, errno := unix.Syscall(seccomp.SYS_SECCOMP, linux.SECCOMP_SET_MODE_FILTER, linux.SECCOMP_FILTER_FLAG_NEW_LISTENER, 0)
+	errno := hostsyscall.RawSyscallErrno(seccomp.SYS_SECCOMP, linux.SECCOMP_SET_MODE_FILTER, linux.SECCOMP_FILTER_FLAG_NEW_LISTENER, 0)
 	switch errno {
 	case unix.EFAULT:
 		// seccomp unotify is supported.
@@ -285,7 +286,7 @@ func (s *subprocess) handlePtraceSyscallRequest(req any) {
 		}
 		t.sysmsgStackID = id
 
-		if _, _, e := unix.RawSyscall(unix.SYS_TGKILL, uintptr(t.tgid), uintptr(t.tid), uintptr(unix.SIGSTOP)); e != 0 {
+		if e := hostsyscall.RawSyscallErrno(unix.SYS_TGKILL, uintptr(t.tgid), uintptr(t.tid), uintptr(unix.SIGSTOP)); e != 0 {
 			handlePtraceSyscallRequestError(req, "tkill failed: %v", e)
 			return
 		}
@@ -423,7 +424,7 @@ func (s *subprocess) mapSharedRegions() {
 	if err != nil {
 		panic(fmt.Sprintf("failed to allocate a new subprocess context memory region"))
 	}
-	sentryThreadContextRegionAddr, _, errno := unix.RawSyscall6(
+	sentryThreadContextRegionAddr, errno := hostsyscall.RawSyscall6(
 		unix.SYS_MMAP,
 		0,
 		uintptr(threadContextFR.Length()),
@@ -503,7 +504,7 @@ func (s *subprocess) release() {
 
 // attach attaches to the thread.
 func (t *thread) attach() error {
-	if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_ATTACH, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+	if errno := hostsyscall.RawSyscallErrno(unix.SYS_PTRACE, unix.PTRACE_ATTACH, uintptr(t.tid), 0); errno != 0 {
 		return fmt.Errorf("unable to attach: %v", errno)
 	}
 
@@ -537,7 +538,7 @@ func (t *thread) grabInitRegs() {
 //
 // Because the SIGSTOP is not suppressed, the thread will enter group-stop.
 func (t *thread) detach() {
-	if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(unix.SIGSTOP), 0, 0); errno != 0 {
+	if errno := hostsyscall.RawSyscallErrno6(unix.SYS_PTRACE, unix.PTRACE_DETACH, uintptr(t.tid), 0, uintptr(unix.SIGSTOP), 0, 0); errno != 0 {
 		panic(fmt.Sprintf("can't detach new clone: %v", errno))
 	}
 }
@@ -682,7 +683,7 @@ func (t *thread) init() {
 	// Set the TRACESYSGOOD option to differentiate real SIGTRAP.
 	// set PTRACE_O_EXITKILL to ensure that the unexpected exit of the
 	// sentry will immediately kill the associated stubs.
-	_, _, errno := unix.RawSyscall6(
+	errno := hostsyscall.RawSyscallErrno6(
 		unix.SYS_PTRACE,
 		unix.PTRACE_SETOPTIONS,
 		uintptr(t.tid),
@@ -709,7 +710,7 @@ func (t *thread) syscall(regs *arch.Registers) (uintptr, error) {
 		// Execute the syscall instruction. The task has to stop on the
 		// trap instruction which is right after the syscall
 		// instruction.
-		if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_CONT, uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+		if errno := hostsyscall.RawSyscallErrno(unix.SYS_PTRACE, unix.PTRACE_CONT, uintptr(t.tid), 0); errno != 0 {
 			panic(fmt.Sprintf("ptrace syscall-enter failed: %v", errno))
 		}
 
@@ -1061,7 +1062,7 @@ func (s *subprocess) createSysmsgThread() error {
 	}
 
 	// Skip SIGSTOP.
-	if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_CONT, uintptr(p.tid), 0, 0, 0, 0); errno != 0 {
+	if errno := hostsyscall.RawSyscallErrno(unix.SYS_PTRACE, unix.PTRACE_CONT, uintptr(p.tid), 0); errno != 0 {
 		panic(fmt.Sprintf("ptrace cont failed: %v", errno))
 	}
 	sig := p.wait(stopped)
@@ -1089,7 +1090,7 @@ func (s *subprocess) createSysmsgThread() error {
 	threadID := uint32(p.sysmsgStackID)
 
