diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index a2d0f47280..f2aa6915dd 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -3,12 +3,17 @@ name: Container on: push: branches: [main] + tags: ["v*"] pull_request: branches: [main] permissions: contents: read +# avoid races when pushing containers built from main +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + jobs: build-container: name: Build container image @@ -16,5 +21,14 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v2 - - name: Build container image - run: podman build -f Dockerfile.validate . + with: + # fetch tags so the compiled-in version number is useful + fetch-depth: 0 + - name: Build and push container + uses: coreos/actions-lib/build-container@main + with: + credentials: ${{ secrets.QUAY_AUTH }} + file: Dockerfile.validate + push: quay.io/coreos/ignition-validate + # Speed up PR CI by skipping arm64 + pr-arches: amd64 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0ed513190e..6d46589725 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -14,7 +14,7 @@ jobs: name: test build strategy: matrix: - go-version: [1.15.x, 1.16.x, 1.17.x] + go-version: [1.15.x, 1.16.x, 1.17.x, 1.18.x] runs-on: ubuntu-latest steps: - name: Set up Go 1.x @@ -24,19 +24,21 @@ jobs: - name: Checkout Repository uses: actions/checkout@v2 - name: Install libblkid-dev - run: sudo apt-get install libblkid-dev + run: | + sudo apt-get update + sudo apt-get install libblkid-dev - name: Run tests run: ./test - name: Run linter uses: golangci/golangci-lint-action@v2 with: - version: v1.42.0 + version: v1.45.0 args: -E=gofmt --timeout=30m0s test-validate: name: test ignition-validate strategy: matrix: - go-version: [1.17.x] + go-version: [1.18.x] os: [macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: diff --git a/Dockerfile.validate b/Dockerfile.validate index 1399ddb29e..933b170315 100644 --- a/Dockerfile.validate +++ b/Dockerfile.validate @@ -1,5 +1,5 @@ FROM registry.fedoraproject.org/fedora:35 AS builder -RUN dnf install -y golang git +RUN dnf install -y golang git-core RUN mkdir /ignition-validate COPY . /ignition-validate WORKDIR /ignition-validate diff --git a/build_for_container b/build_for_container index 02514c233d..7ddfc55d44 100755 --- a/build_for_container +++ b/build_for_container @@ -27,6 +27,5 @@ export GO11MODULE=on export CGO_ENABLED=0 export GOFLAGS='-mod=vendor' export GOOS=linux -export GOARCH=amd64 go build -ldflags "${GLDFLAGS}" -o ${BIN_PATH}/ignition-validate ${REPO_PATH}/validate diff --git a/config/v3_1/types/headers_test.go b/config/v3_1/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_1/types/headers_test.go +++ b/config/v3_1/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } diff --git a/config/v3_2/types/headers_test.go b/config/v3_2/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_2/types/headers_test.go +++ b/config/v3_2/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } diff --git a/config/v3_3/types/headers_test.go b/config/v3_3/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_3/types/headers_test.go +++ b/config/v3_3/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } diff --git a/config/v3_4_experimental/types/headers_test.go b/config/v3_4_experimental/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_4_experimental/types/headers_test.go +++ b/config/v3_4_experimental/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } diff --git a/dracut/30ignition/ignition-disks.service b/dracut/30ignition/ignition-disks.service index 92c8d242e6..9b225257f8 100644 --- a/dracut/30ignition/ignition-disks.service +++ b/dracut/30ignition/ignition-disks.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (disks) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-fetch-offline.service b/dracut/30ignition/ignition-fetch-offline.service index b8ae7a7d43..0d1284abda 100644 --- a/dracut/30ignition/ignition-fetch-offline.service +++ b/dracut/30ignition/ignition-fetch-offline.service @@ -5,7 +5,7 @@ [Unit] Description=Ignition (fetch-offline) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-fetch.service b/dracut/30ignition/ignition-fetch.service index d914362dc4..a61c3ad44b 100644 --- a/dracut/30ignition/ignition-fetch.service +++ b/dracut/30ignition/ignition-fetch.