Internal change.

PiperOrigin-RevId: 927390251

Author: gvisor-bot

examples/seccheck/server.cc

@@ -125,6 +125,8 @@ std::vector<Callback> dispatchers = {
     unpackSyscall<::gvisor::syscall::InotifyRmWatch>,
     unpackSyscall<::gvisor::syscall::SocketPair>,
     unpackSyscall<::gvisor::syscall::Write>,
+    nullptr,
+    unpackSyscall<::gvisor::syscall::Select>,
 };
 
 void unpack(absl::string_view buf) {

pkg/sentry/seccheck/points/common.proto

@@ -134,5 +134,6 @@ enum MessageType {
   MESSAGE_SYSCALL_INOTIFY_RM_WATCH = 32;
   MESSAGE_SYSCALL_SOCKETPAIR = 33;
   MESSAGE_SYSCALL_WRITE = 34;
+  MESSAGE_SYSCALL_SELECT = 36;
 }
 // LINT.ThenChange(../../../../examples/seccheck/server.cc)

pkg/sentry/seccheck/points/syscall.proto

@@ -311,3 +311,14 @@ message SocketPair {
   int32 socket1 = 7;
   int32 socket2 = 8;
 }
+
+message Select {
+  gvisor.common.ContextData context_data = 1;
+  Exit exit = 2;
+  uint64 sysno = 3;
+  int64 nfds = 4;
+  repeated int64 read_fds = 5;
+  int64 timeout_ms = 6;
+  int64 write_nfds = 7;
+  int64 except_nfds = 8;
+}

pkg/sentry/syscalls/linux/linux64.go

@@ -65,7 +65,7 @@ var AMD64 = &kernel.SyscallTable{
 		20:  syscalls.SupportedPoint("writev", Writev, PointWritev),
 		21:  syscalls.Supported("access", Access),
 		22:  syscalls.SupportedPoint("pipe", Pipe, PointPipe),
-		23:  syscalls.Supported("select", Select),
+		23:  syscalls.SupportedPoint("select", Select, PointSelect),
 		24:  syscalls.Supported("sched_yield", SchedYield),
 		25:  syscalls.Supported("mremap", Mremap),
 		26:  syscalls.PartiallySupported("msync", Msync, "Full data flush is not guaranteed at this time.", nil),
@@ -312,7 +312,7 @@ var AMD64 = &kernel.SyscallTable{
 		267: syscalls.Supported("readlinkat", Readlinkat),
 		268: syscalls.Supported("fchmodat", Fchmodat),
 		269: syscalls.Supported("faccessat", Faccessat),
-		270: syscalls.Supported("pselect6", Pselect6),
+		270: syscalls.SupportedPoint("pselect6", Pselect6, PointPselect6),
 		271: syscalls.Supported("ppoll", Ppoll),
 		272: syscalls.PartiallySupported("unshare", Unshare, "Time, cgroup namespaces not supported.", nil),
 		273: syscalls.Supported("set_robust_list", SetRobustList),
@@ -494,7 +494,7 @@ var ARM64 = &kernel.SyscallTable{
 		69:  syscalls.SupportedPoint("preadv", Preadv, PointPreadv),
 		70:  syscalls.SupportedPoint("pwritev", Pwritev, PointPwritev),
 		71:  syscalls.Supported("sendfile", Sendfile),
-		72:  syscalls.Supported("pselect6", Pselect6),
+		72:  syscalls.SupportedPoint("pselect6", Pselect6, PointPselect6),
 		73:  syscalls.Supported("ppoll", Ppoll),
 		74:  syscalls.SupportedPoint("signalfd4", Signalfd4, PointSignalfd4),
 		75:  syscalls.ErrorWithEvent("vmsplice", linuxerr.ENOSYS, "", []string{"gvisor.dev/issue/138"}), // TODO(b/29354098)

