The existing uintptr arithmetic is arguably valid because the
environment block is not located within the Go heap
(see golang/go#58625).
However, unsafe.Add (added in Go 1.17) expresses the same logic with
fewer conversions, and in addition avoids triggering the unsafeptr
vet check.
For golang/go#41205.
Change-Id: Ifc509279a13fd707be570908ec779d8518b4f75b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/492415
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Bryan Mills <bcmills@google.com>
DecomposeCommandLine is documented to use CommandLineToArgv, and the
CommandLineToArgvW system call inherently does not support strings with
internal NUL bytes. This CL changes DecomposeCommandLine to reject those
strings with an error instead of panicking.
Fixesgolang/go#58817
Change-Id: I22a026bf2e69344a21f04849c50ba19b6e7b2007
Reviewed-on: https://go-review.googlesource.com/c/sys/+/487695
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
Instead of defining a dedicated type goIovec with the correct *byte type
for its Base field like CL 412496 did, modify the Base field of the
original type Iovec (generated from struct iovec) in mkpost.go. This is
akin to how we already change []int8 to []byte for several other types.
Fixesgolang/go#55997
Change-Id: If30799bb2bfe6d17678370b45348ff0b7c5de2e9
Reviewed-on: https://go-review.googlesource.com/c/sys/+/484635
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
mkpost.go is platform independent and can in principle be run on a GOOS
other than the one we're generating the syscall wrappers for. Allow
overriding GOOS by setting GOOS_TARGET, similar to other generator
programs in the repo. This e.g. allows testing mkpost.go changes on a
different GOOS.
Follows CL 256278 which did the same for mksyscall.go
Change-Id: Ib99aa5cd266f7d27543cf9433cfb028f367eef63
Reviewed-on: https://go-review.googlesource.com/c/sys/+/484636
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: David Chase <drchase@google.com>
This method allows a user to list all Windows services which are
dependent upon a given service.
This commit makes use of the EnumDependentServices Windows API call.
Without this, a user would have to iterate through each service on the
system, and check if the given service is listed in each service's
dependencies list.
The implementation of ListDependentServices is mostly the same as
Mgr.ListServices, as the API calls behave in the same way.
Fixesgolang/go#56766
Change-Id: I9ec18c97afd02f48deef691ccdd5c26d6501add1
Reviewed-on: https://go-review.googlesource.com/c/sys/+/451363
Reviewed-by: Than McIntosh <thanm@google.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
The setattrlist() function can be used to mutate the attributes of files through a single call. For example, one can perform a chmod(), chown(), chflags(), [...] all at once.
This change also adds bindings for the UF_* and SF_* flags that are accepted by chflags(). This makes it possible to use setattrlist() to perform the equivalent of lchflags(), for which we currently have no binding.
Change-Id: Ib5a604503a984b95a02b65ad1a437246cd170584
GitHub-Last-Rev: 45dd9d475a
GitHub-Pull-Request: golang/sys#155
Reviewed-on: https://go-review.googlesource.com/c/sys/+/481815
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
On Solaris, AIX, and zOS, the req argument of ioctl() is a signed int,
not an unsigned long like on other platforms, which means many constants
are negative, causing friction when passing them to a uint argument.
Correct the signature of these functions to pass the req argument as
signed, just like libc.
Fixesgolang/go#59030.
Change-Id: Ia14e92a150f4b5fb9488c5032ca296cb786e9811
Reviewed-on: https://go-review.googlesource.com/c/sys/+/476515
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Nahum Shalman <nahamu@gmail.com>
As of Go 1.21 syscall.Setrlimit and syscall.prlimit can affect
starting a new process, by restoring the original NOFILE rlimit.
That is recorded locally in the syscall package, so just always
call the syscall functions.
For golang/go#46279
Change-Id: I2f3dafe5562a7dde1297bad6f5d34a80af5d620b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/476695
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
CL 469835 broke the syscall wrapper generation on linux and freebsd by
generating a wrapper for the inexistent SYS_PTRACE_PTR syscall. The
ptracePtr added by CL 469835 correctly uses SYS_PTRACE, likely because
it was manually edited in that CL. However, the incorrect SYS_PTRACE_PTR
syscall is used when regenerating the syscall wrappers.
