From 6dfb94eaa3bd0fcaa615f58e915f7214ce078beb Mon Sep 17 00:00:00 2001
From: Florian Lehner <dev@der-flo.net>
Date: Fri, 19 Apr 2024 17:00:11 +0200
Subject: [PATCH 01/11] unix: add types for SOCK_DIAG

Change-Id: Ifcc90735b6e42b6c9971d4ba15c31b8169e005fe
Reviewed-on: https://go-review.googlesource.com/c/sys/+/579996
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 unix/linux/types.go   | 31 +++++++++++++++++++++++++++++++
 unix/mkerrors.sh      |  2 ++
 unix/zerrors_linux.go |  4 ++++
 unix/ztypes_linux.go  | 31 +++++++++++++++++++++++++++++++
 4 files changed, 68 insertions(+)

diff --git a/unix/linux/types.go b/unix/linux/types.go
index 2665d5e557..a6f44f4bb1 100644
--- a/unix/linux/types.go
+++ b/unix/linux/types.go
@@ -143,6 +143,7 @@ struct termios2 {
 #include <linux/sched/types.h>
 #undef kernel_sched_param
 #include <linux/shm.h>
+#include <linux/sock_diag.h>
 #include <linux/socket.h>
 #include <linux/stat.h>
 #include <linux/taskstats.h>
@@ -5917,3 +5918,33 @@ const SizeofSchedAttr = C.sizeof_struct_sched_attr
 
 type Cachestat_t C.struct_cachestat
 type CachestatRange C.struct_cachestat_range
+
+// generated by:
+// $ perl -nlE '/^\s*((SK_|SKNLGRP_)\w+)/ && say "$1 = C.$1"' /usr/include/linux/sock_diag.h
+const (
+	SK_MEMINFO_RMEM_ALLOC          = C.SK_MEMINFO_RMEM_ALLOC
+	SK_MEMINFO_RCVBUF              = C.SK_MEMINFO_RCVBUF
+	SK_MEMINFO_WMEM_ALLOC          = C.SK_MEMINFO_WMEM_ALLOC
+	SK_MEMINFO_SNDBUF              = C.SK_MEMINFO_SNDBUF
+	SK_MEMINFO_FWD_ALLOC           = C.SK_MEMINFO_FWD_ALLOC
+	SK_MEMINFO_WMEM_QUEUED         = C.SK_MEMINFO_WMEM_QUEUED
+	SK_MEMINFO_OPTMEM              = C.SK_MEMINFO_OPTMEM
+	SK_MEMINFO_BACKLOG             = C.SK_MEMINFO_BACKLOG
+	SK_MEMINFO_DROPS               = C.SK_MEMINFO_DROPS
+	SK_MEMINFO_VARS                = C.SK_MEMINFO_VARS
+	SKNLGRP_NONE                   = C.SKNLGRP_NONE
+	SKNLGRP_INET_TCP_DESTROY       = C.SKNLGRP_INET_TCP_DESTROY
+	SKNLGRP_INET_UDP_DESTROY       = C.SKNLGRP_INET_UDP_DESTROY
+	SKNLGRP_INET6_TCP_DESTROY      = C.SKNLGRP_INET6_TCP_DESTROY
+	SKNLGRP_INET6_UDP_DESTROY      = C.SKNLGRP_INET6_UDP_DESTROY
+	SK_DIAG_BPF_STORAGE_REQ_NONE   = C.SK_DIAG_BPF_STORAGE_REQ_NONE
+	SK_DIAG_BPF_STORAGE_REQ_MAP_FD = C.SK_DIAG_BPF_STORAGE_REQ_MAP_FD
+	SK_DIAG_BPF_STORAGE_REP_NONE   = C.SK_DIAG_BPF_STORAGE_REP_NONE
+	SK_DIAG_BPF_STORAGE            = C.SK_DIAG_BPF_STORAGE
+	SK_DIAG_BPF_STORAGE_NONE       = C.SK_DIAG_BPF_STORAGE_NONE
+	SK_DIAG_BPF_STORAGE_PAD        = C.SK_DIAG_BPF_STORAGE_PAD
+	SK_DIAG_BPF_STORAGE_MAP_ID     = C.SK_DIAG_BPF_STORAGE_MAP_ID
+	SK_DIAG_BPF_STORAGE_MAP_VALUE  = C.SK_DIAG_BPF_STORAGE_MAP_VALUE
+)
+
+type SockDiagReq C.struct_sock_diag_req
diff --git a/unix/mkerrors.sh b/unix/mkerrors.sh
index fdcaa974d2..4ed2e488b6 100755
--- a/unix/mkerrors.sh
+++ b/unix/mkerrors.sh
@@ -263,6 +263,7 @@ struct ltchars {
 #include <linux/sched.h>
 #include <linux/seccomp.h>
 #include <linux/serial.h>
+#include <linux/sock_diag.h>
 #include <linux/sockios.h>
 #include <linux/taskstats.h>
 #include <linux/tipc.h>
@@ -549,6 +550,7 @@ ccflags="$@"
 		$2 !~ "NLA_TYPE_MASK" &&
 		$2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ &&
 		$2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ ||
+		$2 ~ /^SOCK_|SK_DIAG_|SKNLGRP_$/ ||
 		$2 ~ /^FIORDCHK$/ ||
 		$2 ~ /^SIOC/ ||
 		$2 ~ /^TIOC/ ||
diff --git a/unix/zerrors_linux.go b/unix/zerrors_linux.go
index 93a38a97d9..f9dde70ef2 100644
--- a/unix/zerrors_linux.go
+++ b/unix/zerrors_linux.go
@@ -3051,6 +3051,8 @@ const (
 	SIOCSMIIREG                                 = 0x8949
 	SIOCSRARP                                   = 0x8962
 	SIOCWANDEV                                  = 0x894a
+	SK_DIAG_BPF_STORAGE_MAX                     = 0x3
+	SK_DIAG_BPF_STORAGE_REQ_MAX                 = 0x1
 	SMACK_MAGIC                                 = 0x43415d53
 	SMART_AUTOSAVE                              = 0xd2
 	SMART_AUTO_OFFLINE                          = 0xdb
@@ -3071,6 +3073,8 @@ const (
 	SOCKFS_MAGIC                                = 0x534f434b
 	SOCK_BUF_LOCK_MASK                          = 0x3
 	SOCK_DCCP                                   = 0x6
+	SOCK_DESTROY                                = 0x15
+	SOCK_DIAG_BY_FAMILY                         = 0x14
 	SOCK_IOC_TYPE                               = 0x89
 	SOCK_PACKET                                 = 0xa
 	SOCK_RAW                                    = 0x3
diff --git a/unix/ztypes_linux.go b/unix/ztypes_linux.go
index 0036746ea1..d4e476b7e2 100644
--- a/unix/ztypes_linux.go
+++ b/unix/ztypes_linux.go
@@ -6001,3 +6001,34 @@ type CachestatRange struct {
 	Off uint64
 	Len uint64
 }
+
+const (
+	SK_MEMINFO_RMEM_ALLOC          = 0x0
+	SK_MEMINFO_RCVBUF              = 0x1
+	SK_MEMINFO_WMEM_ALLOC          = 0x2
+	SK_MEMINFO_SNDBUF              = 0x3
+	SK_MEMINFO_FWD_ALLOC           = 0x4
+	SK_MEMINFO_WMEM_QUEUED         = 0x5
+	SK_MEMINFO_OPTMEM              = 0x6
+	SK_MEMINFO_BACKLOG             = 0x7
+	SK_MEMINFO_DROPS               = 0x8
+	SK_MEMINFO_VARS                = 0x9
+	SKNLGRP_NONE                   = 0x0
+	SKNLGRP_INET_TCP_DESTROY       = 0x1
+	SKNLGRP_INET_UDP_DESTROY       = 0x2
+	SKNLGRP_INET6_TCP_DESTROY      = 0x3
+	SKNLGRP_INET6_UDP_DESTROY      = 0x4
+	SK_DIAG_BPF_STORAGE_REQ_NONE   = 0x0
+	SK_DIAG_BPF_STORAGE_REQ_MAP_FD = 0x1
+	SK_DIAG_BPF_STORAGE_REP_NONE   = 0x0
+	SK_DIAG_BPF_STORAGE            = 0x1
+	SK_DIAG_BPF_STORAGE_NONE       = 0x0
+	SK_DIAG_BPF_STORAGE_PAD        = 0x1
+	SK_DIAG_BPF_STORAGE_MAP_ID     = 0x2
+	SK_DIAG_BPF_STORAGE_MAP_VALUE  = 0x3
+)
+
+type SockDiagReq struct {
+	Family   uint8
+	Protocol uint8
+}

From f34bb9fccc5017bce03e0a0446cc145e8424054b Mon Sep 17 00:00:00 2001
From: JoeyShapiro <joeyashapiro@gmail.com>
Date: Sun, 5 May 2024 01:47:56 +0000
Subject: [PATCH 02/11] windows: add net user enum

In the go windows package, you can get user information by using
`NetUserGetInfo` along with a specified level. However, there is
no way to get a list of the users.
The only options are to
1. know the users,
2. brute force users, or
3. use an external tool or command (`net users`).

I suggest adding a function that implements the windows api for
`NetUserEnum`. This will allow a built in way to enumerate
users and follow the standard.

A side note is that I used `buf **byte` because
it is how the others are done, but using `buf *byte`
works just as well.

Change-Id: Ifcc916659eb1d796175cd18acd2e81f2661bfcd2
GitHub-Last-Rev: 3d01bca920d95280311d47b8e6a9b91d472bea98
GitHub-Pull-Request: golang/sys#190
Reviewed-on: https://go-review.googlesource.com/c/sys/+/578475
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Auto-Submit: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 windows/security_windows.go | 1 +
 windows/zsyscall_windows.go | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/windows/security_windows.go b/windows/security_windows.go
index 26be94a8a7..6f7d2ac70a 100644
--- a/windows/security_windows.go
+++ b/windows/security_windows.go
@@ -68,6 +68,7 @@ type UserInfo10 struct {
 //sys	NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) = netapi32.NetUserGetInfo
 //sys	NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) = netapi32.NetGetJoinInformation
 //sys	NetApiBufferFree(buf *byte) (neterr error) = netapi32.NetApiBufferFree
+//sys   NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) = netapi32.NetUserEnum
 
 const (
 	// do not reorder
diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go
index 5c6035ddfa..9f73df75b5 100644
--- a/windows/zsyscall_windows.go
+++ b/windows/zsyscall_windows.go
@@ -401,6 +401,7 @@ var (
 	procTransmitFile                                         = modmswsock.NewProc("TransmitFile")
 	procNetApiBufferFree                                     = modnetapi32.NewProc("NetApiBufferFree")
 	procNetGetJoinInformation                                = modnetapi32.NewProc("NetGetJoinInformation")
+	procNetUserEnum                                          = modnetapi32.NewProc("NetUserEnum")
 	procNetUserGetInfo                                       = modnetapi32.NewProc("NetUserGetInfo")
 	procNtCreateFile                                         = modntdll.NewProc("NtCreateFile")
 	procNtCreateNamedPipeFile                                = modntdll.NewProc("NtCreateNamedPipeFile")
@@ -3486,6 +3487,14 @@ func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (nete
 	return
 }
 
+func NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) {
+	r0, _, _ := syscall.Syscall9(procNetUserEnum.Addr(), 8, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(buf)), uintptr(prefMaxLen), uintptr(unsafe.Pointer(entriesRead)), uintptr(unsafe.Pointer(totalEntries)), uintptr(unsafe.Pointer(resumeHandle)), 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
 func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) {
 	r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0)
 	if r0 != 0 {

From 92f3ad6e7f2c62ef8e7c26906fdb3b67419566ac Mon Sep 17 00:00:00 2001
From: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Date: Mon, 13 May 2024 12:14:06 +0000
Subject: [PATCH 03/11] unix: update to Linux kernel 6.9

Change-Id: Ib7bd9dabfcb8234c522ec357d32bfa3e87af53db
GitHub-Last-Rev: 4bea20522264580bf69a715da426ebc80f29ae52
GitHub-Pull-Request: golang/sys#194
Reviewed-on: https://go-review.googlesource.com/c/sys/+/585135
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
---
 unix/linux/Dockerfile       |  4 ++--
 unix/zerrors_linux.go       | 10 ++++++++--
 unix/zerrors_linux_arm64.go |  1 +
 unix/ztypes_linux.go        |  6 +++---
 4 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/unix/linux/Dockerfile b/unix/linux/Dockerfile
index 3833f8c170..456577b2d6 100644
--- a/unix/linux/Dockerfile
+++ b/unix/linux/Dockerfile
@@ -15,8 +15,8 @@ RUN apt-get update && apt-get install -y  --no-install-recommends \
 # Get the git sources. If not cached, this takes O(5 minutes).
 WORKDIR /git
 RUN git config --global advice.detachedHead false
-# Linux Kernel: Released 10 March 2024
-RUN git clone --branch v6.8 --depth 1 https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
+# Linux Kernel: Released 12 May 2024
+RUN git clone --branch v6.9 --depth 1 https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
 # GNU C library: Released 1 Feb 2023
 RUN git clone --branch release/2.37/master --depth 1 https://sourceware.org/git/glibc.git
 
