Provide flag to disable syscall patching (aka syscall fastpath) in Systrap.

konstantin-s-bogom · gvisor-bot · commit f585db6bbfc5 · 2025-05-08T17:18:06.000-07:00
First and foremost, this flag is meant to be a debugging tool for Systrap-related issues; very often the first step to debugging Systrap errors is to ask users to disable syscall patching, and this makes that easier. Secondly, it is also meant to be a temporary stop-gap to fix workloads that don't work with syscall patching until the universal solution is implemented to roll-back existing patches to their original state at runtime. Updates #11649. PiperOrigin-RevId: 756520044
diff --git a/pkg/sentry/fsimpl/testutil/kernel.go b/pkg/sentry/fsimpl/testutil/kernel.go
@@ -67,7 +67,7 @@ func Boot() (*kernel.Kernel, error) {
 	if err != nil {
 		return nil, fmt.Errorf("creating platform: %v", err)
 	}
-	plat, err := platformCtr.New(deviceFile)
+	plat, err := platformCtr.New(platform.Options{DeviceFile: deviceFile})
 	if err != nil {
 		return nil, fmt.Errorf("creating platform: %v", err)
 	}
diff --git a/pkg/sentry/platform/kvm/kvm.go b/pkg/sentry/platform/kvm/kvm.go
@@ -183,8 +183,8 @@ func (k *KVM) NewContext(pkgcontext.Context) platform.Context {
 
 type constructor struct{}
 
-func (*constructor) New(f *fd.FD) (platform.Platform, error) {
-	return New(f, Config{})
+func (*constructor) New(opts platform.Options) (platform.Platform, error) {
+	return New(opts.DeviceFile, Config{})
 }
 
 func (*constructor) OpenDevice(devicePath string) (*fd.FD, error) {
diff --git a/pkg/sentry/platform/platform.go b/pkg/sentry/platform/platform.go
@@ -513,14 +513,25 @@ func (s StaticSeccompInfo) HottestSyscalls() []uintptr {
 	return s.HotSyscalls
 }
 
+// Options is a collection variables and flags for platform initialization.
+type Options struct {
+	// DeviceFile is the device file to use (e.g. /dev/kvm for the KVM
+	// platform).
+	DeviceFile *fd.FD
+
+	// DisableSyscallPatching controls whether Systrap is allowed to patch
+	// syscalls invocations sites at runtime.
+	DisableSyscallPatching bool
+}
+
 // Constructor represents a platform type.
 type Constructor interface {
 	// New returns a new platform instance.
 	//
 	// Arguments:
 	//
-	//	* deviceFile - the device file (e.g. /dev/kvm for the KVM platform).
-	New(deviceFile *fd.FD) (Platform, error)
+	//	* opts - Platform customization bits.
+	New(opts Options) (Platform, error)
 
 	// OpenDevice opens the path to the device used by the platform.
 	// Passing in an empty string will use the default path for the device,
diff --git a/pkg/sentry/platform/ptrace/ptrace.go b/pkg/sentry/platform/ptrace/ptrace.go
@@ -260,7 +260,7 @@ func (p *PTrace) NewAddressSpace(any) (platform.AddressSpace, <-chan struct{}, e
 
 type constructor struct{}
 
-func (*constructor) New(*fd.FD) (platform.Platform, error) {
+func (*constructor) New(platform.Options) (platform.Platform, error) {
 	return New()
 }
 
diff --git a/pkg/sentry/platform/systrap/stub_unsafe.go b/pkg/sentry/platform/systrap/stub_unsafe.go
@@ -306,6 +306,10 @@ func stubInit() {
 	*p = uint64(stubContextQueueRegion)
 	p = (*uint64)(unsafe.Pointer(stubSysmsgStart + uintptr(sysmsg.Sighandler_blob_offset____export_spinning_queue_addr)))
 	*p = uint64(stubSpinningThreadQueueAddr)
+	if disableSyscallPatching {
+		p = (*uint64)(unsafe.Pointer(stubSysmsgStart + uintptr(sysmsg.Sighandler_blob_offset____export_disable_syscall_patching)))
+		*p = 1
+	}
 
