// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // Linux system calls. // This file is compiled as ordinary Go code, // but it is also input to mksyscall, // which parses the //sys lines and generates system call stubs. // Note that sometimes we use a lowercase //sys name and // wrap it in our own nicer implementation. package syscall import ( "internal/itoa" runtimesyscall "internal/runtime/syscall" "runtime" "unsafe" ) // Pull in entersyscall/exitsyscall for Syscall/Syscall6. // // Note that this can't be a push linkname because the runtime already has a // nameless linkname to export to assembly here and in x/sys. Additionally, // entersyscall fetches the caller PC and SP and thus can't have a wrapper // inbetween. //go:linkname runtime_entersyscall runtime.entersyscall func runtime_entersyscall() //go:linkname runtime_exitsyscall runtime.exitsyscall func runtime_exitsyscall() // N.B. For the Syscall functions below: // // //go:uintptrkeepalive because the uintptr argument may be converted pointers // that need to be kept alive in the caller. // // //go:nosplit because stack copying does not account for uintptrkeepalive, so // the stack must not grow. Stack copying cannot blindly assume that all // uintptr arguments are pointers, because some values may look like pointers, // but not really be pointers, and adjusting their value would break the call. // // //go:norace, on RawSyscall, to avoid race instrumentation if RawSyscall is // called after fork, or from a signal handler. // // //go:linkname to ensure ABI wrappers are generated for external callers // (notably x/sys/unix assembly). //go:uintptrkeepalive //go:nosplit //go:norace //go:linkname RawSyscall func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) { return RawSyscall6(trap, a1, a2, a3, 0, 0, 0) } //go:uintptrkeepalive //go:nosplit //go:norace //go:linkname RawSyscall6 func RawSyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) { var errno uintptr r1, r2, errno = runtimesyscall.Syscall6(trap, a1, a2, a3, a4, a5, a6) err = Errno(errno) return } //go:uintptrkeepalive //go:nosplit //go:linkname Syscall func Syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) { runtime_entersyscall() // N.B. Calling RawSyscall here is unsafe with atomic coverage // instrumentation and race mode. // // Coverage instrumentation will add a sync/atomic call to RawSyscall. // Race mode will add race instrumentation to sync/atomic. Race // instrumentation requires a P, which we no longer have. // // RawSyscall6 is fine because it is implemented in assembly and thus // has no coverage instrumentation. // // This is typically not a problem in the runtime because cmd/go avoids // adding coverage instrumentation to the runtime in race mode. r1, r2, err = RawSyscall6(trap, a1, a2, a3, 0, 0, 0) runtime_exitsyscall() return } //go:uintptrkeepalive //go:nosplit //go:linkname Syscall6 func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) { runtime_entersyscall() r1, r2, err = RawSyscall6(trap, a1, a2, a3, a4, a5, a6) runtime_exitsyscall() return } func rawSyscallNoError(trap, a1, a2, a3 uintptr) (r1, r2 uintptr) func rawVforkSyscall(trap, a1, a2, a3 uintptr) (r1 uintptr, err Errno) /* * Wrapped */ func Access(path string, mode uint32) (err error) { return Faccessat(_AT_FDCWD, path, mode, 0) } func Chmod(path string, mode uint32) (err error) { return Fchmodat(_AT_FDCWD, path, mode, 0) } func Chown(path string, uid int, gid int) (err error) { return Fchownat(_AT_FDCWD, path, uid, gid, 0) } func Creat(path string, mode uint32) (fd int, err error) { return Open(path, O_CREAT|O_WRONLY|O_TRUNC, mode) } func EpollCreate(size int) (fd int, err error) { if size <= 0 { return -1, EINVAL } return EpollCreate1(0) } func isGroupMember(gid int) bool { groups, err := Getgroups() if err != nil { return false } for _, g := range groups { if g == gid { return true } } return false } func isCapDacOverrideSet() bool { const _CAP_DAC_OVERRIDE = 1 var c caps c.hdr.version = _LINUX_CAPABILITY_VERSION_3 _, _, err := RawSyscall(SYS_CAPGET, uintptr(unsafe.Pointer(&c.hdr)), uintptr(unsafe.Pointer(&c.data[0])), 0) return err == 0 && c.data[0].effective&capToMask(_CAP_DAC_OVERRIDE) != 0 } //sys faccessat(dirfd int, path string, mode uint32) (err error) //sys faccessat2(dirfd int, path string, mode