 	// Map the stack into the sentry.
-	sentryStackAddr, _, errno := unix.RawSyscall6(
+	sentryStackAddr, errno := hostsyscall.RawSyscall6(
 		unix.SYS_MMAP,
 		0,
 		sysmsg.PerThreadSharedStackSize,
@@ -1169,11 +1170,11 @@ func (s *subprocess) createSysmsgThread() error {
 	}
 	archSpecificSysmsgThreadInit(sysThread)
 	// Skip SIGSTOP.
-	if _, _, e := unix.RawSyscall(unix.SYS_TGKILL, uintptr(p.tgid), uintptr(p.tid), uintptr(unix.SIGCONT)); e != 0 {
+	if e := hostsyscall.RawSyscallErrno(unix.SYS_TGKILL, uintptr(p.tgid), uintptr(p.tid), uintptr(unix.SIGCONT)); e != 0 {
 		panic(fmt.Sprintf("tkill failed: %v", e))
 	}
 	// Resume the BPF process.
-	if _, _, errno := unix.RawSyscall6(unix.SYS_PTRACE, unix.PTRACE_DETACH, uintptr(p.tid), 0, 0, 0, 0); errno != 0 {
+	if errno := hostsyscall.RawSyscallErrno(unix.SYS_PTRACE, unix.PTRACE_DETACH, uintptr(p.tid), 0); errno != 0 {
 		panic(fmt.Sprintf("can't detach new clone: %v", errno))
 	}
 

pkg/sentry/platform/systrap/subprocess_amd64.go

@@ -23,6 +23,7 @@ import (
 
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/seccomp"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform/systrap/sysmsg"
@@ -174,7 +175,7 @@ func maybePatchSignalInfo(regs *arch.Registers, signalInfo *linux.SignalInfo) bo
 //go:nosplit
 //go:norace
 func enableCpuidFault() {
-	unix.RawSyscall6(unix.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0)
+	hostsyscall.RawSyscall(unix.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0)
 }
 
 // appendArchSeccompRules append architecture specific seccomp rules when creating BPF program.

pkg/sentry/platform/systrap/subprocess_arm64.go

@@ -23,6 +23,7 @@ import (
 
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/seccomp"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform/systrap/sysmsg"
@@ -151,10 +152,10 @@ func (s *subprocess) arm64SyscallWorkaround(t *thread, regs *arch.Registers) {
 	// signal, resume a stub thread and catch it on a signal handling.
 	t.NotifyInterrupt()
 	for {
-		if _, _, errno := unix.RawSyscall6(
+		if errno := hostsyscall.RawSyscallErrno(
 			unix.SYS_PTRACE,
 			unix.PTRACE_SYSEMU,
-			uintptr(t.tid), 0, 0, 0, 0); errno != 0 {
+			uintptr(t.tid), 0); errno != 0 {
 			panic(fmt.Sprintf("ptrace sysemu failed: %v", errno))
 		}
 
@@ -190,7 +191,7 @@ func retrieveArchSpecificState(ctx *sysmsg.ThreadContext, ac *arch.Context64) {
 
 func archSpecificSysmsgThreadInit(sysThread *sysmsgThread) {
 	// Send a fake event to stop the BPF process so that it enters the sighandler.
-	if _, _, e := unix.RawSyscall(unix.SYS_TGKILL, uintptr(sysThread.thread.tgid), uintptr(sysThread.thread.tid), uintptr(unix.SIGSEGV)); e != 0 {
+	if e := hostsyscall.RawSyscallErrno(unix.SYS_TGKILL, uintptr(sysThread.thread.tgid), uintptr(sysThread.thread.tid), uintptr(unix.SIGSEGV)); e != 0 {
 		panic(fmt.Sprintf("tkill failed: %v", e))
 	}
 }

pkg/sentry/platform/systrap/subprocess_linux.go

@@ -23,6 +23,7 @@ import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/bpf"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/seccomp"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 )
@@ -167,13 +168,13 @@ func forkStub(flags uintptr, instrs []bpf.Instruction) (*thread, error) {
 	)
 
 	// Remember the current ppid for the pdeathsig race.
-	ppid, _, _ = unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0)
+	ppid, _ = hostsyscall.RawSyscall(unix.SYS_GETPID, 0, 0, 0)
 
 	// Among other things, beforeFork masks all signals.
 	beforeFork()
 
 	// Do the clone.
-	pid, _, errno = unix.RawSyscall6(unix.SYS_CLONE, flags, 0, 0, 0, 0, 0)
+	pid, errno = hostsyscall.RawSyscall(unix.SYS_CLONE, flags, 0, 0)
 	if errno != 0 {
 		afterFork()
 		return nil, errno
@@ -210,28 +211,28 @@ func forkStub(flags uintptr, instrs []bpf.Instruction) (*thread, error) {
 	// prevents the stub from getting PTY job control signals intended only
 	// for the sentry process. We must call this before restoring signal
 	// mask.
-	if _, _, errno := unix.RawSyscall(unix.SYS_SETSID, 0, 0, 0); errno != 0 {
-		unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
+	if errno := hostsyscall.RawSyscallErrno(unix.SYS_SETSID, 0, 0, 0); errno != 0 {
+		hostsyscall.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
 	}
 
 	// afterForkInChild resets all signals to their default dispositions
 	// and restores the signal mask to its pre-fork state.
 	afterForkInChild()
 
 	if errno := sysmsgSigactions(stubSysmsgStart); errno != 0 {
-		unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
+		hostsyscall.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
 	}
 
 	// Explicitly unmask all signals to ensure that the tracer can see
 	// them.
 	if errno := unmaskAllSignals(); errno != 0 {
-		unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
+		hostsyscall.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
 	}
 
