forked from golang/go
-
Notifications
You must be signed in to change notification settings - Fork 0
crypto/rand: add syscall number fallbacks in seccomp_linux #90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
austinderek
wants to merge
15
commits into
master
Choose a base branch
from
seccomp_linux_syscall_fallback
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1,207
−365
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When applying relocations, a malformed ELF file can provide an offset that, when added to the relocation size, overflows. This wrapped-around value could then incorrectly pass the bounds check, leading to a panic when the slice is accessed with the original large offset. This change eliminates the manual bounds and overflow checks and writes a relocation to slice by calling putUint. The putUint helper function centralizes the logic for validating slice access, correctly handling both out-of-bounds and integer overflow conditions. This simplifies the relocation code and improves robustness when parsing malformed ELF files. Fixes golang#75516 Change-Id: I00d806bf5501a9bf70200585ba4fd0475d7b2ddc GitHub-Last-Rev: 4914431 GitHub-Pull-Request: golang#75522 Reviewed-on: https://go-review.googlesource.com/c/go/+/705075 Reviewed-by: Florian Lehner <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Junyang Shao <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Commit-Queue: Ian Lance Taylor <[email protected]>
CL 706175 removed the NOFRAME directive from _rt0_arm64_netbsd but did not change the BL instruction to a JMP instruction. This causes the frame pointer to be stored on the stack, this making direct load from RSP to be off by 8 bytes. Cq-Include-Trybots: luci.golang.try:gotip-netbsd-arm64 Change-Id: I0c212fbaba74cfce508f961090dc6e66154c3054 Reviewed-on: https://go-review.googlesource.com/c/go/+/707675 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: Cherry Mui <[email protected]>
To make the code more readable and improve performance: goos: darwin goarch: arm64 pkg: encoding/xml cpu: Apple M4 │ old │ new │ │ sec/op │ sec/op vs base │ Marshal-10 1.902µ ± 1% 1.496µ ± 1% -21.37% (p=0.000 n=10) Unmarshal-10 3.877µ ± 1% 3.418µ ± 2% -11.84% (p=0.000 n=10) HTMLAutoClose-10 1.314µ ± 3% 1.333µ ± 1% ~ (p=0.270 n=10) geomean 2.132µ 1.896µ -11.07% │ old │ new │ │ B/op │ B/op vs base │ Marshal-10 5.570Ki ± 0% 5.570Ki ± 0% ~ (p=1.000 n=10) ¹ Unmarshal-10 7.586Ki ± 0% 7.555Ki ± 0% -0.41% (p=0.000 n=10) HTMLAutoClose-10 3.496Ki ± 0% 3.496Ki ± 0% ~ (p=1.000 n=10) ¹ geomean 5.286Ki 5.279Ki -0.14% ¹ all samples are equal │ old │ new │ │ allocs/op │ allocs/op vs base │ Marshal-10 23.00 ± 0% 23.00 ± 0% ~ (p=1.000 n=10) ¹ Unmarshal-10 185.0 ± 0% 184.0 ± 0% -0.54% (p=0.000 n=10) HTMLAutoClose-10 93.00 ± 0% 93.00 ± 0% ~ (p=1.000 n=10) ¹ geomean 73.42 73.28 -0.18% ¹ all samples are equal Updates golang#62121 Change-Id: Ie458e7458d4358c380374571d380ca3b65ca87bb GitHub-Last-Rev: bb6bb30 GitHub-Pull-Request: golang#75483 Reviewed-on: https://go-review.googlesource.com/c/go/+/704215 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Keith Randall <[email protected]> Reviewed-by: Keith Randall <[email protected]> Reviewed-by: Keith Randall <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
As with other DWARF tests, don't run TestFlagW on platforms where executables don't have a DWARF symbol table. Fixes golang#75585 Change-Id: I81014bf59b15e30ac1b2a7d24a52f9647db46c26 Reviewed-on: https://go-review.googlesource.com/c/go/+/706418 Reviewed-by: Cherry Mui <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
The pcln.cutab slice holds uint32 elements, as can be seen in the runtime.moduledata type. The slice was being created with the len (and cap) set to the size of the slice, which means that the count was four times too large. This patch sets the correct len/cap. This doesn't matter for the runtime because nothing looks at the len of cutab. Since the incorrect len is larger, all valid indexes remain valid. Using the correct length means that more invalid indexes will be caught at run time, but such cases are unlikely. Still, using the correct len is less confusing. While we're here use the simpler sliceSym for pcln.pclntab. Change-Id: I09f680b3287467120d994b171c86c784085e3d27 Reviewed-on: https://go-review.googlesource.com/c/go/+/707595 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Cherry Mui <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]>
Solaris linker's -S has a different meaning. Fixes golang#75637. Change-Id: I51e641d5bc6d7f64ab5aa280090c70ec787a1fbf Reviewed-on: https://go-review.googlesource.com/c/go/+/707096 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: David Chase <[email protected]>