uint32, flags int) (err error) = _SYS_faccessat2 func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) { if flags == 0 { return faccessat(dirfd, path, mode) } // Attempt to use the newer faccessat2, which supports flags directly, // falling back if it doesn't exist. // // Don't attempt on Android, which does not allow faccessat2 through // its seccomp policy [1] on any version of Android as of 2022-12-20. // // [1] https://cs.android.com/android/platform/superproject/+/master:bionic/libc/SECCOMP_BLOCKLIST_APP.TXT;l=4;drc=dbb8670dfdcc677f7e3b9262e93800fa14c4e417 if runtime.GOOS != "android" { if err := faccessat2(dirfd, path, mode, flags); err != ENOSYS && err != EPERM { return err } } // The Linux kernel faccessat system call does not take any flags. // The glibc faccessat implements the flags itself; see // https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/faccessat.c;hb=HEAD // Because people naturally expect syscall.Faccessat to act // like C faccessat, we do the same. if flags & ^(_AT_SYMLINK_NOFOLLOW|_AT_EACCESS) != 0 { return EINVAL } var st Stat_t if err := fstatat(dirfd, path, &st, flags&_AT_SYMLINK_NOFOLLOW); err != nil { return err } mode &= 7 if mode == 0 { return nil } // Fallback to checking permission bits. var uid int if flags&_AT_EACCESS != 0 { uid = Geteuid() if uid != 0 && isCapDacOverrideSet() { // If CAP_DAC_OVERRIDE is set, file access check is // done by the kernel in the same way as for root // (see generic_permission() in the Linux sources). uid = 0 } } else { uid = Getuid() } if uid == 0 { if mode&1 == 0 { // Root can read and write any file. return nil } if st.Mode&0111 != 0 { // Root can execute any file that anybody can execute. return nil } return EACCES } var fmode uint32 if uint32(uid) == st.Uid { fmode = (st.Mode >> 6) & 7 } else { var gid int if flags&_AT_EACCESS != 0 { gid = Getegid() } else { gid = Getgid() } if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) { fmode = (st.Mode >> 3) & 7 } else { fmode = st.Mode & 7 } } if fmode&mode == mode { return nil } return EACCES } //sys fchmodat(dirfd int, path string, mode uint32) (err error) //sys fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) = _SYS_fchmodat2 func Fchmodat(dirfd int, path string, mode uint32, flags int) error { // Linux fchmodat doesn't support the flags parameter, but fchmodat2 does. // Try fchmodat2 if flags are specified. if flags != 0 { err := fchmodat2(dirfd, path, mode, flags) if err == ENOSYS { // fchmodat2 isn't available. If the flags are known to be valid, // return EOPNOTSUPP to indicate that fchmodat doesn't support them. if flags&^(_AT_SYMLINK_NOFOLLOW|_AT_EMPTY_PATH) != 0 { return EINVAL } else if flags&(_AT_SYMLINK_NOFOLLOW|_AT_EMPTY_PATH) != 0 { return EOPNOTSUPP } } return err } return fchmodat(dirfd, path, mode) } //sys linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) func Link(oldpath string, newpath string) (err error) { return linkat(_AT_FDCWD, oldpath, _AT_FDCWD, newpath, 0) } func Mkdir(path string, mode uint32) (err error) { return Mkdirat(_AT_FDCWD, path, mode) } func Mknod(path string, mode uint32, dev int) (err error) { return Mknodat(_AT_FDCWD, path, mode, dev) } func Open(path string, mode int, perm uint32) (fd int, err error) { return openat(_AT_FDCWD, path, mode|O_LARGEFILE, perm) } //sys openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) { return openat(dirfd, path, flags|O_LARGEFILE, mode) } func Pipe(p []int) error { return Pipe2(p, 0) } //sysnb pipe2(p *[2]_C_int, flags int) (err error) func Pipe2(p []int, flags int) error { if len(p) != 2 { return EINVAL } var pp [2]_C_int err := pipe2(&pp, flags) if err == nil { p[0] = int(pp[0]) p[1] = int(pp[1]) } return err } //sys readlinkat(dirfd int, path string, buf []byte) (n int, err error) func Readlink(path string, buf []byte) (n int, err error) { return readlinkat(_AT_FDCWD, path, buf) } func Rename(oldpath string, newpath string) (err error) { return Renameat(_AT_FDCWD, oldpath, _AT_FDCWD, newpath) } func Rmdir(path string) error { return unlinkat(_AT_FDCWD, path, _AT_REMOVEDIR) } //sys symlinkat(oldpath string, newdirfd int, newpath string) (err error) func Symlink(oldpath string, newpath string) (err error) { return symlinkat(oldpath, _AT_FDCWD, newpath) } func Unlink(path string) error { return