psx

package module

v1.2.69 Latest Latest Go to latest Published: May 15, 2023 License: GPL-2.0 Imports: 4 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.kernel.org/pub/scm/libs/libcap/libcap

Links

Open Source Insights

README ¶

Package "psx" provides an API for invoking system calls in a way that
each system call is mirrored on all OS threads of the combined Go/CGo
runtime. Since the Go runtime treats OS threads as interchangeable, a
feature like this is needed to meaningfully change process privilege
(including dropping privilege) in a Go program running on Linux. This
package is required by:

   "kernel.org/pub/linux/libs/security/libcap/cap"

When compiled CGO_ENABLED=0, the functionality requires go1.16+ to
build. That release of Go introduced syscall.AllThreadsSyscall*()
APIs.  When compiled this way, the "psx" package functions
psx.Syscall3() and psx.Syscall6() are aliased to
syscall.AllThreadsSyscall() and syscall.AllThreadsSyscall6()
respectively.

When compiled CGO_ENABLED=1, the functionality is implemented by C
code, [lib]psx, which is distributed with libcap.

The official release announcement site for libcap and libpsx is:

   https://sites.google.com/site/fullycapable/

Like libcap/libpsx itself, the "psx" package is distributed with a
"you choose" License. Specifically: BSD three clause, or GPL2. See the
License file.

Andrew G. Morgan <morgan@kernel.org>

Documentation ¶

Rendered for

Overview ¶

Package psx provides support for system calls that are run simultaneously on all threads under Linux.

This property can be used to work around a historical lack of native Go support for such a feature. Something that is the subject of:

https://github.com/golang/go/issues/1435

The package works differently depending on whether or not CGO_ENABLED is 0 or 1.

In the former case, psx is a low overhead wrapper for the two native go calls: syscall.AllThreadsSyscall() and syscall.AllThreadsSyscall6() introduced in go1.16. We provide this wrapping to minimize client source code changes when compiling with or without CGo enabled.

In the latter case, and toolchains prior to go1.16, it works via CGo wrappers for system call functions that call the C [lib]psx functions of these names. This ensures that the system calls execute simultaneously on all the pthreads of the Go (and CGo) combined runtime.

With CGo, the psx support works in the following way: the pthread that is first asked to execute the syscall does so, and determines if it succeeds or fails. If it fails, it returns immediately without attempting the syscall on other pthreads. If the initial attempt succeeds, however, then the runtime is stopped in order for the same system call to be performed on all the remaining pthreads of the runtime. Once all pthreads have completed the syscall, the return codes are those obtained by the first pthread's invocation of the syscall.

Note, there is no need to use this variant of syscall where the syscalls only read state from the kernel. However, since Go's runtime freely migrates code execution between pthreads, support of this type is required for any successful attempt to fully drop or modify the privilege of a running Go program under Linux.

More info on how Linux privilege works and examples of using this package can be found here:

https://sites.google.com/site/fullycapable

WARNING: For older go toolchains (prior to go1.15), correct compilation of this package may require an extra workaround step:

The workaround is to build with the following CGO_LDFLAGS_ALLOW in effect (here the syntax is that of bash for defining an environment variable):

export CGO_LDFLAGS_ALLOW="-Wl,-?-wrap[=,][^-.@][^,]*"

The psx package is licensed with a (you choose) BSD 3-clause or GPL2. See LICENSE file for details.

Index ¶

func Syscall3(syscallnr, arg1, arg2, arg3 uintptr) (uintptr, uintptr, syscall.Errno)
func Syscall6(syscallnr, arg1, arg2, arg3, arg4, arg5, arg6 uintptr) (uintptr, uintptr, syscall.Errno)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Syscall3 ¶

func Syscall3(syscallnr, arg1, arg2, arg3 uintptr) (uintptr, uintptr, syscall.Errno)

Syscall3 performs a 3 argument syscall. Syscall3 differs from syscall.[Raw]Syscall() insofar as it is simultaneously executed on every thread of the combined Go and CGo runtimes. It works differently depending on whether CGO_ENABLED is 1 or 0 at compile time.

If CGO_ENABLED=1 it uses the libpsx function C.psx_syscall3().

If CGO_ENABLED=0 it redirects to the go1.16+ syscall.AllThreadsSyscall() function.

func Syscall6 ¶

func Syscall6(syscallnr, arg1, arg2, arg3, arg4, arg5, arg6 uintptr) (uintptr, uintptr, syscall.Errno)

Syscall6 performs a 6 argument syscall on every thread of the combined Go and CGo runtimes. Other than the number of syscall arguments, its behavior is identical to that of Syscall3() - see above for the full documentation.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL