Used inclusive language

Signed-off-by: Luminita Voicu <lumivo@amazon.com>

Author: luminitavoicu

CHANGELOG.md

@@ -374,7 +374,7 @@
 ### Fixed
 
 - A `madvise` call issued by the `musl` allocator was added to the seccomp
-  whitelist to prevent Firecracker from terminating abruptly when allocating
+  allow list to prevent Firecracker from terminating abruptly when allocating
   memory in certain conditions.
 
 ## [0.15.0]
@@ -416,8 +416,8 @@
 
 - Log the app version when the `Logger` is initialized.
 - Pretty print panic information.
-- Firecracker terminates with exit code 148 when a non-whitelisted syscall
-  is intercepted.
+- Firecracker terminates with exit code 148 when a syscall which is not
+  present in the allow list is intercepted.
 
 ### Fixed
 

CHARTER.md

@@ -31,6 +31,6 @@ All contributions must align with this charter and follow Firecracker's
 [contribution process](CONTRIBUTING.md).
 
 Firecracker [maintainers](MAINTAINERS.md) merge contributions into the
-master branch and create Firecracker releases. Maintainers are also
+main branch and create Firecracker releases. Maintainers are also
 subject to the mission and tenets outlined above. Anyone may submit
 and review contributions.

CONTRIBUTING.md

@@ -29,7 +29,7 @@ you want to merge your changes to Firecracker:
 1. Create your contribution, meeting all
    [contribution quality standards](#contribution-quality-standards)
 1. [Create a pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/)
-   against the master branch of the Firecracker repository.
+   against the main branch of the Firecracker repository.
 1. Add two reviewers to your pull request (a maintainer will do that for you if
    you're new). Work with your reviewers to address any comments and obtain a
    minimum of 2 approvals, at least one of which must be provided by
@@ -48,7 +48,7 @@ If you just want to receive feedback for a contribution proposal, open an “RFC
    branch for the contribution you want feedback on. Use a meaningful name.
 1. Create your proposal based on the existing codebase.
 1. [Create a pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/)
-   against the master branch of the Firecracker repository. Prefix your pull
+   against the main branch of the Firecracker repository. Prefix your pull
    request name with `[RFC]`.
 1. Discuss your proposal with the community on the pull request page (or on any
    other channel). Add the conclusion(s) of this discussion to the pull request

SPECIFICATION.md

@@ -3,7 +3,7 @@
 The specifications below quantify Firecracker's promise to enable
 minimal-overhead execution of container and serverless workloads. These
 specifications are enforced by integration tests (that run for each PR and
-master branch merge).
+main branch merge).
 
 On an [M5D.metal instance][1] (with hyperthreading disabled) and an
 [M6G.metal instance][2] and given host system resources are available

docs/design.md

@@ -151,8 +151,8 @@ service is fully configured by users.
 
 Seccomp filters are used by default to further limit the system calls Firecracker
 can use. There are 3 possible levels of seccomp filtering, configurable by passing
-a command line argument to Firecracker: 0 (disabled), 1 (whitelists a set of
-trusted system calls by their identifiers) and 2 (whitelists a set of trusted
+a command line argument to Firecracker: 0 (disabled), 1 (allows a set of
+trusted system calls by their identifiers) and 2 (allows a set of trusted
 system calls with trusted parameter values), the latter being the most
 restrictive and the recommended one. The filters are loaded in the Firecracker
 process, immediately before the execution of the untrusted guest code starts.