unlinkat(_AT_FDCWD, path, 0) } //sys unlinkat(dirfd int, path string, flags int) (err error) func Unlinkat(dirfd int, path string) error { return unlinkat(dirfd, path, 0) } func Utimes(path string, tv []Timeval) (err error) { if len(tv) != 2 { return EINVAL } return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0]))) } //sys utimensat(dirfd int, path string, times *[2]Timespec, flag int) (err error) func UtimesNano(path string, ts []Timespec) (err error) { if len(ts) != 2 { return EINVAL } return utimensat(_AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) } func Futimesat(dirfd int, path string, tv []Timeval) (err error) { if len(tv) != 2 { return EINVAL } return futimesat(dirfd, path, (*[2]Timeval)(unsafe.Pointer(&tv[0]))) } func Futimes(fd int, tv []Timeval) (err error) { // Believe it or not, this is the best we can do on Linux // (and is what glibc does). return Utimes("/proc/self/fd/"+itoa.Itoa(fd), tv) } const ImplementsGetwd = true //sys Getcwd(buf []byte) (n int, err error) func Getwd() (wd string, err error) { var buf [PathMax]byte n, err := Getcwd(buf[0:]) if err != nil { return "", err } // Getcwd returns the number of bytes written to buf, including the NUL. if n < 1 || n > len(buf) || buf[n-1] != 0 { return "", EINVAL } // In some cases, Linux can return a path that starts with the // "(unreachable)" prefix, which can potentially be a valid relative // path. To work around that, return ENOENT if path is not absolute. if buf[0] != '/' { return "", ENOENT } return string(buf[0 : n-1]), nil } func Getgroups() (gids []int, err error) { n, err := getgroups(0, nil) if err != nil { return nil, err } if n == 0 { return nil, nil } // Sanity check group count. Max is 1<<16 on Linux. if n < 0 || n > 1<<20 { return nil, EINVAL } a := make([]_Gid_t, n) n, err = getgroups(n, &a[0]) if err != nil { return nil, err } gids = make([]int, n) for i, v := range a[0:n] { gids[i] = int(v) } return } var cgo_libc_setgroups unsafe.Pointer // non-nil if cgo linked. func Setgroups(gids []int) (err error) { n := uintptr(len(gids)) if n == 0 { if cgo_libc_setgroups == nil { if _, _, e1 := AllThreadsSyscall(_SYS_setgroups, 0, 0, 0); e1 != 0 { err = errnoErr(e1) } return } if ret := cgocaller(cgo_libc_setgroups, 0, 0); ret != 0 { err = errnoErr(Errno(ret)) } return } a := make([]_Gid_t, len(gids)) for i, v := range gids { a[i] = _Gid_t(v) } if cgo_libc_setgroups == nil { if _, _, e1 := AllThreadsSyscall(_SYS_setgroups, n, uintptr(unsafe.Pointer(&a[0])), 0); e1 != 0 { err = errnoErr(e1) } return } if ret := cgocaller(cgo_libc_setgroups, n, uintptr(unsafe.Pointer(&a[0]))); ret != 0 { err = errnoErr(Errno(ret)) } return } type WaitStatus uint32 // Wait status is 7 bits at bottom, either 0 (exited), // 0x7F (stopped), or a signal number that caused an exit. // The 0x80 bit is whether there was a core dump. // An extra number (exit code, signal causing a stop) // is in the high bits. At least that's the idea. // There are various irregularities. For example, the // "continued" status is 0xFFFF, distinguishing itself // from stopped via the core dump bit. const ( mask = 0x7F core = 0x80 exited = 0x00 stopped = 0x7F shift = 8 ) func (w WaitStatus) Exited() bool { return w&mask == exited } func (w WaitStatus) Signaled() bool { return w&mask != stopped && w&mask != exited } func (w WaitStatus) Stopped() bool { return w&0xFF == stopped } func (w WaitStatus) Continued() bool { return w == 0xFFFF } func (w WaitStatus) CoreDump() bool { return w.Signaled() && w&core != 0 } func (w WaitStatus) ExitStatus() int { if !w.Exited() { return -1 } return int(w>>shift) & 0xFF } func (w WaitStatus) Signal() Signal { if !w.Signaled() { return -1 } return Signal(w & mask) } func (w WaitStatus) StopSignal() Signal { if !w.Stopped() { return -1 } return Signal(w>>shift) & 0xFF } func (w WaitStatus) TrapCause() int { if w.StopSignal() != SIGTRAP { return -1 } return int(w>>shift) >> 8 } //sys wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) { var status _C_int wpid, err = wait4(pid, &status, options, rusage) if wstatus != nil { *wstatus = WaitStatus(status) } return } func Mkfifo(path string, mode uint32) (err error) { return Mknod(path, mode|S_IFIFO, 0) } func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) { if sa.Port < 0 || sa.Port > 0xFFFF { return