summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-07-15 22:38:47 +0000
committergVisor bot <gvisor-bot@google.com>2021-07-15 22:38:47 +0000
commit9fe684eb05523e756ecd792081105bdcb3e4d00e (patch)
tree7aa2c6b18d4521879963033e12beb5354e12bc71 /pkg/sentry/socket
parent058cc3c366b5e0c9b5f1b877f45a20ff08cee051 (diff)
parentcd45d7b6c893aa763cdc3ef2f4ac86444b622927 (diff)
Merge release-20210712.0-23-gcd45d7b6c (automated)
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r--pkg/sentry/socket/netstack/netstack.go24
-rw-r--r--pkg/sentry/socket/socket.go1
2 files changed, 20 insertions, 5 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index ea736e446..0f8cbe7e2 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -49,6 +49,7 @@ import (
"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
"gvisor.dev/gvisor/pkg/sentry/inet"
"gvisor.dev/gvisor/pkg/sentry/kernel"
+ "gvisor.dev/gvisor/pkg/sentry/kernel/auth"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
"gvisor.dev/gvisor/pkg/sentry/socket"
"gvisor.dev/gvisor/pkg/sentry/socket/netfilter"
@@ -1682,12 +1683,12 @@ func SetSockOpt(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, level int
return nil
}
-func clampBufSize(newSz, min, max int64) int64 {
+func clampBufSize(newSz, min, max int64, ignoreMax bool) int64 {
// packetOverheadFactor is used to multiply the value provided by the user on
// a setsockopt(2) for setting the send/receive buffer sizes sockets.
const packetOverheadFactor = 2
- if newSz > max {
+ if !ignoreMax && newSz > max {
newSz = max
}
@@ -1712,7 +1713,7 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
v := hostarch.ByteOrder.Uint32(optVal)
min, max := ep.SocketOptions().SendBufferLimits()
- clamped := clampBufSize(int64(v), min, max)
+ clamped := clampBufSize(int64(v), min, max, false /* ignoreMax */)
ep.SocketOptions().SetSendBufferSize(clamped, true /* notify */)
return nil
@@ -1723,7 +1724,22 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
v := hostarch.ByteOrder.Uint32(optVal)
min, max := ep.SocketOptions().ReceiveBufferLimits()
- clamped := clampBufSize(int64(v), min, max)
+ clamped := clampBufSize(int64(v), min, max, false /* ignoreMax */)
+ ep.SocketOptions().SetReceiveBufferSize(clamped, true /* notify */)
+ return nil
+
+ case linux.SO_RCVBUFFORCE:
+ if len(optVal) < sizeOfInt32 {
+ return syserr.ErrInvalidArgument
+ }
+
+ if creds := auth.CredentialsFromContext(t); !creds.HasCapability(linux.CAP_NET_ADMIN) {
+ return syserr.ErrNotPermitted
+ }
+
+ v := hostarch.ByteOrder.Uint32(optVal)
+ min, max := ep.SocketOptions().ReceiveBufferLimits()
+ clamped := clampBufSize(int64(v), min, max, true /* ignoreMax */)
ep.SocketOptions().SetReceiveBufferSize(clamped, true /* notify */)
return nil
diff --git a/pkg/sentry/socket/socket.go b/pkg/sentry/socket/socket.go
index f5da3c509..658e90bb9 100644
--- a/pkg/sentry/socket/socket.go
+++ b/pkg/sentry/socket/socket.go
@@ -509,7 +509,6 @@ func SetSockOptEmitUnimplementedEvent(t *kernel.Task, name int) {
linux.SO_ATTACH_REUSEPORT_EBPF,
linux.SO_CNX_ADVICE,
linux.SO_DETACH_FILTER,
- linux.SO_RCVBUFFORCE,
linux.SO_SNDBUFFORCE:
t.Kernel().EmitUnimplementedEvent(t)