Top-Byte-Ignore (TBI) is a feature on all ARMv8.0 CPUs that causes the top byte
of virtual addresses to be ignored on loads and stores. Instead, bit 55 is
extended over bits 56-63 before address translation. This feature allows use of
the (ignored) top byte as a tag or for other in-band metadata.
In Linux, brk()/mmap()/mremap() syscalls don't untag addresses. More details
are in dcde237319e6 ("mm: Avoid creating virtual address aliases in
brk()/mmap()/mremap()")
PiperOrigin-RevId: 715885990
Now we don't need to trigger a second fault to figure out whether it was write
or read access.
Fixes#11008
Co-developed-by: Jamie Liu <jamieliu@google.com>
PiperOrigin-RevId: 697677262
Also add the missing HugePage equivalents of Page functions.
The fix for golang/go#56280, which first appears in Go 1.20, is needed to
prevent this CL from regressing performance:
Before fix:
```
TEXT gvisor/pkg/sentry/mm/mm.(*MemoryManager).SetNumaPolicy(SB) gvisor/pkg/sentry/mm/syscalls.go
...
addr.go:75 0x7f000054e35e 488d053bc2b100 LEAQ gvisor/pkg/hostarch/hostarch..dict.IsPageAligned[gvisor/pkg/hostarch/hostarch.Addr](SB), AX
addr.go:75 0x7f000054e365 e8961cc4ff CALL gvisor/pkg/hostarch/hostarch.IsPageAligned[go.shape.uintptr](SB)
```
After fix:
```
TEXT gvisor/pkg/sentry/mm/mm.(*MemoryManager).SetNumaPolicy(SB) gvisor/pkg/sentry/mm/syscalls.go
...
addr.go:75 0x7f00004da61a 90 NOPL
addr.go:75 0x7f00004da61b 0f1f440000 NOPL 0(AX)(AX*1)
sizes_util.go:57 0x7f00004da620 48f7c3ff0f0000 TESTQ $0xfff, BX
syscalls.go:1021 0x7f00004da627 0f855f010000 JNE 0x7f00004da78c
```
PiperOrigin-RevId: 507608080
All remaining uses of gohacks.SliceHeader are to create a slice pointing to
some other backing array. Go 1.20 introduces unsafe.Slice to do exactly this,
so switch to this interface.
For now we want code to continue to build with Go 1.19, so we still use a
gohacks.Slice wrapper, which uses unsafe.Slice on 1.20 and SliceHeader on
<1.20. Once 1.19 support is dropped, uses can drop gohacks altogether.
gohacks.Slice is inlined into callers, and unsafe.Slice is a compiler
intrinsic, so these wrappers have minimal overhead. The primary difference is
the addition of a nil check on the pointer and an overflow check on
ptr+length*size.
I think these are minimal enough to not cause problems, but if they are (e.g.,
in safemem), we could consider adding a SliceUnchecked function that continues
to use SliceHeader. But I'd like to try to avoid that, as it adds process to
verify it is still compatible with new Go releases.
For #8422.
PiperOrigin-RevId: 504926819
Once the user receives a file descriptor from `io_uring_setup()`, it will be
used for the subsequent `mmap()` calls. Thus, we need to add support for it in
our iouringfs.
PiperOrigin-RevId: 477318038
When tmpfs is mounted with `size` option it imposes a limit for
the tmpfs mount. The total size of all files in that mount must not exceed this
limit. See tmpfs(5) for more details. When this option was not supported and
specifying it caused mount(2) to return EINVAL instead of ENOSPC.
In Linux, tmpfs charges symlinks, regular files and directories against this
`size` limit. All accounting is done on the granularity of page size. The `size`
limit and all individual file sizes are rounded up to number of pages while
performing calculations. gVisor has aimed to replicate the same behavior.
One difference from Linux is that if the `size` option is not specified, then
Linux uses 50% of physical RAM as the `size`. We don't replicate this behavior
in gVisor as the actual size of host physical RAM should not be exposed to
application. In gVisor, if `size` option is not specified, then no limit is
imposed. This is consistent with the behavior before this change.
Added syscall tests for regular files and symlink.
PiperOrigin-RevId: 442686814
Split usermem package to help remove syserror dependency in go_marshal.
New hostarch package contains code not dependent on syserror.
PiperOrigin-RevId: 365651233
Jamie Liu
Andrei Vagin
Adin Scannell
Michael Pratt
Shambhavi Srivastava
Sergey Madaminov
Ayush Ranjan
Zach Koopmans