diff --git a/unix/zerrors_linux.go b/unix/zerrors_linux.go
index f9dde70ef2..0e1dadb99b 100644
--- a/unix/zerrors_linux.go
+++ b/unix/zerrors_linux.go
@@ -502,6 +502,7 @@ const (
 	BPF_IMM                                     = 0x0
 	BPF_IND                                     = 0x40
 	BPF_JA                                      = 0x0
+	BPF_JCOND                                   = 0xe0
 	BPF_JEQ                                     = 0x10
 	BPF_JGE                                     = 0x30
 	BPF_JGT                                     = 0x20
@@ -657,6 +658,9 @@ const (
 	CAN_NPROTO                                  = 0x8
 	CAN_RAW                                     = 0x1
 	CAN_RAW_FILTER_MAX                          = 0x200
+	CAN_RAW_XL_VCID_RX_FILTER                   = 0x4
+	CAN_RAW_XL_VCID_TX_PASS                     = 0x2
+	CAN_RAW_XL_VCID_TX_SET                      = 0x1
 	CAN_RTR_FLAG                                = 0x40000000
 	CAN_SFF_ID_BITS                             = 0xb
 	CAN_SFF_MASK                                = 0x7ff
@@ -2169,7 +2173,7 @@ const (
 	NFT_SECMARK_CTX_MAXLEN                      = 0x100
 	NFT_SET_MAXNAMELEN                          = 0x100
 	NFT_SOCKET_MAX                              = 0x3
-	NFT_TABLE_F_MASK                            = 0x3
+	NFT_TABLE_F_MASK                            = 0x7
 	NFT_TABLE_MAXNAMELEN                        = 0x100
 	NFT_TRACETYPE_MAX                           = 0x3
 	NFT_TUNNEL_F_MASK                           = 0x7
@@ -2403,6 +2407,7 @@ const (
 	PERF_RECORD_MISC_USER                       = 0x2
 	PERF_SAMPLE_BRANCH_PLM_ALL                  = 0x7
 	PERF_SAMPLE_WEIGHT_TYPE                     = 0x1004000
+	PID_FS_MAGIC                                = 0x50494446
 	PIPEFS_MAGIC                                = 0x50495045
 	PPPIOCGNPMODE                               = 0xc008744c
 	PPPIOCNEWUNIT                               = 0xc004743e
@@ -2896,8 +2901,9 @@ const (
 	RWF_APPEND                                  = 0x10
 	RWF_DSYNC                                   = 0x2
 	RWF_HIPRI                                   = 0x1
+	RWF_NOAPPEND                                = 0x20
 	RWF_NOWAIT                                  = 0x8
-	RWF_SUPPORTED                               = 0x1f
+	RWF_SUPPORTED                               = 0x3f
 	RWF_SYNC                                    = 0x4
 	RWF_WRITE_LIFE_NOT_SET                      = 0x0
 	SCHED_BATCH                                 = 0x3
diff --git a/unix/zerrors_linux_arm64.go b/unix/zerrors_linux_arm64.go
index d8cae6d153..14270508b0 100644
--- a/unix/zerrors_linux_arm64.go
+++ b/unix/zerrors_linux_arm64.go
@@ -87,6 +87,7 @@ const (
 	FICLONE                          = 0x40049409
 	FICLONERANGE                     = 0x4020940d
 	FLUSHO                           = 0x1000
+	FPMR_MAGIC                       = 0x46504d52
 	FPSIMD_MAGIC                     = 0x46508001
 	FS_IOC_ENABLE_VERITY             = 0x40806685
 	FS_IOC_GETFLAGS                  = 0x80086601
diff --git a/unix/ztypes_linux.go b/unix/ztypes_linux.go
index d4e476b7e2..4740b83485 100644
--- a/unix/ztypes_linux.go
+++ b/unix/ztypes_linux.go
@@ -4605,7 +4605,7 @@ const (
 	NL80211_ATTR_MAC_HINT                                   = 0xc8
 	NL80211_ATTR_MAC_MASK                                   = 0xd7
 	NL80211_ATTR_MAX_AP_ASSOC_STA                           = 0xca
-	NL80211_ATTR_MAX                                        = 0x149
+	NL80211_ATTR_MAX                                        = 0x14a
 	NL80211_ATTR_MAX_CRIT_PROT_DURATION                     = 0xb4
 	NL80211_ATTR_MAX_CSA_COUNTERS                           = 0xce
 	NL80211_ATTR_MAX_MATCH_SETS                             = 0x85
@@ -5209,7 +5209,7 @@ const (
 	NL80211_FREQUENCY_ATTR_GO_CONCURRENT                    = 0xf
 	NL80211_FREQUENCY_ATTR_INDOOR_ONLY                      = 0xe
 	NL80211_FREQUENCY_ATTR_IR_CONCURRENT                    = 0xf
-	NL80211_FREQUENCY_ATTR_MAX                              = 0x1f
+	NL80211_FREQUENCY_ATTR_MAX                              = 0x20
 	NL80211_FREQUENCY_ATTR_MAX_TX_POWER                     = 0x6
 	NL80211_FREQUENCY_ATTR_NO_10MHZ                         = 0x11
 	NL80211_FREQUENCY_ATTR_NO_160MHZ                        = 0xc
@@ -5703,7 +5703,7 @@ const (
 	NL80211_STA_FLAG_ASSOCIATED                             = 0x7
 	NL80211_STA_FLAG_AUTHENTICATED                          = 0x5
 	NL80211_STA_FLAG_AUTHORIZED                             = 0x1
-	NL80211_STA_FLAG_MAX                                    = 0x7
+	NL80211_STA_FLAG_MAX                                    = 0x8
 	NL80211_STA_FLAG_MAX_OLD_API                            = 0x6
 	NL80211_STA_FLAG_MFP                                    = 0x4
 	NL80211_STA_FLAG_SHORT_PREAMBLE                         = 0x2

From 6943ab67c485d110829e8c77c3a46235a07d73b9 Mon Sep 17 00:00:00 2001
From: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Date: Mon, 13 May 2024 22:05:48 +0000
Subject: [PATCH 04/11] unix/linux: update glibc to 2.39

Change-Id: I5c2b996180073ca10f1b7c86201a19eaf0557e43
GitHub-Last-Rev: a092f56935c2d7fb64fc9d3922806b2e9e40e143
GitHub-Pull-Request: golang/sys#195
Reviewed-on: https://go-review.googlesource.com/c/sys/+/585136
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 unix/linux/Dockerfile       |  4 ++--
 unix/linux/mkall.go         | 14 ++++++++++++++
 unix/zerrors_linux.go       |  6 ++++++
 unix/zerrors_linux_386.go   |  1 +
 unix/zerrors_linux_amd64.go |  1 +
 5 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/unix/linux/Dockerfile b/unix/linux/Dockerfile
index 456577b2d6..24114d54f9 100644
--- a/unix/linux/Dockerfile
+++ b/unix/linux/Dockerfile
@@ -17,8 +17,8 @@ WORKDIR /git
 RUN git config --global advice.detachedHead false
 # Linux Kernel: Released 12 May 2024
 RUN git clone --branch v6.9 --depth 1 https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
-# GNU C library: Released 1 Feb 2023
-RUN git clone --branch release/2.37/master --depth 1 https://sourceware.org/git/glibc.git
+# GNU C library: Released 31 Jan 2024
+RUN git clone --branch release/2.39/master --depth 1 https://sourceware.org/git/glibc.git
 