nil, 0, EINVAL } sa.raw.Family = AF_INET p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port)) p[0] = byte(sa.Port >> 8) p[1] = byte(sa.Port) sa.raw.Addr = sa.Addr return unsafe.Pointer(&sa.raw), SizeofSockaddrInet4, nil } func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) { if sa.Port < 0 || sa.Port > 0xFFFF { return nil, 0, EINVAL } sa.raw.Family = AF_INET6 p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port)) p[0] = byte(sa.Port >> 8) p[1] = byte(sa.Port) sa.raw.Scope_id = sa.ZoneId sa.raw.Addr = sa.Addr return unsafe.Pointer(&sa.raw), SizeofSockaddrInet6, nil } func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) { name := sa.Name n := len(name) if n > len(sa.raw.Path) { return nil, 0, EINVAL } if n == len(sa.raw.Path) && name[0] != '@' { return nil, 0, EINVAL } sa.raw.Family = AF_UNIX for i := 0; i < n; i++ { sa.raw.Path[i] = int8(name[i]) } // length is family (uint16), name, NUL. sl := _Socklen(2) if n > 0 { sl += _Socklen(n) + 1 } if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) { // Check sl > 3 so we don't change unnamed socket behavior. sa.raw.Path[0] = 0 // Don't count trailing NUL for abstract address. sl-- } return unsafe.Pointer(&sa.raw), sl, nil } type SockaddrLinklayer struct { Protocol uint16 Ifindex int Hatype uint16 Pkttype uint8 Halen uint8 Addr [8]byte raw RawSockaddrLinklayer } func (sa *SockaddrLinklayer) sockaddr() (unsafe.Pointer, _Socklen, error) { if sa.Ifindex < 0 || sa.Ifindex > 0x7fffffff { return nil, 0, EINVAL } sa.raw.Family = AF_PACKET sa.raw.Protocol = sa.Protocol sa.raw.Ifindex = int32(sa.Ifindex) sa.raw.Hatype = sa.Hatype sa.raw.Pkttype = sa.Pkttype sa.raw.Halen = sa.Halen sa.raw.Addr = sa.Addr return unsafe.Pointer(&sa.raw), SizeofSockaddrLinklayer, nil } type SockaddrNetlink struct { Family uint16 Pad uint16 Pid uint32 Groups uint32 raw RawSockaddrNetlink } func (sa *SockaddrNetlink) sockaddr() (unsafe.Pointer, _Socklen, error) { sa.raw.Family = AF_NETLINK sa.raw.Pad = sa.Pad sa.raw.Pid = sa.Pid sa.raw.Groups = sa.Groups return unsafe.Pointer(&sa.raw), SizeofSockaddrNetlink, nil } func anyToSockaddr(rsa *RawSockaddrAny) (Sockaddr, error) { switch rsa.Addr.Family { case AF_NETLINK: pp := (*RawSockaddrNetlink)(unsafe.Pointer(rsa)) sa := new(SockaddrNetlink) sa.Family = pp.Family sa.Pad = pp.Pad sa.Pid = pp.Pid sa.Groups = pp.Groups return sa, nil case AF_PACKET: pp := (*RawSockaddrLinklayer)(unsafe.Pointer(rsa)) sa := new(SockaddrLinklayer) sa.Protocol = pp.Protocol sa.Ifindex = int(pp.Ifindex) sa.Hatype = pp.Hatype sa.Pkttype = pp.Pkttype sa.Halen = pp.Halen sa.Addr = pp.Addr return sa, nil case AF_UNIX: pp := (*RawSockaddrUnix)(unsafe.Pointer(rsa)) sa := new(SockaddrUnix) if pp.Path[0] == 0 { // "Abstract" Unix domain socket. // Rewrite leading NUL as @ for textual display. // (This is the standard convention.) // Not friendly to overwrite in place, // but the callers below don't care. pp.Path[0] = '@' } // Assume path ends at NUL. // This is not technically the Linux semantics for // abstract Unix domain sockets--they are supposed // to be uninterpreted fixed-size binary blobs--but // everyone uses this convention. n := 0 for n < len(pp.Path) && pp.Path[n] != 0 { n++ } sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: pp := (*RawSockaddrInet4)(unsafe.Pointer(rsa)) sa := new(SockaddrInet4) p := (*[2]byte)(unsafe.Pointer(&pp.Port)) sa.Port = int(p[0])<<8 + int(p[1]) sa.Addr = pp.Addr return sa, nil case AF_INET6: pp := (*RawSockaddrInet6)(unsafe.Pointer(rsa)) sa := new(SockaddrInet6) p := (*[2]byte)(unsafe.Pointer(&pp.Port)) sa.Port = int(p[0])<<8 + int(p[1]) sa.ZoneId = pp.Scope_id sa.Addr = pp.Addr return sa, nil } return nil, EAFNOSUPPORT } func Accept(fd int) (nfd int, sa Sockaddr, err error) { return Accept4(fd, 0) } func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) { var rsa RawSockaddrAny var len _Socklen = SizeofSockaddrAny nfd, err = accept4(fd, &rsa, &len, flags) if err != nil { return } if len > SizeofSockaddrAny { panic("RawSockaddrAny too small") } sa, err = anyToSockaddr(&rsa) if err != nil { Close(nfd) nfd = 0 } return } func Getsockname(fd int) (sa Sockaddr, err error) { var rsa RawSockaddrAny var len _Socklen = SizeofSockaddrAny if err = getsockname(fd, &rsa, &len); err != nil { return } return anyToSockaddr(&rsa) } func