docs/getting-started.md

@@ -262,7 +262,7 @@ Get a copy of the Firecracker sources by cloning our GitHub repo:
 git clone https://github.com/firecracker-microvm/firecracker
 ```
 
-All development happens on the master branch and we use git tags to mark
+All development happens on the main branch and we use git tags to mark
 releases. If you are interested in a specific release (e.g. v0.10.1), you can
 check it out with:
 

docs/jailer.md

@@ -54,7 +54,7 @@ jailer --id <id> \
   `--seccomp-level`, which specifies whether seccomp filters should be installed
   and how restrictive they should be. Possible values are:
   - 0 : disabled.
-  - 1 : basic filtering. This prohibits syscalls not whitelisted by
+  - 1 : basic filtering. This prohibits syscalls not allowed by
     Firecracker.
   - 2 (default): advanced filtering. This adds further checks on some of the
     parameters of the allowed syscalls.

src/arch/src/x86_64/msr.rs

@@ -74,7 +74,7 @@ macro_rules! MSR_RANGE {
 }
 
 // List of MSRs that can be serialized. List is sorted in ascending order of MSRs addresses.
-static WHITELISTED_MSR_RANGES: &[MsrRange] = &[
+static ALLOWED_MSR_RANGES: &[MsrRange] = &[
     SINGLE_MSR!(MSR_IA32_P5_MC_ADDR),
     SINGLE_MSR!(MSR_IA32_P5_MC_TYPE),
     SINGLE_MSR!(MSR_IA32_TSC),
@@ -173,13 +173,11 @@ static WHITELISTED_MSR_RANGES: &[MsrRange] = &[
 ///
 /// * `index` - The index of the MSR that is checked whether it's needed for serialization.
 pub fn msr_should_serialize(index: u32) -> bool {
-    // Blacklisted MSRs not exported by Linux: IA32_FEATURE_CONTROL and IA32_MCG_CTL
+    // Denied MSRs not exported by Linux: IA32_FEATURE_CONTROL and IA32_MCG_CTL
     if index == MSR_IA32_FEATURE_CONTROL || index == MSR_IA32_MCG_CTL {
         return false;
     };
-    WHITELISTED_MSR_RANGES
-        .iter()
-        .any(|range| range.contains(index))
+    ALLOWED_MSR_RANGES.iter().any(|range| range.contains(index))
 }
 
 // Creates and populates required MSR entries for booting Linux on X86_64.
@@ -250,8 +248,8 @@ mod tests {
     use kvm_ioctls::Kvm;
 
     #[test]
-    fn test_msr_whitelist() {
-        for range in WHITELISTED_MSR_RANGES.iter() {
+    fn test_msr_allowlist() {
+        for range in ALLOWED_MSR_RANGES.iter() {
             for msr in range.base..(range.base + range.nmsrs) {
                 let should = !matches!(msr, MSR_IA32_FEATURE_CONTROL | MSR_IA32_MCG_CTL);
                 assert_eq!(msr_should_serialize(msr), should);

src/net_gen/src/iff.rs

@@ -2623,6 +2623,7 @@ impl Clone for fr_proto_pvc {
 #[derive(Debug, Default, Copy)]
 pub struct fr_proto_pvc_info {
     pub dlci: ::std::os::raw::c_uint,
+    // TODO: rename this field to adopt inclusive language once Linux updates it, too.
     pub master: [::std::os::raw::c_char; 16usize],
 }
 #[test]
@@ -2717,7 +2718,9 @@ pub const net_device_flags_IFF_RUNNING: net_device_flags = 64;
 pub const net_device_flags_IFF_NOARP: net_device_flags = 128;
 pub const net_device_flags_IFF_PROMISC: net_device_flags = 256;
 pub const net_device_flags_IFF_ALLMULTI: net_device_flags = 512;
+// TODO: rename this constant to adopt inclusive language once Linux updates it, too.
 pub const net_device_flags_IFF_MASTER: net_device_flags = 1024;
+// TODO: rename this constant to adopt inclusive language once Linux updates it, too.
 pub const net_device_flags_IFF_SLAVE: net_device_flags = 2048;
 pub const net_device_flags_IFF_MULTICAST: net_device_flags = 4096;
 pub const net_device_flags_IFF_PORTSEL: net_device_flags = 8192;
@@ -3070,6 +3073,7 @@ pub struct ifreq__bindgen_ty_2 {
     pub ifru_ivalue: __BindgenUnionField<::std::os::raw::c_int>,