 	prepareSeccompRules(stubSysmsgStart,
 		stubSysmsgRules, stubSysmsgRulesLen,
diff --git a/pkg/sentry/platform/systrap/subprocess_amd64.go b/pkg/sentry/platform/systrap/subprocess_amd64.go
@@ -149,7 +149,8 @@ func initChildProcessPPID(initregs *arch.Registers, ppid int32) {
 // been generated by the kernel.
 // Returns true if the signal info was patched, false otherwise.
 func maybePatchSignalInfo(regs *arch.Registers, signalInfo *linux.SignalInfo) bool {
-	if signalInfo.Addr() < linux.VSyscallStartAddr ||
+	if disableSyscallPatching ||
+		signalInfo.Addr() < linux.VSyscallStartAddr ||
 		signalInfo.Addr() >= linux.VSyscallEndAddr {
 		return false
 	}
diff --git a/pkg/sentry/platform/systrap/sysmsg/sighandler_amd64.c b/pkg/sentry/platform/systrap/sysmsg/sighandler_amd64.c
@@ -40,6 +40,7 @@
 // sysmsg_lib.c.
 struct arch_state __export_arch_state;
 uint64_t __export_stub_start;
+uint64_t __export_disable_syscall_patching;
 
 long __syscall(long n, long a1, long a2, long a3, long a4, long a5, long a6) {
   unsigned long ret;
@@ -251,7 +252,8 @@ void __export_sighandler(int signo, siginfo_t *siginfo, void *_ucontext) {
       // If a syscall instruction set is "mov sysno, %eax, syscall", it can be
       // replaced on a function call which works much faster.
       // Look at pkg/sentry/usertrap for more details.
-      if (siginfo->si_arch == AUDIT_ARCH_X86_64) {
+      if (__export_disable_syscall_patching == 0 &&
+          siginfo->si_arch == AUDIT_ARCH_X86_64) {
         uint8_t *rip = (uint8_t *)ctx->ptregs.rip;
         // FIXME(b/144063246): Even if all five bytes before the syscall
         // instruction match the "mov sysno, %eax" instruction, they can be a
diff --git a/pkg/sentry/platform/systrap/sysmsg/sighandler_arm64.c b/pkg/sentry/platform/systrap/sysmsg/sighandler_arm64.c
@@ -34,6 +34,8 @@
 // sysmsg_lib.c.
 struct arch_state __export_arch_state;
 uint64_t __export_stub_start;
+// Note: This flag doesn't do anything for ARM. See AMD64 equivalent.
+uint64_t __export_disable_syscall_patching;
 
 long __syscall(long n, long a1, long a2, long a3, long a4, long a5, long a6) {
   // ARM64 syscall interface passes the syscall number in x8 and the 6 arguments
diff --git a/pkg/sentry/platform/systrap/systrap.go b/pkg/sentry/platform/systrap/systrap.go
@@ -113,6 +113,14 @@ var (
 
 	// archState stores architecture-specific details used in the platform.
 	archState sysmsg.ArchState
+
+	// disableSyscallPatching controls if Systrap is allowed to patch
+	// syscall invocation sites.
+	//
+	// This is a hacky global and is not toggleable at runtime! Once it has
+	// been flipped for one Systrap instance, it will apply to all previously
+	// created and future instances too.
+	disableSyscallPatching bool
 )
 
 // platformContext is an implementation of the platform context.
@@ -241,7 +249,11 @@ func (*Systrap) MinUserAddress() hostarch.Addr {
 }
 
 // New returns a new seccomp-based implementation of the platform interface.
-func New() (*Systrap, error) {
+func New(opts platform.Options) (*Systrap, error) {
+	if !disableSyscallPatching {
+		disableSyscallPatching = opts.DisableSyscallPatching
+	}
+
 	if maxSysmsgThreads == 0 {
 		// CPUID information has been initialized at this point.
 		archState.Init()
@@ -326,8 +338,8 @@ func (*Systrap) NewContext(ctx pkgcontext.Context) platform.Context {
 
 type constructor struct{}
 
-func (*constructor) New(_ *fd.FD) (platform.Platform, error) {
-	return New()
+func (*constructor) New(opts platform.Options) (platform.Platform, error) {
+	return New(opts)
 }
 
 func (*constructor) OpenDevice(_ string) (*fd.FD, error) {
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
@@ -811,7 +811,10 @@ func createPlatform(conf *config.Config, deviceFile *fd.FD) (platform.Platform,
 		panic(fmt.Sprintf("invalid platform %s: %s", conf.Platform, err))
 	}
 	log.Infof("Platform: %s", conf.Platform)
-	return p.New(deviceFile)
+	return p.New(platform.Options{
+		DeviceFile:             deviceFile,
+		DisableSyscallPatching: conf.Platform == "systrap" && conf.SystrapDisableSyscallPatching,
+	})
 }
 
 func createMemoryFile(appHugePages bool, hostTHP HostTHP) (*pgalloc.MemoryFile, error) {
diff --git a/runsc/config/config.go b/runsc/config/config.go
@@ -391,6 +391,9 @@ type Config struct {
 