GetsockoptInet4Addr(fd, level, opt int) (value [4]byte, err error) { vallen := _Socklen(4) err = getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen) return value, err } func GetsockoptIPMreq(fd, level, opt int) (*IPMreq, error) { var value IPMreq vallen := _Socklen(SizeofIPMreq) err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen) return &value, err } func GetsockoptIPMreqn(fd, level, opt int) (*IPMreqn, error) { var value IPMreqn vallen := _Socklen(SizeofIPMreqn) err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen) return &value, err } func GetsockoptIPv6Mreq(fd, level, opt int) (*IPv6Mreq, error) { var value IPv6Mreq vallen := _Socklen(SizeofIPv6Mreq) err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen) return &value, err } func GetsockoptIPv6MTUInfo(fd, level, opt int) (*IPv6MTUInfo, error) { var value IPv6MTUInfo vallen := _Socklen(SizeofIPv6MTUInfo) err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen) return &value, err } func GetsockoptICMPv6Filter(fd, level, opt int) (*ICMPv6Filter, error) { var value ICMPv6Filter vallen := _Socklen(SizeofICMPv6Filter) err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen) return &value, err } func GetsockoptUcred(fd, level, opt int) (*Ucred, error) { var value Ucred vallen := _Socklen(SizeofUcred) err := getsockopt(fd, level, opt, unsafe.Pointer(&value), &vallen) return &value, err } func SetsockoptIPMreqn(fd, level, opt int, mreq *IPMreqn) (err error) { return setsockopt(fd, level, opt, unsafe.Pointer(mreq), unsafe.Sizeof(*mreq)) } func recvmsgRaw(fd int, p, oob []byte, flags int, rsa *RawSockaddrAny) (n, oobn int, recvflags int, err error) { var msg Msghdr msg.Name = (*byte)(unsafe.Pointer(rsa)) msg.Namelen = uint32(SizeofSockaddrAny) var iov Iovec if len(p) > 0 { iov.Base = &p[0] iov.SetLen(len(p)) } var dummy byte if len(oob) > 0 { if len(p) == 0 { var sockType int sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE) if err != nil { return } // receive at least one normal byte if sockType != SOCK_DGRAM { iov.Base = &dummy iov.SetLen(1) } } msg.Control = &oob[0] msg.SetControllen(len(oob)) } msg.Iov = &iov msg.Iovlen = 1 if n, err = recvmsg(fd, &msg, flags); err != nil { return } oobn = int(msg.Controllen) recvflags = int(msg.Flags) return } func sendmsgN(fd int, p, oob []byte, ptr unsafe.Pointer, salen _Socklen, flags int) (n int, err error) { var msg Msghdr msg.Name = (*byte)(ptr) msg.Namelen = uint32(salen) var iov Iovec if len(p) > 0 { iov.Base = &p[0] iov.SetLen(len(p)) } var dummy byte if len(oob) > 0 { if len(p) == 0 { var sockType int sockType, err = GetsockoptInt(fd, SOL_SOCKET, SO_TYPE) if err != nil { return 0, err } // send at least one normal byte if sockType != SOCK_DGRAM { iov.Base = &dummy iov.SetLen(1) } } msg.Control = &oob[0] msg.SetControllen(len(oob)) } msg.Iov = &iov msg.Iovlen = 1 if n, err = sendmsg(fd, &msg, flags); err != nil { return 0, err } if len(oob) > 0 && len(p) == 0 { n = 0 } return n, nil } // BindToDevice binds the socket associated with fd to device. func BindToDevice(fd int, device string) (err error) { return SetsockoptString(fd, SOL_SOCKET, SO_BINDTODEVICE, device) } //sys ptrace(request int, pid int, addr uintptr, data uintptr) (err error) //sys ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) { // The peek requests are machine-size oriented, so we wrap it // to retrieve arbitrary-length data. // The ptrace syscall differs from glibc's ptrace. // Peeks returns the word in *data, not as the return value. var buf [sizeofPtr]byte // Leading edge. PEEKTEXT/PEEKDATA don't require aligned // access (PEEKUSER warns that it might), but if we don't // align our reads, we might straddle an unmapped page // boundary and not get the bytes leading up to the page // boundary. n := 0 if addr%sizeofPtr != 0 { err = ptracePtr(req, pid, addr-addr%sizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } n += copy(out, buf[addr%sizeofPtr:]) out = out[n:] } // Remainder. for len(out) > 0 { // We use an internal buffer to guarantee alignment. // It's not documented if this is necessary, but we're paranoid. err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } copied := copy(out, buf[0:]) n += copied out = out[copied:] } return n, nil } func PtracePeekText(pid int, addr uintptr, out []byte) (count int, err