vfork: fix asm on other architectures

criyle · criyle · commit 2ba894ffd175 · 2025-02-22T21:30:33.000Z
doc: update #13
diff --git a/README.md b/README.md
@@ -13,8 +13,9 @@ Notice: Only works on Linux since ptrace, unshare, cgroup are available only on
 ## Build & Install
 
 - install latest go compiler from [golang/download](https://golang.org/dl/)
-- install libseccomp library: (for Ubuntu) `apt install libseccomp-dev`
-- build & install: `go install github.com/criyle/go-sandbox/...`
+- download repository: `git clone githuc.com/criyle/go-sandbox`
+- build: `go build ./cmd/runprog` 
+- or install directly: `go install github.com/criyle/go-sandbox/cmd/runprog@latest`
 
 ## Technologies
 
@@ -45,6 +46,12 @@ Default file access syscall check:
 2. Use Linux Control Groups to limit & acct CPU & memory (eliminated wait4.rusage)
 3. Container tech with execveat memfd, sethostname, setdomainname
 
+### prefork containers
+
+Utilize the linux namespace + cgroup but create container in advance to reduce the duplicated effort of creating mount points. See Pre-forked container protocol and environment for design details.
+
+On kernel >= 5.7 with cgroup v2, the new `clone3(CLONE_INTO_CGROUP)` with `vfork` is available to reduce the resource consumption of create new address spaces as well.
+
 ## Design
 
 ### Result Status
diff --git a/pkg/forkexec/vfork/asm_linux_386.s b/pkg/forkexec/vfork/asm_linux_386.s
@@ -4,6 +4,10 @@
 
 #include "textflag.h"
 
+// See ../runtime/sys_linux_386.s for the reason why we always use int 0x80
+// instead of the glibc-specific "CALL 0x10(GS)".
+#define INVOKE_SYSCALL	INT	$0x80
+
 // func RawVforkSyscall(trap, a1, a2, a3 uintptr) (r1, err uintptr)
 TEXT ·RawVforkSyscall(SB),NOSPLIT|NOFRAME,$0-24
 	MOVL	trap+0(FP), AX	// syscall entry
@@ -22,4 +26,4 @@ TEXT ·RawVforkSyscall(SB),NOSPLIT|NOFRAME,$0-24
 ok:
 	MOVL	AX, r1+16(FP)
 	MOVL	$0, err+20(FP)
-	RET
+	RET
diff --git a/pkg/forkexec/vfork/asm_linux_amd64.s b/pkg/forkexec/vfork/asm_linux_amd64.s
@@ -25,4 +25,4 @@ TEXT ·RawVforkSyscall(SB),NOSPLIT|NOFRAME,$0-48
 ok2:
 	MOVQ	AX, r1+32(FP)
 	MOVQ	$0, err+40(FP)
-	RET
+	RET
diff --git a/pkg/forkexec/vfork/asm_linux_arm.s b/pkg/forkexec/vfork/asm_linux_arm.s
@@ -23,4 +23,4 @@ ok:
 	MOVW	R0, r1+16(FP)
 	MOVW	$0, R0
 	MOVW	R0, err+20(FP)
-	RET
+	RET