 	// GVisorMarkerFile enables the /proc/gvisor/kernel_is_gvisor marker file.
 	GVisorMarkerFile bool `flag:"gvisor-marker-file"`
+
+	// SystrapDisableSyscallPatching disables syscall patching in Systrap.
+	SystrapDisableSyscallPatching bool `flag:"systrap-disable-syscall-patching"`
 }
 
 func (c *Config) validate() error {
diff --git a/runsc/config/flags.go b/runsc/config/flags.go
@@ -107,6 +107,7 @@ func RegisterFlags(flagSet *flag.FlagSet) {
 	flagSet.String("pod-init-config", "", "path to configuration file with additional steps to take during pod creation.")
 	flagSet.Var(HostSettingsCheck.Ptr(), "host-settings", "how to handle non-optimal host kernel settings: check (default, advisory-only), ignore (do not check), adjust (best-effort auto-adjustment), or enforce (auto-adjustment must succeed).")
 	flagSet.Var(RestoreSpecValidationEnforce.Ptr(), "restore-spec-validation", "how to handle spec validation during restore.")
+	flagSet.Bool("systrap-disable-syscall-patching", false, "disables syscall patching when using the Systrap platform. May be necessary to use in case the workload uses the GS register, or uses ptrace within gVisor. Has significant performance implications and is only recommended when the sandbox is known to run otherwise-incompatible workloads. Only relevant for x86.")
 
 	// Flags that control sandbox runtime behavior: MM related.
 	flagSet.Bool("app-huge-pages", true, "enable use of huge pages for application memory; requires /sys/kernel/mm/transparent_hugepage/shmem_enabled = advise")

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ func Boot() (*kernel.Kernel, error) {`
`67`	`67`	`if err != nil {`
`68`	`68`	`return nil, fmt.Errorf("creating platform: %v", err)`
`69`	`69`	`}`
`70`		`- plat, err := platformCtr.New(deviceFile)`
	`70`	`+ plat, err := platformCtr.New(platform.Options{DeviceFile: deviceFile})`
`71`	`71`	`if err != nil {`
`72`	`72`	`return nil, fmt.Errorf("creating platform: %v", err)`
`73`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -183,8 +183,8 @@ func (k *KVM) NewContext(pkgcontext.Context) platform.Context {`
`183`	`183`
`184`	`184`	`type constructor struct{}`
`185`	`185`
`186`		`-func (constructor) New(f fd.FD) (platform.Platform, error) {`
`187`		`- return New(f, Config{})`
	`186`	`+func (*constructor) New(opts platform.Options) (platform.Platform, error) {`
	`187`	`+ return New(opts.DeviceFile, Config{})`
`188`	`188`	`}`
`189`	`189`
`190`	`190`	`func (constructor) OpenDevice(devicePath string) (fd.FD, error) {`
Original file line number	Diff line number	Diff line change
`@@ -260,7 +260,7 @@ func (p *PTrace) NewAddressSpace(any) (platform.AddressSpace, <-chan struct{}, e`
`260`	`260`
`261`	`261`	`type constructor struct{}`
`262`	`262`
`263`		`-func (constructor) New(fd.FD) (platform.Platform, error) {`
	`263`	`+func (*constructor) New(platform.Options) (platform.Platform, error) {`
`264`	`264`	`return New()`
`265`	`265`	`}`
`266`	`266`
Original file line number	Diff line number	Diff line change
`@@ -811,7 +811,10 @@ func createPlatform(conf config.Config, deviceFile fd.FD) (platform.Platform,`
`811`	`811`	`panic(fmt.Sprintf("invalid platform %s: %s", conf.Platform, err))`
`812`	`812`	`}`
`813`	`813`	`log.Infof("Platform: %s", conf.Platform)`
`814`		`- return p.New(deviceFile)`
	`814`	`+ return p.New(platform.Options{`
	`815`	`+ DeviceFile: deviceFile,`
	`816`	`+ DisableSyscallPatching: conf.Platform == "systrap" && conf.SystrapDisableSyscallPatching,`
	`817`	`+ })`
`815`	`818`	`}`
`816`	`819`
`817`	`820`	`func createMemoryFile(appHugePages bool, hostTHP HostTHP) (*pgalloc.MemoryFile, error) {`