6 files changed, 127 insertions, 43 deletions
diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go
index f3e984c24..78e082b8e 100644
--- a/pkg/sentry/fs/ramfs/dir.go
+++ b/pkg/sentry/fs/ramfs/dir.go
@@ -53,7 +53,6 @@ type Dir struct {
 	fsutil.InodeGenericChecker `state:"nosave"`
 	fsutil.InodeIsDirAllocate  `state:"nosave"`
 	fsutil.InodeIsDirTruncate  `state:"nosave"`
-	fsutil.InodeNoopRelease    `state:"nosave"`
 	fsutil.InodeNoopWriteOut   `state:"nosave"`
 	fsutil.InodeNotMappable    `state:"nosave"`
 	fsutil.InodeNotSocket      `state:"nosave"`
@@ -84,7 +83,8 @@ type Dir struct {
 
 var _ fs.InodeOperations = (*Dir)(nil)
 
-// NewDir returns a new Dir with the given contents and attributes.
+// NewDir returns a new Dir with the given contents and attributes. A reference
+// on each fs.Inode in the `contents` map will be donated to this Dir.
 func NewDir(ctx context.Context, contents map[string]*fs.Inode, owner fs.FileOwner, perms fs.FilePermissions) *Dir {
 	d := &Dir{
 		InodeSimpleAttributes: fsutil.NewInodeSimpleAttributes(ctx, owner, perms, linux.RAMFS_MAGIC),
@@ -138,7 +138,7 @@ func (d *Dir) addChildLocked(ctx context.Context, name string, inode *fs.Inode)
 	d.NotifyModificationAndStatusChange(ctx)
 }
 
-// AddChild adds a child to this dir.
+// AddChild adds a child to this dir, inheriting its reference.
 func (d *Dir) AddChild(ctx context.Context, name string, inode *fs.Inode) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
@@ -172,7 +172,9 @@ func (d *Dir) Children() ([]string, map[string]fs.DentAttr) {
 	return namesCopy, entriesCopy
 }
 
-// removeChildLocked attempts to remove an entry from this directory.
+// removeChildLocked attempts to remove an entry from this directory. It
+// returns the removed fs.Inode along with its reference, which callers are
+// responsible for decrementing.
 func (d *Dir) removeChildLocked(ctx context.Context, name string) (*fs.Inode, error) {
 	inode, ok := d.children[name]
 	if !ok {
@@ -253,7 +255,8 @@ func (d *Dir) RemoveDirectory(ctx context.Context, _ *fs.Inode, name string) err
 	return nil
 }
 
-// Lookup loads an inode at p into a Dirent.
+// Lookup loads an inode at p into a Dirent. It returns the fs.Dirent along
+// with a reference.
 func (d *Dir) Lookup(ctx context.Context, _ *fs.Inode, p string) (*fs.Dirent, error) {
 	if len(p) > linux.NAME_MAX {
 		return nil, syserror.ENAMETOOLONG
@@ -408,6 +411,16 @@ func (*Dir) Rename(ctx context.Context, inode *fs.Inode, oldParent *fs.Inode, ol
 	return Rename(ctx, oldParent.InodeOperations, oldName, newParent.InodeOperations, newName, replacement)
 }
 
+// Release implements fs.InodeOperation.Release.
+func (d *Dir) Release(_ context.Context) {
+	// Drop references on all children.
+	d.mu.Lock()
+	for _, i := range d.children {
+		i.DecRef()
+	}
+	d.mu.Unlock()
+}
+
 // dirFileOperations implements fs.FileOperations for a ramfs directory.
 //
 // +stateify savable
diff --git a/pkg/sentry/fs/tmpfs/tmpfs.go b/pkg/sentry/fs/tmpfs/tmpfs.go
index 0f4497cd6..159fb7c08 100644
--- a/pkg/sentry/fs/tmpfs/tmpfs.go
+++ b/pkg/sentry/fs/tmpfs/tmpfs.go
@@ -56,7 +56,6 @@ func rename(ctx context.Context, oldParent *fs.Inode, oldName string, newParent
 type Dir struct {
 	fsutil.InodeGenericChecker `state:"nosave"`
 	fsutil.InodeIsDirTruncate  `state:"nosave"`
-	fsutil.InodeNoopRelease    `state:"nosave"`
 	fsutil.InodeNoopWriteOut   `state:"nosave"`
 	fsutil.InodeNotMappable    `state:"nosave"`
 	fsutil.InodeNotSocket      `state:"nosave"`
@@ -252,6 +251,11 @@ func (d *Dir) Allocate(ctx context.Context, node *fs.Inode, offset, length int64
 	return d.ramfsDir.Allocate(ctx, node, offset, length)
 }
 