Change-Id: I270d66511f926d30a9d347930e977a026e033998
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470175
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Go 1.19 incorporates the functionality of execabs directly.
If it has already reported an error, don't report our own error.
In particular Go 1.19 moved the error from lookPathErr to Err.
The code was already checking to not override lookPathErr.
With this change we also do not override Err.
Tested with Go 1.17 through Go 1.20.
Fixesgolang/go#58606
Change-Id: I110127a3925f3800cc058d93e704604a59aa38f7
Reviewed-on: https://go-review.googlesource.com/c/sys/+/469735
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
CL 126516 added support for flags argument, implemented in the same way
as glibc does (it tries to guess what the kernel would do).
CL 246537 added using faccess2(2) Linux syscall which supports the flags
directly. For older kernels, though, the syscall is not available, and
the code uses glibc-like fallback.
There is one very specific scenario in which the fallback fails.
The scenario involves all these conditions:
- no faccessat2 support available (i.e. either Linux kernel < 5.8,
or a seccomp set up to disable faccessat2);
- the current user is not root (i.e. geteuid() != 0);
- CAP_DAC_OVERRIDE capability is set for the current process;
- the file to be executed does not have executable permission
bit set for either the current EUID or EGID;
- the file to be executed have at least one executable bit set.
Unfortunately, this set of conditions was observed in the wild -- a
container run as a non-root user with the binary file owned by root with
executable permission set for a user only [1]. Essentially it means it
is not as rare as it may seem.
Now, CAP_DAC_OVERRIDE essentially makes the kernel bypass most of the
checks, so execve(2) and friends work the same was as for root user,
i.e. if at least one executable bit it set, the permission to execute
is granted (see generic_permission() function in the Linux kernel).
Modify the code to check for CAP_DAC_OVERRIDE and mimic the kernel
behavior for permission checks.
This is essentially the same fix as CL 468735 for Go syscall package.
Tested on CentOS 7 with the repro similar to the one from [2].
[1] https://github.com/opencontainers/runc/issues/3715
[2] https://github.com/golang/go/issues/58552#issuecomment-1432505621
Change-Id: I726b6acab6a6e6d0358ef98e6a582b405c347614
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Reviewed-on: https://go-review.googlesource.com/c/sys/+/468877
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
In CL 419915, both pointer fields of the PtraceIoDesc struct were
converted to type uintptr to address golang/go#54113.
However, that change was overzealous: the fix needed to convert fields
that refer to addresses in the child process, but the Addr field of
PtraceIoDesc is not even in the child process! It is instead an
address in the parent (Go) process.
Go's unsafe.Pointer rules prohibit converting a Go pointer to a
uintptr except when immediately converting back to an unsafe.Pointer
or calling a system call. Populating a PtraceIoDesc struct is neither
of those things, so converting the Addr field to uintptr introduced a
use-after-free bug.
This change reverts the change to the Addr field from CL 419915 and
consolidates the implementation of PtraceIO to reduce the the amount
of code that varies with GOARCH.
This change does not address the remaining ptrace uintptr bug
(golang/go#58387), which is also present in the Linux implementation.
Fixesgolang/go#58351.
Updates golang/go#54113.
For golang/go#41205.
Change-Id: I14bdb4af42130aa7b4375e3f53fd1a0435f14307
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465676
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Despite having the misleading type "void*" in the C API, the "offs"
field of the ptrace_io_desc struct is an offset within the child
process, and thus is not necessarily a valid pointer at all in the
parent process. The Go unsafe.Pointer type must refer only to valid
pointers, so converting this field through unsafe.Pointer is incorrect
and (in some cases) dangerous.
While we're here, let's also rename the "addr" function argument to
"offs", since that's the corresponding ptrace_io_desc field. It's very
confusing to have a function argument named "attr" that doesn't map to
the struct field of the same name!
For golang/go#58351.
Change-Id: Id899f823e8d398b51fb0c42f466d7ae2f957c26b
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465675
Run-TryBot: Bryan Mills <bcmills@google.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
The purpose of the _zero variable is to provide a valid address for a
pointer to an array of length zero. All other uses of the variable
take its address, but one reference to it (added in CL 147850043)
converts the variable (which has type uintptr) directly to an
unsafe.Pointer, producing a nil pointer instead of a non-nil pointer
to a zero-length array.