 # Get Go
 ENV GOLANG_VERSION 1.21.0
diff --git a/unix/linux/mkall.go b/unix/linux/mkall.go
index 70d8cd8f2e..ae159148b2 100644
--- a/unix/linux/mkall.go
+++ b/unix/linux/mkall.go
@@ -417,6 +417,20 @@ func (t *target) makeHeaders() error {
 	} else {
 		glibcArgs = append(glibcArgs, "--enable-kernel="+MinKernel)
 	}
+
+	// CET is not supported on x86 but glibc 2.39 enables it by default, it was later reverted.
+	// See https://sourceware.org/git/?p=glibc.git;a=commit;h=25f1e16ef03a6a8fb1701c4647d46c564480d88c
+	if t.LinuxArch == "x86" {
+		glibcArgs = append(glibcArgs, "--enable-cet=no")
+	}
+
+	// glibc 2.38 requires libmvec to be disabled explicitly in aarch64
+	// since the installed compiler does not have SVE ACLE.
+	// See https://sourceware.org/pipermail/libc-alpha/2023-May/147829.html
+	if t.LinuxArch == "arm64" {
+		glibcArgs = append(glibcArgs, "--disable-mathvec")
+	}
+
 	glibcConf := t.makeCommand(confScript, glibcArgs...)
 
 	glibcConf.Dir = buildDir
diff --git a/unix/zerrors_linux.go b/unix/zerrors_linux.go
index 0e1dadb99b..877a62b479 100644
--- a/unix/zerrors_linux.go
+++ b/unix/zerrors_linux.go
@@ -1343,6 +1343,7 @@ const (
 	F_OFD_SETLK                                 = 0x25
 	F_OFD_SETLKW                                = 0x26
 	F_OK                                        = 0x0
+	F_SEAL_EXEC                                 = 0x20
 	F_SEAL_FUTURE_WRITE                         = 0x10
 	F_SEAL_GROW                                 = 0x4
 	F_SEAL_SEAL                                 = 0x1
@@ -1631,6 +1632,7 @@ const (
 	IP_FREEBIND                                 = 0xf
 	IP_HDRINCL                                  = 0x3
 	IP_IPSEC_POLICY                             = 0x10
+	IP_LOCAL_PORT_RANGE                         = 0x33
 	IP_MAXPACKET                                = 0xffff
 	IP_MAX_MEMBERSHIPS                          = 0x14
 	IP_MF                                       = 0x2000
@@ -1657,6 +1659,7 @@ const (
 	IP_PMTUDISC_OMIT                            = 0x5
 	IP_PMTUDISC_PROBE                           = 0x3
 	IP_PMTUDISC_WANT                            = 0x1
+	IP_PROTOCOL                                 = 0x34
 	IP_RECVERR                                  = 0xb
 	IP_RECVERR_RFC4884                          = 0x1a
 	IP_RECVFRAGSIZE                             = 0x19
@@ -2924,7 +2927,9 @@ const (
 	SCHED_RESET_ON_FORK                         = 0x40000000
 	SCHED_RR                                    = 0x2
 	SCM_CREDENTIALS                             = 0x2
+	SCM_PIDFD                                   = 0x4
 	SCM_RIGHTS                                  = 0x1
+	SCM_SECURITY                                = 0x3
 	SCM_TIMESTAMP                               = 0x1d
 	SC_LOG_FLUSH                                = 0x100000
 	SECCOMP_ADDFD_FLAG_SEND                     = 0x2
@@ -3270,6 +3275,7 @@ const (
 	TCP_MAX_WINSHIFT                            = 0xe
 	TCP_MD5SIG                                  = 0xe
 	TCP_MD5SIG_EXT                              = 0x20
+	TCP_MD5SIG_FLAG_IFINDEX                     = 0x2
 	TCP_MD5SIG_FLAG_PREFIX                      = 0x1
 	TCP_MD5SIG_MAXKEYLEN                        = 0x50
 	TCP_MSS                                     = 0x200
diff --git a/unix/zerrors_linux_386.go b/unix/zerrors_linux_386.go
index 42ff8c3c1b..e4bc0bd57c 100644
--- a/unix/zerrors_linux_386.go
+++ b/unix/zerrors_linux_386.go
@@ -118,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	MAP_32BIT                        = 0x40
+	MAP_ABOVE4G                      = 0x80
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
 	MAP_DENYWRITE                    = 0x800
diff --git a/unix/zerrors_linux_amd64.go b/unix/zerrors_linux_amd64.go
index dca436004f..689317afdb 100644
--- a/unix/zerrors_linux_amd64.go
+++ b/unix/zerrors_linux_amd64.go
@@ -118,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	MAP_32BIT                        = 0x40
+	MAP_ABOVE4G                      = 0x80
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
 	MAP_DENYWRITE                    = 0x800

From 673e0f94c16da4b6d7f550d6af66fde0c69503e4 Mon Sep 17 00:00:00 2001
From: Meng Zhuo <mzh@golangcn.org>
Date: Fri, 17 May 2024 20:37:01 +0800
Subject: [PATCH 05/11] unix: skip ethtool driver test for busy interface

This CL skips IoctlGetEthtoolDrvinfo on busy interface tests since
ethtool getting the same result too.

Fixes golang/go#67350

Change-Id: Ia65678e3caab8a9dd42b9cdb8e4cb7f7f0b476da
Reviewed-on: https://go-review.googlesource.com/c/sys/+/586435
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 unix/syscall_linux_test.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/unix/syscall_linux_test.go b/unix/syscall_linux_test.go
index 2a92419d3e..69c42b5ddc 100644
--- a/unix/syscall_linux_test.go
+++ b/unix/syscall_linux_test.go
@@ -54,6 +54,12 @@ func TestIoctlGetEthtoolDrvinfo(t *testing.T) {
 				continue
 			}
 
+			if err == unix.EBUSY {
+				// See https://go.dev/issues/67350
+				t.Logf("%s: ethtool driver busy, possible kernel bug", ifi.Name)
+				continue
+			}
+
 			t.Fatalf("failed to get ethtool driver info for %q: %v", ifi.Name, err)
 		}
 

From 348425aa18d7aba1101fc962319ecb7f07879fe2 Mon Sep 17 00:00:00 2001
From: Alex Brainman <alex.brainman@gmail.com>
Date: Sat, 8 Jun 2024 17:11:21 +1000
Subject: [PATCH 06/11] windows/svc: do not pass theService to
 windows.RegisterServiceCtrlHandlerEx

windows.RegisterServiceCtrlHandlerEx context parameter is uintptr, so it
is unsafe to pass pointers in that parameter. Use theService global
variable in ctlHandler function instead.