+// Release implements fs.InodeOperations.Release.
+func (d *Dir) Release(ctx context.Context) {
+	d.ramfsDir.Release(ctx)
+}
+
 // Symlink is a symlink.
 //
 // +stateify savable
diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
index be6b07629..25ad17a4e 100755
--- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
+++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
@@ -2,10 +2,11 @@ package kernel
 
 import (
 	"fmt"
-	"gvisor.dev/gvisor/third_party/gvsync"
 	"reflect"
 	"strings"
 	"unsafe"
+
+	"gvisor.dev/gvisor/third_party/gvsync"
 )
 
 // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race
diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go
index a36a17e37..d4bfc5a4a 100755
--- a/pkg/sentry/platform/ring0/defs_impl.go
+++ b/pkg/sentry/platform/ring0/defs_impl.go
@@ -1,14 +1,14 @@
 package ring0
 
 import (
-	"gvisor.dev/gvisor/pkg/cpuid"
-	"reflect"
 	"syscall"
 
 	"fmt"
+	"gvisor.dev/gvisor/pkg/cpuid"
 	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/usermem"
 	"io"
+	"reflect"
 )
 
 var (
diff --git a/pkg/sentry/socket/epsocket/epsocket.go b/pkg/sentry/socket/epsocket/epsocket.go
index 0f483faa8..586523d3d 100644
--- a/pkg/sentry/socket/epsocket/epsocket.go
+++ b/pkg/sentry/socket/epsocket/epsocket.go
@@ -845,6 +845,68 @@ func getSockOptSocket(t *kernel.Task, s socket.Socket, ep commonEndpoint, family
 	return nil, syserr.ErrProtocolNotAvailable
 }
 
+func toLinuxTCPInfo(i tcp.InfoOption) linux.TCPInfo {
+	// Unimplemented fields are explicitly initialized to zero below.
+	return linux.TCPInfo{
+		State:                  uint8(translateTCPState(tcp.EndpointState(i.ProtocolState))),
+		CaState:                0,
+		Retransmits:            0,
+		Probes:                 0,
+		Backoff:                0,
+		Options:                0,
+		WindowScale:            uint8((i.Sender.SndWndScale&0xf)<<4 | (i.Receiver.RcvWndScale & 0xf)),
+		DeliveryRateAppLimited: 0,
+
+		RTO:    uint32(i.Sender.RTO / time.Microsecond),
+		ATO:    0,
+		SndMss: uint32(i.Sender.MSS),
+		RcvMss: uint32(i.RcvMSS),
+
+		Unacked: uint32(i.Sender.Outstanding),
+		Sacked:  uint32(i.SACK.Sacked),
+		Lost:    0,
+		Retrans: 0,
+		Fackets: 0,
+
+		LastDataSent: uint32(i.Sender.LastSendTime.UnixNano() / int64(time.Millisecond)),
+		LastAckSent:  0, // Not tracked by Linux.
+		LastDataRecv: uint32(i.RcvLastDataNanos / int64(time.Millisecond)),
+		LastAckRecv:  uint32(i.RcvLastAckNanos / int64(time.Millisecond)),
+
+		PMTU:        uint32(i.SndMTU),
+		RcvSsthresh: 0,
+		RTT:         uint32(i.Sender.SRTT / time.Microsecond),
+		RTTVar:      uint32(i.Sender.RTTVar / time.Microsecond),
+		SndSsthresh: uint32(i.Sender.Ssthresh),
+		SndCwnd:     uint32(i.Sender.SndCwnd),
+		Advmss:      uint32(i.AMSS),
+		Reordering:  0,
+
+		RcvRTT:   uint32(i.RcvAutoParams.RTT / time.Microsecond),
+		RcvSpace: uint32(i.RcvBufSize),
+
+		TotalRetrans: 0,
+
+		PacingRate:    0,
+		MaxPacingRate: 0,
+		BytesAcked:    0,
+		BytesReceived: 0,
+		SegsOut:       0,
+		SegsIn:        0,
+
+		NotSentBytes: 0,
+		MinRTT:       uint32(i.RcvAutoParams.RTT / time.Microsecond),
+		DataSegsIn:   0,
+		DataSegsOut:  0,
+
+		DeliveryRate: 0,
+
+		BusyTime:      0,
+		RwndLimited:   0,
+		SndBufLimited: 0,
+	}
+}
+
 // getSockOptTCP implements GetSockOpt when level is SOL_TCP.
 func getSockOptTCP(t *kernel.Task, ep commonEndpoint, name, outLen int) (interface{}, *syserr.Error) {
 	switch name {
@@ -924,17 +986,14 @@ func getSockOptTCP(t *kernel.Task, ep commonEndpoint, name, outLen int) (interfa
 		return int32(time.Duration(v) / time.Second), nil
 
 	case linux.TCP_INFO:
-		var v tcpip.TCPInfoOption
+		var v tcp.InfoOption
 		if err := ep.GetSockOpt(&v); err != nil {
 			return nil, syserr.TranslateNetstackError(err)
 		}
-
-		// TODO(b/64800844): Translate fields once they are added to
-		// tcpip.TCPInfoOption.
-		info := linux.TCPInfo{}
+		info := toLinuxTCPInfo(v)
 