 	// Set an aggressive BPF filter for the stub and all it's children. See
 	// the description of the BPF program built above.
 	if errno := seccomp.SetFilterInChild(instrs); errno != 0 {
-		unix.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
+		hostsyscall.RawSyscall(unix.SYS_EXIT, uintptr(errno), 0, 0)
 	}
 
 	// Enable cpuid-faulting.

pkg/sentry/platform/systrap/subprocess_linux_unsafe.go

@@ -23,6 +23,7 @@ import (
 
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 )
 
 // maskPool contains reusable CPU masks for setting affinity. Unfortunately,
@@ -47,6 +48,6 @@ var maskPool = sync.Pool{
 //go:norace
 func unmaskAllSignals() unix.Errno {
 	var set linux.SignalSet
-	_, _, errno := unix.RawSyscall6(unix.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0)
+	errno := hostsyscall.RawSyscallErrno6(unix.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0)
 	return errno
 }

pkg/sentry/platform/systrap/subprocess_unsafe.go

@@ -27,6 +27,7 @@ import (
 
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/memmap"
@@ -64,7 +65,7 @@ func mmapContextQueueForSentry(memoryFile *pgalloc.MemoryFile, opts pgalloc.Allo
 	if err != nil {
 		panic(fmt.Sprintf("failed to allocate a new subprocess context memory region"))
 	}
-	addr, _, errno := unix.RawSyscall6(
+	addr, errno := hostsyscall.RawSyscall6(
 		unix.SYS_MMAP,
 		0,
 		uintptr(fr.Length()),

pkg/sentry/platform/systrap/syscall_thread.go

@@ -22,6 +22,7 @@ import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/hostarch"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/seccomp"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/memmap"
@@ -105,7 +106,7 @@ func (t *syscallThread) init(seccompNotify bool) error {
 	}
 
 	// Map the stack into the sentry.
-	sentryAddr, _, errno := unix.RawSyscall6(
+	sentryAddr, errno := hostsyscall.RawSyscall6(
 		unix.SYS_MMAP,
 		0,
 		syscallThreadMessageSize,
@@ -124,11 +125,11 @@ func (t *syscallThread) init(seccompNotify bool) error {
 
 func (t *syscallThread) destroy() {
 	if t.sentryAddr != 0 {
-		_, _, errno := unix.RawSyscall6(
+		errno := hostsyscall.RawSyscallErrno(
 			unix.SYS_MUNMAP,
 			t.sentryAddr,
 			syscallThreadMessageSize,
-			0, 0, 0, 0)
+			0)
 		if errno != 0 {
 			panic(fmt.Sprintf("mumap failed: %v", errno))
 		}
@@ -153,7 +154,7 @@ func (t *syscallThread) installSeccompNotify() (*os.File, error) {
 	if err != nil {
 		return nil, err
 	}
-	_, _, errno := unix.RawSyscall(unix.SYS_IOCTL, fd, linux.SECCOMP_IOCTL_NOTIF_SET_FLAGS, linux.SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP)
+	errno := hostsyscall.RawSyscallErrno(unix.SYS_IOCTL, fd, linux.SECCOMP_IOCTL_NOTIF_SET_FLAGS, linux.SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP)
 	if errno != 0 {
 		t.thread.Debugf("failed to set SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP")
 	}

pkg/sentry/platform/systrap/syscall_thread_amd64.go

@@ -22,6 +22,7 @@ import (
 	"runtime"
 
 	"golang.org/x/sys/unix"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 )
 
@@ -47,7 +48,7 @@ func (t *syscallThread) detach() {
 		panic(fmt.Sprintf("ptrace set regs failed: %v", err))
 	}
 	p.detach()
-	if _, _, e := unix.RawSyscall(unix.SYS_TGKILL, uintptr(p.tgid), uintptr(p.tid), uintptr(unix.SIGCONT)); e != 0 {
+	if e := hostsyscall.RawSyscallErrno(unix.SYS_TGKILL, uintptr(p.tgid), uintptr(p.tid), uintptr(unix.SIGCONT)); e != 0 {
 		panic(fmt.Sprintf("tkill failed: %v", e))
 	}
 	runtime.UnlockOSThread()

pkg/sentry/platform/systrap/syscall_thread_arm64.go

@@ -22,6 +22,7 @@ import (
 	"runtime"
 
 	"golang.org/x/sys/unix"
+	"gvisor.dev/gvisor/pkg/hostsyscall"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 )
 
@@ -47,7 +48,7 @@ func (t *syscallThread) detach() {
 		panic(fmt.Sprintf("ptrace set regs failed: %v", err))
 	}
 	p.detach()
-	if _, _, e := unix.RawSyscall(unix.SYS_TGKILL, uintptr(p.tgid), uintptr(p.tid), uintptr(unix.SIGCONT)); e != 0 {
+	if e := hostsyscall.RawSyscallErrno(unix.SYS_TGKILL, uintptr(p.tgid), uintptr(p.tid), uintptr(unix.SIGCONT)); e != 0 {
 		panic(fmt.Sprintf("tkill failed: %v", e))
 	}
 	runtime.UnlockOSThread()