Fixes golang/go#67437

Change-Id: I84c910eaa354603c2a5114421cd61788cb40b86f
Reviewed-on: https://go-review.googlesource.com/c/sys/+/591475
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
---
 windows/svc/service.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/svc/service.go b/windows/svc/service.go
index c96932d962..c4f74924dd 100644
--- a/windows/svc/service.go
+++ b/windows/svc/service.go
@@ -199,9 +199,8 @@ var (
 )
 
 func ctlHandler(ctl, evtype, evdata, context uintptr) uintptr {
-	s := (*service)(unsafe.Pointer(context))
 	e := ctlEvent{cmd: Cmd(ctl), eventType: uint32(evtype), eventData: evdata, context: 123456} // Set context to 123456 to test issue #25660.
-	s.c <- e
+	theService.c <- e
 	return 0
 }
 
@@ -210,7 +209,7 @@ var theService service // This is, unfortunately, a global, which means only one
 // serviceMain is the entry point called by the service manager, registered earlier by
 // the call to StartServiceCtrlDispatcher.
 func serviceMain(argc uint32, argv **uint16) uintptr {
-	handle, err := windows.RegisterServiceCtrlHandlerEx(windows.StringToUTF16Ptr(theService.name), ctlHandlerCallback, uintptr(unsafe.Pointer(&theService)))
+	handle, err := windows.RegisterServiceCtrlHandlerEx(windows.StringToUTF16Ptr(theService.name), ctlHandlerCallback, 0)
 	if sysErr, ok := err.(windows.Errno); ok {
 		return uintptr(sysErr)
 	} else if err != nil {

From 76700875dfcc135287c18189252576117307b695 Mon Sep 17 00:00:00 2001
From: Claudiu Belu <cbelu@cloudbasesolutions.com>
Date: Mon, 17 Jun 2024 15:20:23 +0000
Subject: [PATCH 07/11] windows: add GetAce Windows API

GetAce obtains a pointer to an access control entry (ACE) in an
discretionary access control list (DACL), which controls access to
an object.

Adds the ACE_HEADER and ACCESS_ALLOWED_ACE structs.
Adds GetEntriesFromACL function which returns an array of ACEs from the
given ACL if no errors have been encountered.

References:

- https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
- https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace
- https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-getace

Fixes golang/go#66850

Change-Id: I98306ff7e947e586a58d563d364169a2555492f4
GitHub-Last-Rev: d14ca7fb0b8103294fd7c09ee3469ff6f9556508
GitHub-Pull-Request: golang/sys#191
Reviewed-on: https://go-review.googlesource.com/c/sys/+/578976
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
---
 windows/security_windows.go     |  24 ++++-
 windows/syscall_windows_test.go | 162 ++++++++++++++++++++++++++++++++
 windows/zsyscall_windows.go     |   9 ++
 3 files changed, 194 insertions(+), 1 deletion(-)

diff --git a/windows/security_windows.go b/windows/security_windows.go
index 6f7d2ac70a..97651b5bd0 100644
--- a/windows/security_windows.go
+++ b/windows/security_windows.go
@@ -894,7 +894,7 @@ type ACL struct {
 	aclRevision byte
 	sbz1        byte
 	aclSize     uint16
-	aceCount    uint16
+	AceCount    uint16
 	sbz2        uint16
 }
 
@@ -1087,6 +1087,27 @@ type EXPLICIT_ACCESS struct {
 	Trustee           TRUSTEE
 }
 
+// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
+type ACE_HEADER struct {
+	AceType  uint8
+	AceFlags uint8
+	AceSize  uint16
+}
+
+// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace
+type ACCESS_ALLOWED_ACE struct {
+	Header   ACE_HEADER
+	Mask     ACCESS_MASK
+	SidStart uint32
+}
+
+const (
+	// Constants for AceType
+	// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
+	ACCESS_ALLOWED_ACE_TYPE = 0
+	ACCESS_DENIED_ACE_TYPE  = 1
+)
+
 // This type is the union inside of TRUSTEE and must be created using one of the TrusteeValueFrom* functions.
 type TrusteeValue uintptr
 
@@ -1158,6 +1179,7 @@ type OBJECTS_AND_NAME struct {
 //sys	makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) = advapi32.MakeSelfRelativeSD
 
 //sys	setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) = advapi32.SetEntriesInAclW
+//sys	GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) = advapi32.GetAce
 
 // Control returns the security descriptor control bits.
 func (sd *SECURITY_DESCRIPTOR) Control() (control SECURITY_DESCRIPTOR_CONTROL, revision uint32, err error) {
diff --git a/windows/syscall_windows_test.go b/windows/syscall_windows_test.go
index 6658379070..7708154115 100644
--- a/windows/syscall_windows_test.go
+++ b/windows/syscall_windows_test.go
@@ -359,6 +359,168 @@ func TestBuildSecurityDescriptor(t *testing.T) {
 	}
 }
 
+// getEntriesFromACL returns a list of explicit access control entries associated with the given ACL.
+func getEntriesFromACL(acl *windows.ACL) (aces []*windows.ACCESS_ALLOWED_ACE, err error) {
+	aces = make([]*windows.ACCESS_ALLOWED_ACE, acl.AceCount)
+
+	for i := uint16(0); i < acl.AceCount; i++ {
+		err = windows.GetAce(acl, uint32(i), &aces[i])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return aces, nil
+}
+
+func TestGetACEsFromACL(t *testing.T) {
+	// Create a temporary file to set ACLs on and test getting the ACEs from the ACL.
+	f, err := os.CreateTemp("", "foo.lish")
+	defer os.Remove(f.Name())
+
+	if err = f.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	// Well-known SID Strings:
+	// https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
+	ownerSid, err := windows.StringToSid("S-1-3-2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	groupSid, err := windows.StringToSid("S-1-3-3")
+	if err != nil {
+		t.Fatal(err)
+	}
+	worldSid, err := windows.StringToSid("S-1-1-0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ownerPermissions := windows.ACCESS_MASK(windows.GENERIC_ALL)
+	groupPermissions := windows.ACCESS_MASK(windows.GENERIC_READ | windows.GENERIC_EXECUTE)
+	worldPermissions := windows.ACCESS_MASK(windows.GENERIC_READ)
+
+	access := []windows.EXPLICIT_ACCESS{
+		{
+			AccessPermissions: ownerPermissions,
+			AccessMode:        windows.GRANT_ACCESS,
+			Trustee: windows.TRUSTEE{
+				TrusteeForm:  windows.TRUSTEE_IS_SID,
+				TrusteeValue: windows.TrusteeValueFromSID(ownerSid),
+			},
+		},
+		{
+			AccessPermissions: groupPermissions,
+			AccessMode:        windows.GRANT_ACCESS,
+			Trustee: windows.TRUSTEE{
+				TrusteeForm:  windows.TRUSTEE_IS_SID,
+				TrusteeType:  windows.TRUSTEE_IS_GROUP,
+				TrusteeValue: windows.TrusteeValueFromSID(groupSid),
+			},
+		},
+		{
+			AccessPermissions: worldPermissions,
+			AccessMode:        windows.GRANT_ACCESS,
+			Trustee: windows.TRUSTEE{
+				TrusteeForm:  windows.TRUSTEE_IS_SID,
+				TrusteeType:  windows.TRUSTEE_IS_GROUP,
+				TrusteeValue: windows.TrusteeValueFromSID(worldSid),
+			},
+		},
+	}
+
+	acl, err := windows.ACLFromEntries(access, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Set new ACL.
+	err = windows.SetNamedSecurityInfo(
+		f.Name(),
+		windows.SE_FILE_OBJECT,
+		windows.DACL_SECURITY_INFORMATION|windows.PROTECTED_DACL_SECURITY_INFORMATION,
+		nil,
+		nil,
+		acl,
+		nil,
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	descriptor, err := windows.GetNamedSecurityInfo(
+		f.Name(),
+		windows.SE_FILE_OBJECT,
+		windows.DACL_SECURITY_INFORMATION|windows.PROTECTED_DACL_SECURITY_INFORMATION|windows.OWNER_SECURITY_INFORMATION|windows.GROUP_SECURITY_INFORMATION,
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	dacl, _, err := descriptor.DACL()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	owner, _, err := descriptor.Owner()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	group, _, err := descriptor.Group()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	entries, err := getEntriesFromACL(dacl)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(entries) != 3 {
+		t.Fatalf("Expected newly set ACL to only have 3 entries.")
+	}
+
+	// https://docs.microsoft.com/en-us/windows/win32/fileio/file-access-rights-constants
+	read := uint32(windows.FILE_READ_DATA | windows.FILE_READ_ATTRIBUTES)
+	write := uint32(windows.FILE_WRITE_DATA | windows.FILE_APPEND_DATA | windows.FILE_WRITE_ATTRIBUTES | windows.FILE_WRITE_EA)
+	execute := uint32(windows.FILE_READ_DATA | windows.FILE_EXECUTE)
+
+	// Check the set ACEs. We should have the equivalent of 754.
+	for _, entry := range entries {
+		mask := uint32(entry.Mask)
+		actual := 0
+
+		if mask&read == read {
+			actual |= 4
+		}
+		if mask&write == write {
+			actual |= 2
+		}
+		if mask&execute == execute {
+			actual |= 1
+		}
+
+		entrySid := (*windows.SID)(unsafe.Pointer(&entry.SidStart))
+		if owner.Equals(entrySid) {
+			if actual != 7 {
+				t.Fatalf("Expected owner to have FullAccess permissions.")
+			}
+		} else if group.Equals(entrySid) {
+			if actual != 5 {
+				t.Fatalf("Expected group to have only Read and Execute permissions.")
+			}
+		} else if worldSid.Equals(entrySid) {
+			if actual != 4 {
+				t.Fatalf("Expected the World to have only Read permissions.")
+			}
+		} else {
+			t.Fatalf("Unexpected SID in ACEs: %s", entrySid.String())
+		}
+	}
+}
+
 func TestGetDiskFreeSpaceEx(t *testing.T) {
 	cwd, err := windows.UTF16PtrFromString(".")
 	if err != nil {
diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go
index 9f73df75b5..eba761018a 100644
--- a/windows/zsyscall_windows.go
+++ b/windows/zsyscall_windows.go
@@ -91,6 +91,7 @@ var (
 	procEnumServicesStatusExW                                = modadvapi32.NewProc("EnumServicesStatusExW")
 	procEqualSid                                             = modadvapi32.NewProc("EqualSid")
 	procFreeSid                                              = modadvapi32.NewProc("FreeSid")
+	procGetAce                                               = modadvapi32.NewProc("GetAce")
 	procGetLengthSid                                         = modadvapi32.NewProc("GetLengthSid")
 	procGetNamedSecurityInfoW                                = modadvapi32.NewProc("GetNamedSecurityInfoW")
 	procGetSecurityDescriptorControl                         = modadvapi32.NewProc("GetSecurityDescriptorControl")
@@ -1224,6 +1225,14 @@ func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCE
 	return
 }
 
+func GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) {
+	r0, _, _ := syscall.Syscall(procGetAce.Addr(), 3, uintptr(unsafe.Pointer(acl)), uintptr(aceIndex), uintptr(unsafe.Pointer(pAce)))
+	if r0 == 0 {
+		ret = GetLastError()
+	}
+	return
+}
+
 func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor)))
 	if r1 == 0 {

From daa239428c2d61fe52eab0fce9e8d0921c9dbbed Mon Sep 17 00:00:00 2001
From: Nuno Cruces <ncruces@users.noreply.github.com>
Date: Tue, 25 Jun 2024 00:35:40 +0000
Subject: [PATCH 08/11] unix: add unsafe mmap, munmap, mremap

Fixes golang/go#56123

Change-Id: I63a7a6fb3a5b1bb556ac19d76a1e0b04a03ebcfa
GitHub-Last-Rev: 39dbc8e308807bd07863b6f5a49bcdcf506bc0e7
GitHub-Pull-Request: golang/sys#197
Reviewed-on: https://go-review.googlesource.com/c/sys/+/592415
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
---
 unix/mmap_unix_test.go | 23 +++++++++++++++++++++++
 unix/mremap.go         |  5 +++++
 unix/mremap_test.go    | 30 ++++++++++++++++++++++++++++++
 unix/syscall_unix.go   |  9 +++++++++
 4 files changed, 67 insertions(+)

diff --git a/unix/mmap_unix_test.go b/unix/mmap_unix_test.go
index a60a0f62b9..eb146059cc 100644
--- a/unix/mmap_unix_test.go
+++ b/unix/mmap_unix_test.go
@@ -9,6 +9,7 @@ package unix_test
 import (
 	"runtime"
 	"testing"
+	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -49,3 +50,25 @@ func TestMmap(t *testing.T) {
 		t.Fatalf("Munmap: %v", err)
 	}
 }
+
+func TestMmapPtr(t *testing.T) {
+	mmapProt := unix.PROT_NONE
+	mmapPtrProt := unix.PROT_READ | unix.PROT_WRITE
+	b, err := unix.Mmap(-1, 0, 2*unix.Getpagesize(), mmapProt, unix.MAP_ANON|unix.MAP_PRIVATE)
+	if err != nil {
+		t.Fatalf("Mmap: %v", err)
+	}
+	if _, err := unix.MmapPtr(-1, 0, unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize()),
+		mmapPtrProt, unix.MAP_ANON|unix.MAP_PRIVATE|unix.MAP_FIXED); err != nil {
+		t.Fatalf("MmapPtr: %v", err)
+	}
+
+	b[0] = 42
+
+	if err := unix.MunmapPtr(unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize())); err != nil {
+		t.Fatalf("MunmapPtr: %v", err)
+	}
+	if err := unix.Munmap(b); err != nil {
+		t.Fatalf("Munmap: %v", err)
+	}
+}
diff --git a/unix/mremap.go b/unix/mremap.go
index fd45fe529d..3a5e776f89 100644
--- a/unix/mremap.go
+++ b/unix/mremap.go
@@ -50,3 +50,8 @@ func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data [
 func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) {
 	return mapper.Mremap(oldData, newLength, flags)
 }
+
+func MremapPtr(oldAddr unsafe.Pointer, oldSize uintptr, newAddr unsafe.Pointer, newSize uintptr, flags int) (ret unsafe.Pointer, err error) {
+	xaddr, err := mapper.mremap(uintptr(oldAddr), oldSize, newSize, flags, uintptr(newAddr))
+	return unsafe.Pointer(xaddr), err
+}
diff --git a/unix/mremap_test.go b/unix/mremap_test.go
index e84104fc6a..5019dd789b 100644
--- a/unix/mremap_test.go
+++ b/unix/mremap_test.go
@@ -8,6 +8,7 @@ package unix_test
 