error) { return ptracePeek(PTRACE_PEEKTEXT, pid, addr, out) } func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) { return ptracePeek(PTRACE_PEEKDATA, pid, addr, out) } func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (count int, err error) { // As for ptracePeek, we need to align our accesses to deal // with the possibility of straddling an invalid page. // Leading edge. n := 0 if addr%sizeofPtr != 0 { var buf [sizeofPtr]byte err = ptracePtr(peekReq, pid, addr-addr%sizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } n += copy(buf[addr%sizeofPtr:], data) word := *((*uintptr)(unsafe.Pointer(&buf[0]))) err = ptrace(pokeReq, pid, addr-addr%sizeofPtr, word) if err != nil { return 0, err } data = data[n:] } // Interior. for len(data) > sizeofPtr { word := *((*uintptr)(unsafe.Pointer(&data[0]))) err = ptrace(pokeReq, pid, addr+uintptr(n), word) if err != nil { return n, err } n += sizeofPtr data = data[sizeofPtr:] } // Trailing edge. if len(data) > 0 { var buf [sizeofPtr]byte err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } copy(buf[0:], data) word := *((*uintptr)(unsafe.Pointer(&buf[0]))) err = ptrace(pokeReq, pid, addr+uintptr(n), word) if err != nil { return n, err } n += len(data) } return n, nil } func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) { return ptracePoke(PTRACE_POKETEXT, PTRACE_PEEKTEXT, pid, addr, data) } func PtracePokeData(pid int, addr uintptr, data []byte) (count int, err error) { return ptracePoke(PTRACE_POKEDATA, PTRACE_PEEKDATA, pid, addr, data) } const ( _NT_PRSTATUS = 1 ) func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { var iov Iovec iov.Base = (*byte)(unsafe.Pointer(regsout)) iov.SetLen(int(unsafe.Sizeof(*regsout))) return ptracePtr(PTRACE_GETREGSET, pid, uintptr(_NT_PRSTATUS), unsafe.Pointer(&iov)) } func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { var iov Iovec iov.Base = (*byte)(unsafe.Pointer(regs)) iov.SetLen(int(unsafe.Sizeof(*regs))) return ptracePtr(PTRACE_SETREGSET, pid, uintptr(_NT_PRSTATUS), unsafe.Pointer(&iov)) } func PtraceSetOptions(pid int, options int) (err error) { return ptrace(PTRACE_SETOPTIONS, pid, 0, uintptr(options)) } func PtraceGetEventMsg(pid int) (msg uint, err error) { var data _C_long err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data)) msg = uint(data) return } func PtraceCont(pid int, signal int) (err error) { return ptrace(PTRACE_CONT, pid, 0, uintptr(signal)) } func PtraceSyscall(pid int, signal int) (err error) { return ptrace(PTRACE_SYSCALL, pid, 0, uintptr(signal)) } func PtraceSingleStep(pid int) (err error) { return ptrace(PTRACE_SINGLESTEP, pid, 0, 0) } func PtraceAttach(pid int) (err error) { return ptrace(PTRACE_ATTACH, pid, 0, 0) } func PtraceDetach(pid int) (err error) { return ptrace(PTRACE_DETACH, pid, 0, 0) } //sys reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) func Reboot(cmd int) (err error) { return reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, cmd, "") } func ReadDirent(fd int, buf []byte) (n int, err error) { return Getdents(fd, buf) } func direntIno(buf []byte) (uint64, bool) { return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino)) } func direntReclen(buf []byte) (uint64, bool) { return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen)) } func direntNamlen(buf []byte) (uint64, bool) { reclen, ok := direntReclen(buf) if !ok { return 0, false } return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true } //sys mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) func Mount(source string, target string, fstype string, flags uintptr, data string) (err error) { // Certain file systems get rather angry and EINVAL if you give // them an empty string of data, rather than NULL. if data == "" { return mount(source, target, fstype, flags, nil) } datap, err := BytePtrFromString(data) if err != nil { return err } return mount(source, target, fstype, flags, datap) } // Sendto // Recvfrom // Socketpair /* * Direct access */ //sys Acct(path string) (err error) //sys Adjtimex(buf *Timex) (state int, err error) //sys Chdir(path string) (err error) //sys Chroot(path string) (err error) //sys Close(fd int) (err error) //sys Dup(oldfd int) (fd int, err error) //sys Dup3(oldfd int, newfd int, flags int) (err error) //sysnb EpollCreate1(flag int) (fd int, err