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (fetch) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-files.service b/dracut/30ignition/ignition-files.service index aa64fb6887..c4d43ca077 100644 --- a/dracut/30ignition/ignition-files.service +++ b/dracut/30ignition/ignition-files.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (files) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-kargs.service b/dracut/30ignition/ignition-kargs.service index 6272ccff4e..599fcc06ad 100644 --- a/dracut/30ignition/ignition-kargs.service +++ b/dracut/30ignition/ignition-kargs.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (kargs) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-mount.service b/dracut/30ignition/ignition-mount.service index 0d25afabfe..cb0d6ff4c6 100644 --- a/dracut/30ignition/ignition-mount.service +++ b/dracut/30ignition/ignition-mount.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (mount) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-remount-sysroot.service b/dracut/30ignition/ignition-remount-sysroot.service index f004d20510..692313ff3d 100644 --- a/dracut/30ignition/ignition-remount-sysroot.service +++ b/dracut/30ignition/ignition-remount-sysroot.service @@ -1,6 +1,6 @@ [Unit] Description=Remount /sysroot read-write for Ignition -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release # Some Linux Distributions don't pass a rw option on the kernel # commandline and thus mount the root filesystem ro by default. In diff --git a/go.mod b/go.mod index 8bacb1113a..a9c3c52981 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace github.com/stretchr/testify v1.7.0 github.com/vincent-petithory/dataurl v1.0.0 - github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728 + github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3 github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714 go.opencensus.io v0.22.5 // indirect golang.org/x/net v0.0.0-20200602114024-627f9648deb9 diff --git a/go.sum b/go.sum index 3dccd8cb7e..d57d450940 100644 --- a/go.sum +++ b/go.sum @@ -153,8 +153,8 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI= github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U= -github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728 h1:sH9mEk+flyDxiUa5BuPiuhDETMbzrt9A20I2wktMvRQ= -github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk= +github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3 h1:v6jG/tdl4O07LNVp74Nt7/OyL+1JsIW1M2f/nSvQheY= +github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3/go.mod h1:CSBTxrhePCm0cmXNKDGeu+6bOQzpaEklfCqEpn89JWk= github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714 h1:wJqF3m4Tj8I4beSi6vGxIyNtsq6wwGqhK3UnA99ltL4= github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714/go.mod h1:jiPk45kn7klhByRvUq5i2vo1RtHKBHj+iWGFpxbXuuI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/internal/providers/vmware/vmware_amd64.go b/internal/providers/vmware/vmware_amd64.go index b4ad39a7c5..6447987de1 100644 --- a/internal/providers/vmware/vmware_amd64.go +++ b/internal/providers/vmware/vmware_amd64.go @@ -30,7 +30,7 @@ import ( ) func FetchConfig(f *resource.Fetcher) (types.Config, report.Report, error) { - if isVM, err := vmcheck.IsVirtualWorld(); err != nil { + if isVM, err := vmcheck.IsVirtualWorld(true); err != nil { return types.Config{}, report.Report{}, err } else if !isVM { return types.Config{}, report.Report{}, providers.ErrNoProvider diff --git a/internal/resource/url.go b/internal/resource/url.go index 834236735d..9f9ec280f3 100644 --- a/internal/resource/url.go +++ b/internal/resource/url.go @@ -464,7 +464,7 @@ func (f *Fetcher) fetchFromS3WithCreds(ctx context.Context, dest s3target, input return err } - awsConfig := aws.NewConfig().WithHTTPClient(httpClient) + awsConfig := aws.NewConfig().WithHTTPClient(httpClient).WithUseDualStack(true) s3Client := s3.New(sess, awsConfig) downloader := s3manager.NewDownloaderWithClient(s3Client) if _, err := downloader.DownloadWithContext(ctx, dest, input); err != nil { diff --git a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go index 43ee14cf63..b46c91b8e0 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go +++ b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go @@ -12,6 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:generate go run asm.go -out bdoor_amd64.s -arch amd64 +//go:generate go run asm.go -out bdoor_386.s -arch 386 + package bdoor const ( diff --git a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s index a6e11b113f..d75892f0b3 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s +++ b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s @@ -1,34 +1,11 @@ -#include "textflag.h" +// Code generated by command: go run asm.go -out bdoor_386.s -arch 386. DO NOT EDIT. + +// +build gc -// Doc of the golang plan9 assembler -// http://p9.nyx.link/labs/sys/doc/asm.html -// -// A good primer of how to write golang with some plan9 flavored assembly -// http://www.doxsey.net/blog/go-and-assembly -// -// Some x86 references -// http://www.eecg.toronto.edu/~amza/www.mindsec.com/files/x86regs.html -// https://cseweb.ucsd.edu/classes/sp10/cse141/pdf/02/S01_x86_64.key.pdf -// https://en.wikibooks.org/wiki/X86_Assembly/Other_Instructions -// -// (This one is invaluable. Has a working example of how a standard function -// call looks on the stack with the associated assembly.) -// https://www.recurse.com/blog/7-understanding-c-by-learning-assembly -// -// Reference with raw form of the Opcode -// http://x86.renejeschke.de/html/file_module_x86_id_139.html -// -// Massive x86_64 reference -// http://ref.x86asm.net/coder64.html#xED -// -// Adding instructions to the go assembler -// https://blog.klauspost.com/adding-unsupported-instructions-in-golang-assembler/ -// -// Backdoor commands -// https://sites.google.com/site/chitchatvmback/backdoor +#include "textflag.h" -// func bdoor_inout(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -37,9 +14,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVL di+20(FP), DI MOVL bp+24(FP), BP - // IN to DX from EAX + // IN to DX from AX INL - MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) MOVL CX, retcx+36(FP) @@ -49,8 +25,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVL BP, retbp+52(FP) RET -// func bdoor_hbout(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbout(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -58,9 +34,9 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVL si+16(FP), SI MOVL di+20(FP), DI MOVL bp+24(FP), BP - - CLD; REP; OUTSB - + CLD + REP + OUTSB MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) MOVL CX, retcx+36(FP) @@ -70,8 +46,8 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVL BP, retbp+52(FP) RET -// func bdoor_hbin(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbin(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -79,20 +55,20 @@ TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 MOVL si+16(FP), SI MOVL di+20(FP), DI MOVL bp+24(FP), BP - - CLD; REP; INSB - + CLD + REP + INSB MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) - MOVL CX, retcx+40(FP) - MOVL DX, retdx+44(FP) - MOVL SI, retsi+48(FP) - MOVL DI, retdi+52(FP) - MOVL BP, retbp+56(FP) + MOVL CX, retcx+36(FP) + MOVL DX, retdx+40(FP) + MOVL SI, retsi+44(FP) + MOVL DI, retdi+48(FP) + MOVL BP, retbp+52(FP) RET -// func bdoor_inout_test(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout_test(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -100,7 +76,6 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVL si+16(FP), SI MOVL di+20(FP), DI MOVL bp+24(FP), BP - MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) MOVL CX, retcx+36(FP) @@ -109,4 +84,3 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVL DI, retdi+48(FP) MOVL BP, retbp+52(FP) RET - diff --git a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s index 62f0c06daf..f35db2735a 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s +++ b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s @@ -1,34 +1,11 @@ -#include "textflag.h" +// Code generated by command: go run asm.go -out bdoor_amd64.s -arch amd64. DO NOT EDIT. + +// +build gc -// Doc of the golang plan9 assembler -// http://p9.nyx.link/labs/sys/doc/asm.html -// -// A good primer of how to write golang with some plan9 flavored assembly -// http://www.doxsey.net/blog/go-and-assembly -// -// Some x86 references -// http://www.eecg.toronto.edu/~amza/www.mindsec.com/files/x86regs.html -// https://cseweb.ucsd.edu/classes/sp10/cse141/pdf/02/S01_x86_64.key.pdf -// https://en.wikibooks.org/wiki/X86_Assembly/Other_Instructions -// -// (This one is invaluable. Has a working example of how a standard function -// call looks on the stack with the associated assembly.) -// https://www.recurse.com/blog/7-understanding-c-by-learning-assembly -// -// Reference with raw form of the Opcode -// http://x86.renejeschke.de/html/file_module_x86_id_139.html -// -// Massive x86_64 reference -// http://ref.x86asm.net/coder64.html#xED -// -// Adding instructions to the go assembler -// https://blog.klauspost.com/adding-unsupported-instructions-in-golang-assembler/ -// -// Backdoor commands -// https://sites.google.com/site/chitchatvmback/backdoor +#include "textflag.h" -// func bdoor_inout(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -37,9 +14,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - // IN to DX from EAX + // IN to DX from AX INL - MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -49,8 +25,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVQ BP, retbp+104(FP) RET -// func bdoor_hbout(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbout(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -58,9 +34,9 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVQ si+32(FP), SI MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - - CLD; REP; OUTSB - + CLD + REP + OUTSB MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -70,8 +46,8 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVQ BP, retbp+104(FP) RET -// func bdoor_hbin(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbin(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -79,9 +55,9 @@ TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 MOVQ si+32(FP), SI MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - - CLD; REP; INSB - + CLD + REP + INSB MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -91,8 +67,8 @@ TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 MOVQ BP, retbp+104(FP) RET -// func bdoor_inout_test(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout_test(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -100,7 +76,6 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVQ si+32(FP), SI MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -109,4 +84,3 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVQ DI, retdi+96(FP) MOVQ BP, retbp+104(FP) RET - diff --git a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go index c46cc5e455..2b668c9ba6 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go +++ b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go @@ -12,6 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:generate go run asm.go -out vmcheck_amd64.s -arch amd64 +//go:generate go run asm.go -out vmcheck_386.s -arch 386 + package vmcheck import ( @@ -20,38 +23,71 @@ import ( "github.com/vmware/vmw-guestinfo/bdoor" ) +type platform struct { + cpuid func(uint32, uint32) (uint32, uint32, uint32, uint32) + accessPorts func() error + knock func() (bool, error) +} + +var defaultPlatform = &platform{ + cpuid: cpuid_low, + accessPorts: openPortsAccess, + knock: bdoorKnock, +} + // From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s // Get the CPU ID low level leaf values. func cpuid_low(arg1, arg2 uint32) (eax, ebx, ecx, edx uint32) -// IsVirtualWorld returns true if running in a VM and the backdoor is available. -func IsVirtualWorld() (bool, error) { +func bdoorKnock() (bool, error) { + bp := &bdoor.BackdoorProto{} + + bp.CX.AsUInt32().SetWord(bdoor.CommandGetVersion) + out := bp.InOut() + // if there is no device, we get back all 1s + return (0xffffffff != out.AX.AsUInt32().Word()) && (0 != out.AX.AsUInt32().Word()), nil +} + +func (p *platform) isVirtualWorld(ignoreAccessErrors bool) (bool, error) { // Test the HV bit is set - if !IsVirtualCPU() { + if !p.isVirtualCPU() { return false, nil } // Test if backdoor port is available. - if isVM, err := hypervisorPortCheck(); err != nil || !isVM { - return isVM, err + return p.hypervisorPortCheck(ignoreAccessErrors) +} + +func (p *platform) isVirtualCPU() bool { + HV := uint32(1 << 31) + _, _, c, _ := p.cpuid(0x1, 0) + if (c & HV) != HV { + return false } - return true, nil + _, b, c, d := p.cpuid(0x40000000, 0) + + buf := make([]byte, 12) + binary.LittleEndian.PutUint32(buf, b) + binary.LittleEndian.PutUint32(buf[4:], c) + binary.LittleEndian.PutUint32(buf[8:], d) + + if string(buf) != "VMwareVMware" { + return false + } + + return true } -// hypervisorPortCheck tests the availability of the HV port. -func hypervisorPortCheck() (bool, error) { +// hypervisorPortCheck tests the availability of the backdoor port +// to the hypervisor, opportunistically tweaking I/O access level first. +func (p *platform) hypervisorPortCheck(ignoreAccessErrors bool) (bool, error) { // Privilege level 3 to access all ports above 0x3ff - if err := openPortsAccess(); err != nil { + if err := p.accessPorts(); err != nil && !ignoreAccessErrors { return false, err } - p := &bdoor.BackdoorProto{} - - p.CX.AsUInt32().SetWord(bdoor.CommandGetVersion) - out := p.InOut() - // if there is no device, we get back all 1s - return (0xffffffff != out.AX.AsUInt32().Word()) && (0 != out.AX.AsUInt32().Word()), nil + return p.knock() } // IsVirtualCPU checks if the cpu is a virtual CPU running on ESX. It checks for @@ -62,22 +98,14 @@ func hypervisorPortCheck() (bool, error) { // information from the HV to the guest. In ESX, this is the repeating string // "VMwareVMware". func IsVirtualCPU() bool { - HV := uint32(1 << 31) - _, _, c, _ := cpuid_low(0x1, 0) - if (c & HV) != HV { - return false - } - - _, b, c, d := cpuid_low(0x40000000, 0) - - buf := make([]byte, 12) - binary.LittleEndian.PutUint32(buf, b) - binary.LittleEndian.PutUint32(buf[4:], c) - binary.LittleEndian.PutUint32(buf[8:], d) - - if string(buf) != "VMwareVMware" { - return false - } + return defaultPlatform.isVirtualCPU() +} - return true +// isVirtualWorld returns `true` if running in a VM and the backdoor is available. +// It also tries to elevate I/O privileges for the calling thread, which in +// some cases may be forbidden by the system (e.g Linux in `kernel_lockdown` mode +// does not allow `iopl` calls); the `ignoreAccessErrors` parameter allows +// to control library behavior in order to treat such errors as non-fatal. +func IsVirtualWorld(ignoreAccessErrors bool) (bool, error) { + return defaultPlatform.isVirtualWorld(ignoreAccessErrors) } diff --git a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s index c029ece200..da5fac57a4 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s +++ b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s @@ -1,8 +1,12 @@ +// Code generated by command: go run asm.go -out vmcheck_386.s -arch 386. DO NOT EDIT. +// +build gc + #include "textflag.h" -// From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s -// func cpuid_low(arg1, arg2 uint32) (eax, ebx, ecx, edx uint32) +// func cpuid_low(arg1 uint32, arg2 uint32) (eax uint32, ebx uint32, ecx uint32, edx uint32) +// Requires: CPUID TEXT ·cpuid_low(SB), NOSPLIT, $0-24 + // From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s MOVL arg1+0(FP), AX MOVL arg2+4(FP), CX CPUID diff --git a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s index c029ece200..e05d81a0a1 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s +++ b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s @@ -1,8 +1,13 @@ +// Code generated by command: go run asm.go -out vmcheck_amd64.s -arch amd64. DO NOT EDIT. + +// +build gc + #include "textflag.h" -// From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s -// func cpuid_low(arg1, arg2 uint32) (eax, ebx, ecx, edx uint32) +// func cpuid_low(arg1 uint32, arg2 uint32) (eax uint32, ebx uint32, ecx uint32, edx uint32) +// Requires: CPUID TEXT ·cpuid_low(SB), NOSPLIT, $0-24 + // From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s MOVL arg1+0(FP), AX MOVL arg2+4(FP), CX CPUID diff --git a/vendor/modules.txt b/vendor/modules.txt index 7a9a7d8b8f..8b22eaa22a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -121,7 +121,7 @@ github.com/stretchr/testify/assert # github.com/vincent-petithory/dataurl v1.0.0 ## explicit github.com/vincent-petithory/dataurl -# github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728 +# github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3 ## explicit github.com/vmware/vmw-guestinfo/bdoor github.com/vmware/vmw-guestinfo/message