Quote the protocols sent by the client when returning the ALPN negotiation error message. Fixes CVE-2025-58189 Fixes golang#75652 Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330 Reviewed-on: https://go-review.googlesource.com/c/go/+/707776 Auto-Submit: Roland Shoemaker <[email protected]> Reviewed-by: Neal Patel <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> Auto-Submit: Nicholas Husin <[email protected]> Reviewed-by: Nicholas Husin <[email protected]> TryBot-Bypass: Roland Shoemaker <[email protected]> Reviewed-by: Daniel McCarney <[email protected]>
GetFileSizeEx was generated before mkwinsyscall was updated to use SyscallN. Regenerate to use the new style. Fixes golang#75642 Change-Id: Ia473a167633b67fb75b5762d693848ecee425a7e Reviewed-on: https://go-review.googlesource.com/c/go/+/707615 Reviewed-by: Roland Shoemaker <[email protected]> Auto-Submit: Dmitri Shuralyov <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]>
Binutils defaults to exporting all symbols when building a Windows DLL. To avoid that we were marking symbols with __declspec(dllexport) in the cgo-generated headers, which instructs ld to export only those symbols. However, that approach makes the headers hard to reuse when importing the resulting DLL into other projects, as imported symbols should be marked with __declspec(dllimport). A better approach is to generate a .def file listing the symbols to export, which gets the same effect without having to modify the headers. Updates golang#30674 Fixes golang#56994 Change-Id: I22bd0aa079e2be4ae43b13d893f6b804eaeddabf Reviewed-on: https://go-review.googlesource.com/c/go/+/705776 Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Junyang Shao <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Cherry Mui <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
WSASend and WSARecv functions capture the WSABuf structure before returning, so there is no need to keep a copy of it in the operation structure. Write and Read functions don't need it, they can operate directly on the byte slice. To be on the safe side, pin the input byte slice so that stack-allocated slices don't get moved while overlapped I/O is in progress. Cq-Include-Trybots: luci.golang.try:gotip-windows-amd64-longtest,gotip-windows-amd64-race Change-Id: I474bed94e11acafa0bdd8392b5dcf8993d8e1ed5 Reviewed-on: https://go-review.googlesource.com/c/go/+/704155 Reviewed-by: Junyang Shao <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Change-Id: I9b1fa390434dbda7d49a36b0114c68f942c11d3f Reviewed-on: https://go-review.googlesource.com/c/go/+/707575 Auto-Submit: Ian Lance Taylor <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Carlos Amedee <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
It taks north of 130µs on my machine, which is enough to be worth shaving off at init time. Change-Id: I6a6a696463de228bc3e7b9ca10c12ddbaabdf384 Reviewed-on: https://go-review.googlesource.com/c/go/+/707695 Auto-Submit: Filippo Valsorda <[email protected]> Reviewed-by: Daniel McCarney <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
Heavily inspired by the BoringSSL implementation. Change-Id: I6a6a6964b22826d54700c8b3d555054163cef5fe Co-authored-by: Daniel Morsing <[email protected]> Cq-Include-Trybots: luci.golang.try:gotip-linux-s390x,gotip-linux-ppc64_power10,gotip-linux-ppc64le_power10,gotip-linux-ppc64le_power8,gotip-linux-arm,gotip-darwin-arm64_15,gotip-windows-arm64,gotip-freebsd-amd64 Reviewed-on: https://go-review.googlesource.com/c/go/+/703015 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Daniel McCarney <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]> Reviewed-by: Cherry Mui <[email protected]>
seccomp_linux.go is only used for Go's own tests (commit 6446285), but the package is included when building programs with CGO_ENABLED=1. When using an older glibc (e.g. 2.17), SYS_getrandom and SYS_seccomp are not defined, causing cgo compilation to fail. Note that there are already several types and defines copied from linux headers into seccomp_linux.go to support compilation on older systems.
08e6cdc
to
0a0020e
Compare
75c87df
to
38b1a42
Compare
4c0fd3a
to
5bf50a0
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
seccomp_linux.go is only used for Go's own tests (commit 6446285), but the package is included when building programs with CGO_ENABLED=1.
When using an older glibc (e.g. 2.17), SYS_getrandom and SYS_seccomp are not defined, causing cgo compilation to fail.
Note that there are already several types and defines copied from linux headers into seccomp_linux.go to support compilation on older systems.
Updates golang#69536
🔄 This is a mirror of upstream PR golang#75658