 import (
 	"testing"
+	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -44,3 +45,32 @@ func TestMremap(t *testing.T) {
 		t.Fatalf("remapping to a fixed address; got %v, want %v", err, unix.EINVAL)
 	}
 }
+
+func TestMremapPtr(t *testing.T) {
+	mmapProt := unix.PROT_NONE
+	mmapPtrProt := unix.PROT_READ | unix.PROT_WRITE
+	b, err := unix.Mmap(-1, 0, 2*unix.Getpagesize(), mmapProt, unix.MAP_ANON|unix.MAP_PRIVATE)
+	if err != nil {
+		t.Fatalf("Mmap: %v", err)
+	}
+	if _, err := unix.MmapPtr(-1, 0, unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize()),
+		mmapPtrProt, unix.MAP_ANON|unix.MAP_PRIVATE|unix.MAP_FIXED); err != nil {
+		t.Fatalf("MmapPtr: %v", err)
+	}
+
+	b[0] = 42
+
+	if _, err := unix.MremapPtr(
+		unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize()),
+		unsafe.Pointer(&b[unix.Getpagesize()]), uintptr(unix.Getpagesize()),
+		unix.MremapFixed|unix.MremapMaymove); err != nil {
+		t.Fatalf("MremapPtr: %v", err)
+	}
+	if got := b[unix.Getpagesize()]; got != 42 {
+		t.Errorf("got %d, want 42", got)
+	}
+
+	if err := unix.Munmap(b); err != nil {
+		t.Fatalf("Munmap: %v", err)
+	}
+}
diff --git a/unix/syscall_unix.go b/unix/syscall_unix.go
index 77081de8c7..4e92e5aa40 100644
--- a/unix/syscall_unix.go
+++ b/unix/syscall_unix.go
@@ -154,6 +154,15 @@ func Munmap(b []byte) (err error) {
 	return mapper.Munmap(b)
 }
 
+func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) {
+	xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset)
+	return unsafe.Pointer(xaddr), err
+}
+
+func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) {
+	return mapper.munmap(uintptr(addr), length)
+}
+
 func Read(fd int, p []byte) (n int, err error) {
 	n, err = read(fd, p)
 	if raceenabled {

From a0ef40af1f19dfed5b852735bcdebe22554248ce Mon Sep 17 00:00:00 2001
From: Nuno Cruces <ncruces@users.noreply.github.com>
Date: Wed, 26 Jun 2024 13:57:46 +0000
Subject: [PATCH 09/11] unix: fix MremapPtr test failing on NetBSD

NetBSD apparently doesn't allow remapping into used address space.
This means that the test that uses mremap to move a mmapped page
into a new address should first mmap (to reserve)
then munmap (to free) the destination.

Fixes golang/go#68180

Change-Id: If66b67e7166ca4dc4331a8cfc3e3a285416e9849
GitHub-Last-Rev: 92058c2f2525be77522762d503ac7193580f125e
GitHub-Pull-Request: golang/sys#198
Cq-Include-Trybots: luci.golang.try:x_sys-gotip-netbsd-amd64
Reviewed-on: https://go-review.googlesource.com/c/sys/+/594756
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Joedian Reid <joedian@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 unix/mremap_test.go | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/unix/mremap_test.go b/unix/mremap_test.go
index 5019dd789b..fe79a48867 100644
--- a/unix/mremap_test.go
+++ b/unix/mremap_test.go
@@ -47,30 +47,31 @@ func TestMremap(t *testing.T) {
 }
 
 func TestMremapPtr(t *testing.T) {
-	mmapProt := unix.PROT_NONE
-	mmapPtrProt := unix.PROT_READ | unix.PROT_WRITE
-	b, err := unix.Mmap(-1, 0, 2*unix.Getpagesize(), mmapProt, unix.MAP_ANON|unix.MAP_PRIVATE)
+	p1, err := unix.MmapPtr(-1, 0, nil, uintptr(2*unix.Getpagesize()),
+		unix.PROT_READ|unix.PROT_WRITE, unix.MAP_ANON|unix.MAP_PRIVATE)
 	if err != nil {
-		t.Fatalf("Mmap: %v", err)
-	}
-	if _, err := unix.MmapPtr(-1, 0, unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize()),
-		mmapPtrProt, unix.MAP_ANON|unix.MAP_PRIVATE|unix.MAP_FIXED); err != nil {
 		t.Fatalf("MmapPtr: %v", err)
 	}
 
-	b[0] = 42
+	p2 := unsafe.Add(p1, unix.Getpagesize())
+	if err := unix.MunmapPtr(p2, uintptr(unix.Getpagesize())); err != nil {
+		t.Fatalf("MunmapPtr: %v", err)
+	}
+
+	*(*byte)(p1) = 42
 
 	if _, err := unix.MremapPtr(
-		unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize()),
-		unsafe.Pointer(&b[unix.Getpagesize()]), uintptr(unix.Getpagesize()),
+		p1, uintptr(unix.Getpagesize()),
+		p2, uintptr(unix.Getpagesize()),
 		unix.MremapFixed|unix.MremapMaymove); err != nil {
 		t.Fatalf("MremapPtr: %v", err)
 	}
-	if got := b[unix.Getpagesize()]; got != 42 {
+
+	if got := *(*byte)(p2); got != 42 {
 		t.Errorf("got %d, want 42", got)
 	}
 
-	if err := unix.Munmap(b); err != nil {
-		t.Fatalf("Munmap: %v", err)
+	if err := unix.MunmapPtr(p2, uintptr(unix.Getpagesize())); err != nil {
+		t.Fatalf("MunmapPtr: %v", err)
 	}
 }

From c892bb7ec2a2624d5417525f44698a5e241dfb04 Mon Sep 17 00:00:00 2001
From: Nuno Cruces <ncruces@users.noreply.github.com>
Date: Wed, 26 Jun 2024 16:39:30 +0000
Subject: [PATCH 10/11] unix: fix MmapPtr test failing on OpenBSD

OpenBSD apparently doesn't allow unmapping address space if part of the region is already unmapped.
This tweaks the test so that munmapping twice no longer happens.

