treewide: use Pinner to resolve safety issues
Prior to Go 1.21 the only way to pass Go-managed pointers to the kernel
was to convert them to a uintptr inside the syscall argument expression.
This pattern was special-cased in the compiler to prevent the referenced
memory from being moved by an eventual moving GC in Go while the syscall
is running (thus corrupting the Go heap).
But this was very restrictive as there are syscalls which take inputs
containing further pointers. According to the official rules this could
not be implemented safely.
In practice you could just do it anyways as the current Go GC does
in general not move objects, but it was always kind of a hack.
With Go 1.21 there is a new Pinner API which can be used to pin the
memory which is going to be referenced in these structures, allowing
them to be constructed and used over multiple calls.
runtime.KeepAlive is still required to prevent finalizers from running
prematurely.
Use this new API and remove the relevant comments.
Change-Id: I26bce06e1c20a5fe0c41f9ae736a895f533674c1
Reviewed-on: https://review.monogon.dev/c/monogon/+/2316
Tested-by: Jenkins CI
Reviewed-by: Serge Bazanski <serge@monogon.tech>
diff --git a/net/dump/hwaddr_compat.go b/net/dump/hwaddr_compat.go
index 1e79e36..9cd99a8 100644
--- a/net/dump/hwaddr_compat.go
+++ b/net/dump/hwaddr_compat.go
@@ -48,13 +48,17 @@
}
}
defer unix.Close(fd)
+
+ var ioctlPins runtime.Pinner
+ defer ioctlPins.Unpin()
+
var data ethtoolPermAddr
data.Cmd = unix.ETHTOOL_GPERMADDR
data.Size = uint32(len(data.Data))
+
var req ifreq
copy(req.ifname[:], ifName)
- // See //metropolis/pkg/nvme:cmd_linux.go RawCommand notice on the safety
- // of this.
+ ioctlPins.Pin(&data)
req.data = uintptr(unsafe.Pointer(&data))
for {
_, _, err := unix.Syscall(unix.SYS_IOCTL, uintptr(fd), unix.SIOCETHTOOL, uintptr(unsafe.Pointer(&req)))