     pub ifru_mtu: __BindgenUnionField<::std::os::raw::c_int>,
     pub ifru_map: __BindgenUnionField<ifmap>,
+    // TODO: rename this field to adopt inclusive language once Linux updates it, too.
     pub ifru_slave: __BindgenUnionField<[::std::os::raw::c_char; 16usize]>,
     pub ifru_newname: __BindgenUnionField<[::std::os::raw::c_char; 16usize]>,
     pub ifru_data: __BindgenUnionField<*mut ::std::os::raw::c_void>,

src/vmm/src/default_syscalls/filters.rs

@@ -9,7 +9,7 @@ use seccomp::{
 };
 use utils::signal::sigrtmin;
 
-/// The default filter containing the white listed syscall rules required by `Firecracker` to
+/// The default filter containing the allowed syscall rules required by `Firecracker` to
 /// function.
 /// Any non-trivial modification to this allow list needs a proper comment to specify its source
 /// or why the sycall/condition is needed.

src/vmm/src/utilities/mock_seccomp/mod.rs

@@ -292,7 +292,7 @@ impl MockSeccomp {
         )
     }
 
-    /// Blacklist KVM_RUN.
+    /// Deny KVM_RUN.
     pub fn without_kvm_run(mut self) -> Self {
         self.rules
             .insert(libc::SYS_ioctl, Self::ioctl_rule_without_kvm_run().1);

src/vmm/src/vstate/vm.rs

@@ -320,7 +320,9 @@ impl Vm {
 pub struct VmState {
     pitstate: kvm_pit_state2,
     clock: kvm_clock_data,
+    // TODO: rename this field to adopt inclusive language once Linux updates it, too.
     pic_master: kvm_irqchip,
+    // TODO: rename this field to adopt inclusive language once Linux updates it, too.
     pic_slave: kvm_irqchip,
     ioapic: kvm_irqchip,
 }

src/vmm/tests/integration_tests.rs

@@ -98,7 +98,7 @@ fn test_vmm_seccomp() {
                 .into();
             let mut event_manager = EventManager::new().unwrap();
 
-            // The customer "forgot" to whitelist the KVM_RUN ioctl.
+            // The customer "forgot" to allow the KVM_RUN ioctl.
             let filter: BpfProgram = MockSeccomp::new().without_kvm_run().into();
             let vmm = build_microvm_for_boot(&resources, &mut event_manager, &filter).unwrap();
             // Give the vCPUs a chance to attempt KVM_RUN.

tests/conftest.py

@@ -309,8 +309,8 @@ def bin_seccomp_paths(test_fc_session_root_path):
 
     They currently consist of:
 
-    * a jailer with a simple syscall whitelist;
-    * a jailer with a (syscall, arguments) advanced whitelist;
+    * a jailer with a simple syscall allow list;
+    * a jailer with a (syscall, arguments) advanced allow list;
     * a jailed binary that follows the seccomp rules;
     * a jailed binary that breaks the seccomp rules.
     """

tests/integration_tests/security/test_seccomp.py

@@ -1,14 +1,14 @@
 # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
-"""Tests that the seccomp filters don't let blacklisted syscalls through."""
+"""Tests that the seccomp filters don't let denied syscalls through."""
 
 import os
 
 import framework.utils as utils
 
 
 def test_seccomp_ls(bin_seccomp_paths):
-    """Assert that the seccomp filters deny a blacklisted syscall."""
+    """Assert that the seccomp filters refuse a denied syscall."""
     # pylint: disable=redefined-outer-name
     # pylint: disable=subprocess-run-check
     # The fixture pattern causes a pylint false positive for that rule.

tests/integration_tests/style/test_gitlint.py

@@ -11,6 +11,7 @@ def test_gitlint():
     os.environ['LC_ALL'] = 'C.UTF-8'
     os.environ['LANG'] = 'C.UTF-8'
     try:
+        # TODO: update this line once the master branch is renamed
         utils.run_cmd('gitlint --commits origin/master..HEAD'
                       ' -C ../.gitlint'
                       ' --extra-path framework/gitlint_rules.py')