 		// Linux truncates the output binary to outLen.
-		ib := binary.Marshal(nil, usermem.ByteOrder, &info)
+		ib := binary.Marshal(nil, usermem.ByteOrder, info)
 		if len(ib) > outLen {
 			ib = ib[:outLen]
 		}
@@ -2375,6 +2434,38 @@ func nicStateFlagsToLinux(f stack.NICStateFlags) uint32 {
 	return rv
 }
 
+// translateTCPState translates an internal endpoint state to the equivalent
+// state in the Linux ABI.
+func translateTCPState(s tcp.EndpointState) uint32 {
+	switch s {
+	case tcp.StateEstablished:
+		return linux.TCP_ESTABLISHED
+	case tcp.StateSynSent:
+		return linux.TCP_SYN_SENT
+	case tcp.StateSynRecv:
+		return linux.TCP_SYN_RECV
+	case tcp.StateFinWait1:
+		return linux.TCP_FIN_WAIT1
+	case tcp.StateFinWait2:
+		return linux.TCP_FIN_WAIT2
+	case tcp.StateTimeWait:
+		return linux.TCP_TIME_WAIT
+	case tcp.StateClose, tcp.StateInitial, tcp.StateBound, tcp.StateConnecting, tcp.StateError:
+		return linux.TCP_CLOSE
+	case tcp.StateCloseWait:
+		return linux.TCP_CLOSE_WAIT
+	case tcp.StateLastAck:
+		return linux.TCP_LAST_ACK
+	case tcp.StateListen:
+		return linux.TCP_LISTEN
+	case tcp.StateClosing:
+		return linux.TCP_CLOSING
+	default:
+		// Internal or unknown state.
+		return 0
+	}
+}
+
 // State implements socket.Socket.State. State translates the internal state
 // returned by netstack to values defined by Linux.
 func (s *SocketOperations) State() uint32 {
@@ -2385,33 +2476,7 @@ func (s *SocketOperations) State() uint32 {
 
 	if !s.isPacketBased() {
 		// TCP socket.
-		switch tcp.EndpointState(s.Endpoint.State()) {
-		case tcp.StateEstablished:
-			return linux.TCP_ESTABLISHED
-		case tcp.StateSynSent:
-			return linux.TCP_SYN_SENT
-		case tcp.StateSynRecv:
-			return linux.TCP_SYN_RECV
-		case tcp.StateFinWait1:
-			return linux.TCP_FIN_WAIT1
-		case tcp.StateFinWait2:
-			return linux.TCP_FIN_WAIT2
-		case tcp.StateTimeWait:
-			return linux.TCP_TIME_WAIT
-		case tcp.StateClose, tcp.StateInitial, tcp.StateBound, tcp.StateConnecting, tcp.StateError:
-			return linux.TCP_CLOSE
-		case tcp.StateCloseWait:
-			return linux.TCP_CLOSE_WAIT
-		case tcp.StateLastAck:
-			return linux.TCP_LAST_ACK
-		case tcp.StateListen:
-			return linux.TCP_LISTEN
-		case tcp.StateClosing:
-			return linux.TCP_CLOSING
-		default:
-			// Internal or unknown state.
-			return 0
-		}
+		return translateTCPState(tcp.EndpointState(s.Endpoint.State()))
 	}
 
 	// TODO(b/112063468): Export states for UDP, ICMP, and raw sockets.
diff --git a/pkg/sentry/time/seqatomic_parameters_unsafe.go b/pkg/sentry/time/seqatomic_parameters_unsafe.go
index b4fb0a7f0..89792c56d 100755
--- a/pkg/sentry/time/seqatomic_parameters_unsafe.go
+++ b/pkg/sentry/time/seqatomic_parameters_unsafe.go
@@ -2,10 +2,11 @@ package time
 
 import (
 	"fmt"
-	"gvisor.dev/gvisor/third_party/gvsync"
 	"reflect"
 	"strings"
 	"unsafe"
+
+	"gvisor.dev/gvisor/third_party/gvsync"
 )
 
 // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race