Fixes golang/go#68181

Change-Id: I588255f5e10ec015dbb7188eac79cee6be570680
GitHub-Last-Rev: 2535abd892d9063b9bdda69101a45f71c4174124
GitHub-Pull-Request: golang/sys#199
Cq-Include-Trybots: luci.golang.try:go1.22-openbsd-amd64
Reviewed-on: https://go-review.googlesource.com/c/sys/+/595095
TryBot-Bypass: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
---
 unix/mmap_unix_test.go | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/unix/mmap_unix_test.go b/unix/mmap_unix_test.go
index eb146059cc..d5f4db037f 100644
--- a/unix/mmap_unix_test.go
+++ b/unix/mmap_unix_test.go
@@ -9,7 +9,6 @@ package unix_test
 import (
 	"runtime"
 	"testing"
-	"unsafe"
 
 	"golang.org/x/sys/unix"
 )
@@ -52,23 +51,20 @@ func TestMmap(t *testing.T) {
 }
 
 func TestMmapPtr(t *testing.T) {
-	mmapProt := unix.PROT_NONE
-	mmapPtrProt := unix.PROT_READ | unix.PROT_WRITE
-	b, err := unix.Mmap(-1, 0, 2*unix.Getpagesize(), mmapProt, unix.MAP_ANON|unix.MAP_PRIVATE)
+	p, err := unix.MmapPtr(-1, 0, nil, uintptr(2*unix.Getpagesize()),
+		unix.PROT_NONE, unix.MAP_ANON|unix.MAP_PRIVATE)
 	if err != nil {
-		t.Fatalf("Mmap: %v", err)
+		t.Fatalf("MmapPtr: %v", err)
 	}
-	if _, err := unix.MmapPtr(-1, 0, unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize()),
-		mmapPtrProt, unix.MAP_ANON|unix.MAP_PRIVATE|unix.MAP_FIXED); err != nil {
+
+	if _, err := unix.MmapPtr(-1, 0, p, uintptr(unix.Getpagesize()),
+		unix.PROT_READ|unix.PROT_WRITE, unix.MAP_ANON|unix.MAP_PRIVATE|unix.MAP_FIXED); err != nil {
 		t.Fatalf("MmapPtr: %v", err)
 	}
 
-	b[0] = 42
+	*(*byte)(p) = 42
 
-	if err := unix.MunmapPtr(unsafe.Pointer(&b[0]), uintptr(unix.Getpagesize())); err != nil {
+	if err := unix.MunmapPtr(p, uintptr(2*unix.Getpagesize())); err != nil {
 		t.Fatalf("MunmapPtr: %v", err)
 	}
-	if err := unix.Munmap(b); err != nil {
-		t.Fatalf("Munmap: %v", err)
-	}
 }

From faed7ec2641160cebe7fdf3fa6d401d848d2710f Mon Sep 17 00:00:00 2001
From: Edoardo Spadolini <edoardo.spadolini@gmail.com>
Date: Tue, 2 Jul 2024 18:22:43 +0000
Subject: [PATCH 11/11] unix: add PthreadChdir and PthreadFchdir on darwin

Fixes golang/go#68226

Change-Id: I92052e2319e4edde21b5e1e47ddb5b261d81448a
GitHub-Last-Rev: bc02d6d44bb64ad202c97d3525d5355e8a027a5e
GitHub-Pull-Request: golang/sys#201
Reviewed-on: https://go-review.googlesource.com/c/sys/+/595677
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 unix/darwin_amd64_test.go     |  2 ++
 unix/darwin_arm64_test.go     |  2 ++
 unix/syscall_darwin.go        | 12 ++++++++++++
 unix/zsyscall_darwin_amd64.go | 33 +++++++++++++++++++++++++++++++++
 unix/zsyscall_darwin_amd64.s  | 10 ++++++++++
 unix/zsyscall_darwin_arm64.go | 33 +++++++++++++++++++++++++++++++++
 unix/zsyscall_darwin_arm64.s  | 10 ++++++++++
 7 files changed, 102 insertions(+)

diff --git a/unix/darwin_amd64_test.go b/unix/darwin_amd64_test.go
index b58e1383c3..ed56acca38 100644
--- a/unix/darwin_amd64_test.go
+++ b/unix/darwin_amd64_test.go
@@ -101,6 +101,8 @@ var darwinTests = [...]darwinTest{
 	{"pipe", libc_pipe_trampoline_addr},
 	{"poll", libc_poll_trampoline_addr},
 	{"pread", libc_pread_trampoline_addr},
+	{"pthread_chdir_np", libc_pthread_chdir_np_trampoline_addr},
+	{"pthread_fchdir_np", libc_pthread_fchdir_np_trampoline_addr},
 	{"ptrace", libc_ptrace_trampoline_addr},
 	{"pwrite", libc_pwrite_trampoline_addr},
 	{"read", libc_read_trampoline_addr},
diff --git a/unix/darwin_arm64_test.go b/unix/darwin_arm64_test.go
index 9e537a39e3..3e0fb7d163 100644
--- a/unix/darwin_arm64_test.go
+++ b/unix/darwin_arm64_test.go
@@ -101,6 +101,8 @@ var darwinTests = [...]darwinTest{
 	{"pipe", libc_pipe_trampoline_addr},
 	{"poll", libc_poll_trampoline_addr},
 	{"pread", libc_pread_trampoline_addr},
+	{"pthread_chdir_np", libc_pthread_chdir_np_trampoline_addr},
+	{"pthread_fchdir_np", libc_pthread_fchdir_np_trampoline_addr},
 	{"ptrace", libc_ptrace_trampoline_addr},
 	{"pwrite", libc_pwrite_trampoline_addr},
 	{"read", libc_read_trampoline_addr},
diff --git a/unix/syscall_darwin.go b/unix/syscall_darwin.go
index 59542a897d..4cc7b00596 100644
--- a/unix/syscall_darwin.go
+++ b/unix/syscall_darwin.go
@@ -542,6 +542,18 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
 	}
 }
 
+//sys	pthread_chdir_np(path string) (err error)
+
+func PthreadChdir(path string) (err error) {
+	return pthread_chdir_np(path)
+}
+
+//sys	pthread_fchdir_np(fd int) (err error)
+
+func PthreadFchdir(fd int) (err error) {
+	return pthread_fchdir_np(fd)
+}
+
 //sys	sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error)
 
 //sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error)
diff --git a/unix/zsyscall_darwin_amd64.go b/unix/zsyscall_darwin_amd64.go
index ccb02f240a..07642c308d 100644
--- a/unix/zsyscall_darwin_amd64.go
+++ b/unix/zsyscall_darwin_amd64.go
@@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func pthread_chdir_np(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+	_, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
 	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
 	if e1 != 0 {
diff --git a/unix/zsyscall_darwin_amd64.s b/unix/zsyscall_darwin_amd64.s
index 8b8bb28402..923e08cb79 100644
--- a/unix/zsyscall_darwin_amd64.s
+++ b/unix/zsyscall_darwin_amd64.s
@@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_chdir_np(SB)
+GLOBL	·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_fchdir_np(SB)
+GLOBL	·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
 TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sendfile(SB)
 GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8
diff --git a/unix/zsyscall_darwin_arm64.go b/unix/zsyscall_darwin_arm64.go
index 1b40b997b5..7d73dda647 100644
--- a/unix/zsyscall_darwin_arm64.go
+++ b/unix/zsyscall_darwin_arm64.go
@@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func pthread_chdir_np(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+	_, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
 	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
 	if e1 != 0 {
diff --git a/unix/zsyscall_darwin_arm64.s b/unix/zsyscall_darwin_arm64.s
index 08362c1ab7..057700111e 100644
--- a/unix/zsyscall_darwin_arm64.s
+++ b/unix/zsyscall_darwin_arm64.s
@@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_chdir_np(SB)
+GLOBL	·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_fchdir_np(SB)
+GLOBL	·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
 TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sendfile(SB)
 GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8