pkg/sentry/syscalls/linux/points.go

@@ -992,3 +992,126 @@ func PointSocketpair(t *kernel.Task, fields seccheck.FieldSet, cxtData *pb.Conte
 	p.Exit = newExitMaybe(info)
 	return p, pb.MessageType_MESSAGE_SYSCALL_SOCKETPAIR
 }
+
+// PointSelect converts select(2) syscall to proto.
+func PointSelect(t *kernel.Task, fields seccheck.FieldSet, cxtData *pb.ContextData, info kernel.SyscallInfo) (proto.Message, pb.MessageType) {
+	nfds := int(info.Args[0].Int())
+	p := &pb.Select{
+		ContextData: cxtData,
+		Sysno:       uint64(info.Sysno),
+		Nfds:        int64(nfds),
+	}
+
+	if nfds >= 0 && nfds <= fileCap {
+		nBytes := (nfds + 7) / 8
+		nBitsInLastPartialByte := nfds % 8
+
+		if r, err := CopyInFDSet(t, info.Args[1].Pointer(), nBytes, nBitsInLastPartialByte); err == nil {
+			var fd int64
+			for i := 0; i < nBytes; i++ {
+				rV := r[i]
+				m := byte(1)
+				for j := 0; j < 8; j++ {
+					if (rV & m) != 0 {
+						p.ReadFds = append(p.ReadFds, fd)
+					}
+					fd++
+					m <<= 1
+				}
+			}
+		}
+
+		if w, err := CopyInFDSet(t, info.Args[2].Pointer(), nBytes, nBitsInLastPartialByte); err == nil {
+			for i := 0; i < nBytes; i++ {
+				wV := w[i]
+				for wV != 0 {
+					wV &= (wV - 1)
+					p.WriteNfds++
+				}
+			}
+		}
+
+		if e, err := CopyInFDSet(t, info.Args[3].Pointer(), nBytes, nBitsInLastPartialByte); err == nil {
+			for i := 0; i < nBytes; i++ {
+				eV := e[i]
+				for eV != 0 {
+					eV &= (eV - 1)
+					p.ExceptNfds++
+				}
+			}
+		}
+	}
+
+	timeoutMs := int64(-1)
+	if timevalAddr := info.Args[4].Pointer(); timevalAddr != 0 {
+		var timeval linux.Timeval
+		if _, err := timeval.CopyIn(t, timevalAddr); err == nil {
+			if timeval.Sec >= 0 && timeval.Usec >= 0 {
+				timeoutMs = timeval.ToNsecCapped() / 1e6
+			}
+		}
+	}
+	p.TimeoutMs = timeoutMs
+	p.Exit = newExitMaybe(info)
+	return p, pb.MessageType_MESSAGE_SYSCALL_SELECT
+}
+
+// PointPselect6 converts pselect6(2) syscall to proto.
+func PointPselect6(t *kernel.Task, fields seccheck.FieldSet, cxtData *pb.ContextData, info kernel.SyscallInfo) (proto.Message, pb.MessageType) {
+	nfds := int(info.Args[0].Int())
+	p := &pb.Select{
+		ContextData: cxtData,
+		Sysno:       uint64(info.Sysno),
+		Nfds:        int64(nfds),
+	}
+
+	if nfds >= 0 && nfds <= fileCap {
+		nBytes := (nfds + 7) / 8
+		nBitsInLastPartialByte := nfds % 8
+
+		if r, err := CopyInFDSet(t, info.Args[1].Pointer(), nBytes, nBitsInLastPartialByte); err == nil {
+			var fd int64
+			for i := 0; i < nBytes; i++ {
+				rV := r[i]
+				m := byte(1)
+				for j := 0; j < 8; j++ {
+					if (rV & m) != 0 {
+						p.ReadFds = append(p.ReadFds, fd)
+					}
+					fd++
+					m <<= 1
+				}
+			}
+		}
+
+		if w, err := CopyInFDSet(t, info.Args[2].Pointer(), nBytes, nBitsInLastPartialByte); err == nil {
+			for i := 0; i < nBytes; i++ {
+				wV := w[i]
+				for wV != 0 {
+					wV &= (wV - 1)
+					p.WriteNfds++
+				}
+			}
+		}
+
+		if e, err := CopyInFDSet(t, info.Args[3].Pointer(), nBytes, nBitsInLastPartialByte); err == nil {
+			for i := 0; i < nBytes; i++ {
+				eV := e[i]
+				for eV != 0 {
+					eV &= (eV - 1)
+					p.ExceptNfds++
+				}
+			}
+		}
+	}
+
+	timeoutMs := int64(-1)
+	if timespecAddr := info.Args[4].Pointer(); timespecAddr != 0 {
+		if timeout, err := copyTimespecInToDuration(t, timespecAddr); err == nil && timeout >= 0 {
+			timeoutMs = timeout.Milliseconds()
+		}
+	}
+	p.TimeoutMs = timeoutMs
+	p.Exit = newExitMaybe(info)
+	return p, pb.MessageType_MESSAGE_SYSCALL_SELECT
+}