This typo is caught by 'go vet', but was masked for a long time by the
numerous false-positive warnings for the same check (#41205).
For golang/go#41205.
Change-Id: Ib3bebfadc6fc5574db19630169ff3f65da857bdd
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465597
Reviewed-by: David Chase <drchase@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
The os/signal package drops signal notifications if the channel is not
ready to receive immediately. To avoid dropping signals (for example,
while processing the other branch of a 'select'), the channel must be
buffered.
This fixes a mistake flagged by 'go vet ./...'.
Change-Id: I2a20dbe2aa27ae8ec009fff5e7be47e4409fdddd
Reviewed-on: https://go-review.googlesource.com/c/sys/+/465595
Auto-Submit: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Support for LoongArch has been merged upstream. This allows to
drop the loong64 specific glibc patches.
Because the header file sys/mount.h of glibc 2.36 includes fcntl.h
(commit 78a408ee7ba041fc8d5dbd5f67065b4a982c11e5), this will leads to
duplicate definition of structure stat on MIPS64. In order to solve
this error, use the custom type my_stat to generate the Go Stat_t.
Change-Id: I888280d777d1c7089548acf1b3821762011d79b0
Reviewed-on: https://go-review.googlesource.com/c/sys/+/453555
Reviewed-by: xiaodong liu <teaofmoli@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
This change adds "." and "-" support for DLL filenames in "//sys".
Supporting "." requires a change in how mkwinsyscall handles the
"= <filename>.<function>" syntax. Instead of assuming that only one "."
can appear in this string, now mkwinsyscall assumes that any additional
"." belongs to the filename.
Supporting "." also requires changing how Go identifiers are created for
each DLL. This change also allows mkwinsyscall to support "-". When
creating a Go identifier, "." and "-" in the DLL filename are replaced
with "_". Otherwise, mkwinsyscall would produce invalid Go code, causing
"format.Source" to fail.
Includes a test for the new behavior. There aren't yet any cases where
this code is executed while generating the x/sys/windows syscalls. The
syscalls "SetSocketMediaStreamingMode" from "windows.networking.dll" and
"WslRegisterDistribution" from "api-ms-win-wsl-api-l1-1-0.dll" can be
successfully called using this change, but these syscalls have no known
use in Go so they are not included in this change.
Fixesgolang/go#57913
Change-Id: If64deeb8c7738d61520e7392fd2d81ef8920f08d
Reviewed-on: https://go-review.googlesource.com/c/sys/+/463215
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
No changes in generated files.
Update loongarch64-linux-gcc to 13.0.0
- The kernel header file version is upgraded to 5.19
Update qemu-loongarch64 to 7.1.0
- Support for LoongArch has been merged upstream.
Change-Id: I637925fd9e5575dfb4ce91ece98951d5bf3053e6
Reviewed-on: https://go-review.googlesource.com/c/sys/+/453458
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: xiaodong liu <teaofmoli@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
This provides a ClockAdjtime function providing access to the clock_adjtime system call on Linux.
The clock_adjtime system call is like adjtimex, but takes a clockid_t as its first argument.
The unix package already provides Adjtimex and the associated Timex struct; it also provides
the other functions that take a clockid_t (like ClockGettime). ClockAdjtime is an essential
system call for programs that want to use the Linux PTP hardware clock infrastructure (see
https://docs.kernel.org/driver-api/ptp.html).
Fixesgolang/go#57618
Change-Id: I68d022425eb9cd394a204ad7fedab985c0496fee
Reviewed-on: https://go-review.googlesource.com/c/sys/+/463056
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
This CL updates the windows.UTF16FromString and windows.UTF16ToString
implementation so they forward to their syscall counterparts.
The standard library uses these particular syscall functions across
the board as it can't depend on x/sys. This means that even if the
syscall API is frozen, the implementation still receives improvements
and bug fixes, such as CL 425054.
Porting CL 425054 to x/sys is possible, but for this particular case
I think it's better to just call the syscall package. This way both
repos will benefit from future improvements (which I plan to do soon).
Change-Id: I305c4409142d79a57008d7e6d0717fb8986fe906
Reviewed-on: https://go-review.googlesource.com/c/sys/+/462875
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