error) //sysnb EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) //sys Fallocate(fd int, mode uint32, off int64, len int64) (err error) //sys Fchdir(fd int) (err error) //sys Fchmod(fd int, mode uint32) (err error) //sys Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) //sys fcntl(fd int, cmd int, arg int) (val int, err error) //sys Fdatasync(fd int) (err error) //sys Flock(fd int, how int) (err error) //sys Fsync(fd int) (err error) //sys Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64 //sysnb Getpgid(pid int) (pgid int, err error) func Getpgrp() (pid int) { pid, _ = Getpgid(0) return } //sysnb Getpid() (pid int) //sysnb Getppid() (ppid int) //sys Getpriority(which int, who int) (prio int, err error) //sysnb Getrusage(who int, rusage *Rusage) (err error) //sysnb Gettid() (tid int) //sys Getxattr(path string, attr string, dest []byte) (sz int, err error) //sys InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) //sysnb InotifyInit1(flags int) (fd int, err error) //sysnb InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) //sysnb Kill(pid int, sig Signal) (err error) //sys Klogctl(typ int, buf []byte) (n int, err error) = SYS_SYSLOG //sys Listxattr(path string, dest []byte) (sz int, err error) //sys Mkdirat(dirfd int, path string, mode uint32) (err error) //sys Mknodat(dirfd int, path string, mode uint32, dev int) (err error) //sys Nanosleep(time *Timespec, leftover *Timespec) (err error) //sys PivotRoot(newroot string, putold string) (err error) = SYS_PIVOT_ROOT //sysnb prlimit1(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT64 //sys read(fd int, p []byte) (n int, err error) //sys Removexattr(path string, attr string) (err error) //sys Setdomainname(p []byte) (err error) //sys Sethostname(p []byte) (err error) //sysnb Setpgid(pid int, pgid int) (err error) //sysnb Setsid() (pid int, err error) //sysnb Settimeofday(tv *Timeval) (err error) // Provided by runtime.syscall_runtime_doAllThreadsSyscall which stops the // world and invokes the syscall on each OS thread. Once this function returns, // all threads are in sync. // //go:uintptrescapes func runtime_doAllThreadsSyscall(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2, err uintptr) // AllThreadsSyscall performs a syscall on each OS thread of the Go // runtime. It first invokes the syscall on one thread. Should that // invocation fail, it returns immediately with the error status. // Otherwise, it invokes the syscall on all of the remaining threads // in parallel. It will terminate the program if it observes any // invoked syscall's return value differs from that of the first // invocation. // // AllThreadsSyscall is intended for emulating simultaneous // process-wide state changes that require consistently modifying // per-thread state of the Go runtime. // // AllThreadsSyscall is unaware of any threads that are launched // explicitly by cgo linked code, so the function always returns // [ENOTSUP] in binaries that use cgo. // //go:uintptrescapes func AllThreadsSyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno) { if cgo_libc_setegid != nil { return minus1, minus1, ENOTSUP } r1, r2, errno := runtime_doAllThreadsSyscall(trap, a1, a2, a3, 0, 0, 0) return r1, r2, Errno(errno) } // AllThreadsSyscall6 is like [AllThreadsSyscall], but extended to six // arguments. // //go:uintptrescapes func AllThreadsSyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) { if cgo_libc_setegid != nil { return minus1, minus1, ENOTSUP } r1, r2, errno := runtime_doAllThreadsSyscall(trap, a1, a2, a3, a4, a5, a6) return r1, r2, Errno(errno) } // linked by runtime.cgocall.go // //go:uintptrescapes func cgocaller(unsafe.Pointer, ...uintptr) uintptr var cgo_libc_setegid unsafe.Pointer // non-nil if cgo linked. const minus1 = ^uintptr(0) func Setegid(egid int) (err error) { if cgo_libc_setegid == nil { if _, _, e1 := AllThreadsSyscall(SYS_SETRESGID, minus1, uintptr(egid), minus1); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_setegid, uintptr(egid)); ret != 0 { err = errnoErr(Errno(ret)) } return } var cgo_libc_seteuid unsafe.Pointer // non-nil if cgo linked. func Seteuid(euid int) (err error) { if cgo_libc_seteuid == nil { if _, _, e1 := AllThreadsSyscall(SYS_SETRESUID, minus1, uintptr(euid), minus1); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_seteuid, uintptr(euid)); ret != 0 { err = errnoErr(Errno(ret)) } return } var cgo_libc_setgid unsafe.Pointer // non-nil if cgo linked. func Setgid(gid int) (err error) { if cgo_libc_setgid == nil { if _, _, e1 := AllThreadsSyscall(sys_SETGID, uintptr(gid), 0, 0); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_setgid, uintptr(gid)); ret != 0 { err = errnoErr(Errno(ret)) } return } var cgo_libc_setregid unsafe.Pointer // non-nil if cgo linked. func Setregid(rgid, egid int) (err error) { if cgo_libc_setregid == nil { if _, _, e1 := AllThreadsSyscall(sys_SETREGID, uintptr(rgid), uintptr(egid), 0); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_setregid, uintptr(rgid), uintptr(egid)); ret != 0 { err = errnoErr(Errno(ret)) } return } var cgo_libc_setresgid unsafe.Pointer // non-nil if cgo linked. func Setresgid(rgid, egid, sgid int) (err error) { if cgo_libc_setresgid == nil { if _, _, e1 := AllThreadsSyscall(sys_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_setresgid, uintptr(rgid), uintptr(egid), uintptr(sgid)); ret != 0 { err = errnoErr(Errno(ret)) } return } var cgo_libc_setresuid unsafe.Pointer // non-nil if cgo linked. func Setresuid(ruid, euid, suid int) (err error) { if cgo_libc_setresuid == nil { if _, _, e1 := AllThreadsSyscall(sys_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_setresuid, uintptr(ruid), uintptr(euid), uintptr(suid)); ret != 0 { err = errnoErr(Errno(ret)) } return } var cgo_libc_setreuid unsafe.Pointer // non-nil if cgo linked. func Setreuid(ruid, euid int) (err error) { if cgo_libc_setreuid == nil { if _, _, e1 := AllThreadsSyscall(sys_SETREUID, uintptr(ruid), uintptr(euid), 0); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_setreuid, uintptr(ruid), uintptr(euid)); ret != 0 { err = errnoErr(Errno(ret)) } return } var cgo_libc_setuid unsafe.Pointer // non-nil if cgo linked. func Setuid(uid int) (err error) { if cgo_libc_setuid == nil { if _, _, e1 := AllThreadsSyscall(sys_SETUID, uintptr(uid), 0, 0); e1 != 0 { err = errnoErr(e1) } } else if ret := cgocaller(cgo_libc_setuid, uintptr(uid)); ret != 0 { err = errnoErr(Errno(ret)) } return } //sys Setpriority(which int, who int, prio int) (err error) //sys Setxattr(path string, attr string, data []byte, flags int) (err error) //sys Sync() //sysnb Sysinfo(info *Sysinfo_t) (err error) //sys Tee(rfd int, wfd int, len int, flags int) (n int64, err error) //sysnb Tgkill(tgid int, tid int, sig Signal) (err error) //sysnb Times(tms *Tms) (ticks uintptr, err error) //sysnb Umask(mask int) (oldmask int) //sysnb Uname(buf *Utsname) (err error) //sys Unmount(target string, flags int) (err error) = SYS_UMOUNT2 //sys Unshare(flags int) (err error) //sys write(fd int, p []byte) (n int, err error) //sys exitThread(code int) (err error) = SYS_EXIT //sys readlen(fd int, p *byte, np int) (n int, err error) = SYS_READ // mmap varies by architecture; see syscall_linux_*.go. //sys munmap(addr uintptr, length uintptr) (err error) var mapper = &mmapper{ active: make(map[*byte][]byte), mmap: mmap, munmap: munmap, } func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) { return mapper.Mmap(fd, offset, length, prot, flags) } func Munmap(b []byte) (err error) { return mapper.Munmap(b) } //sys Madvise(b []byte, advice int) (err error) //sys Mprotect(b []byte, prot int) (err error) //sys Mlock(b []byte) (err error) //sys Munlock(b []byte) (err error) //sys Mlockall(flags int) (err error) //sys Munlockall() (err error) func Getrlimit(resource int, rlim *Rlimit) (err error) { // prlimit1 is the same as prlimit when newlimit == nil return prlimit1(0, resource, nil, rlim) } // setrlimit sets a resource limit. // The Setrlimit function is in rlimit.go, and calls this one. func setrlimit(resource int, rlim *Rlimit) (err error) { return prlimit1(0, resource, rlim, nil) } // prlimit changes a resource limit. We use a single definition so that // we can tell StartProcess to not restore the original NOFILE limit. // // golang.org/x/sys linknames prlimit. // Do not remove or change the type signature. // //go:linkname prlimit func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { err = prlimit1(pid, resource, newlimit, old) if err == nil && newlimit != nil && resource == RLIMIT_NOFILE && (pid == 0 || pid == Getpid()) { origRlimitNofile.Store(nil) } return err }