summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-01-30Enforce splice offset limitsMichael Pratt
Splice must not allow negative offsets. Writes also must not allow offset + size to overflow int64. Reads are similarly broken, but not just in splice (b/148095030). Reported-by: syzbot+0e1ff0b95fb2859b4190@syzkaller.appspotmail.com PiperOrigin-RevId: 292361208
2020-01-30Do not include the Source Link Layer option with an unspecified source addressGhanan Gowripalan
When sending NDP messages with an unspecified source address, the Source Link Layer address must not be included. Test: stack_test.TestDADResolve PiperOrigin-RevId: 292341334
2020-01-29Do not spawn a goroutine when calling stack.NDPDispatcher's methodsGhanan Gowripalan
Do not start a new goroutine when calling stack.NDPDispatcher.OnDuplicateAddressDetectionStatus. PiperOrigin-RevId: 292268574
2020-01-29Fix iptables tests that were broken by rename.Kevin Krakauer
The name of the runner binary target changed from "runner" to "runner-image", causing iptables tests to fail. PiperOrigin-RevId: 292242263
2020-01-29Add support for TCP_DEFER_ACCEPT.Bhasker Hariharan
PiperOrigin-RevId: 292233574
2020-01-29Add plumbing for file locks in VFS2.Dean Deng
Updates #1480 PiperOrigin-RevId: 292180192
2020-01-29sentry: rename SetRSEQInterruptedIP to SetOldRSeqInterruptedIP for arm64Andrei Vagin
For amd64, this has been done on cl/288342928. PiperOrigin-RevId: 292170856
2020-01-29Add //pkg/sentry/devices/memdev.Jamie Liu
PiperOrigin-RevId: 292165063
2020-01-28Prevent arbitrary size allocation when sending UDS messages.Dean Deng
Currently, Send() will copy data into a new byte slice without regard to the original size. Size checks should be performed before the allocation takes place. Note that for the sake of performance, we avoid putting the buffer allocation into the critical section. As a result, the size checks need to be performed again within Enqueue() in case the limit has changed. PiperOrigin-RevId: 292058147
2020-01-28Add support for WritableSource in DynamicBytesFileDescriptionImplFabricio Voznika
WritableSource is a convenience interface used for files that can be written to, e.g. /proc/net/ipv4/tpc_sack. It reads max of 4KB and only from offset 0 which should cover most cases. It can be extended as neeed. Updates #1195 PiperOrigin-RevId: 292056924
2020-01-28Changes missing in last submitFabricio Voznika
Updates #1487 Updates #1623 PiperOrigin-RevId: 292040835
2020-01-28Update link address for senders of Neighbor SolicitationsGhanan Gowripalan
Update link address for senders of NDP Neighbor Solicitations when the NS contains an NDP Source Link Layer Address option. Tests: - ipv6.TestNeighorSolicitationWithSourceLinkLayerOption - ipv6.TestNeighorSolicitationWithInvalidSourceLinkLayerOption PiperOrigin-RevId: 292028553
2020-01-28Add vfs.FileDescription to FD tableFabricio Voznika
FD table now holds both VFS1 and VFS2 types and uses the correct one based on what's set. Parts of this CL are just initial changes (e.g. sys_read.go, runsc/main.go) to serve as a template for the remaining changes. Updates #1487 Updates #1623 PiperOrigin-RevId: 292023223
2020-01-28Add //pkg/sentry/fsimpl/devtmpfs.Jamie Liu
PiperOrigin-RevId: 292021389
2020-01-28Include the NDP Source Link Layer option when sending DAD messagesGhanan Gowripalan
Test: stack_test.TestDADResolve PiperOrigin-RevId: 292003124
2020-01-28fs/splice: don't report partial errors for special filesAndrei Vagin
Special files can have additional requirements for granularity. For example, read from eventfd returns EINVAL if a size is less 8 bytes. Reported-by: syzbot+3905f5493bec08eb7b02@syzkaller.appspotmail.com PiperOrigin-RevId: 292002926
2020-01-28Add VFS2 support for epoll.Jamie Liu
PiperOrigin-RevId: 291997879
2020-01-28netlink: add support for RTM_F_LOOKUP_TABLEJianfeng Tan
Test command: $ ip route get 1.1.1.1 Fixes: #1099 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/1121 from tanjianfeng:fix-1099 e6919f3d4ede5aa51a48b3d2be0d7a4b482dd53d PiperOrigin-RevId: 291990716
2020-01-28Implement an anon_inode equivalent for VFS2.Jamie Liu
PiperOrigin-RevId: 291986033
2020-01-28Check sigsetsize in rt_sigactionMichael Pratt
This isn't in the libc wrapper, but it is in the syscall itself. Discovered by @xiaobo55x in #1625. PiperOrigin-RevId: 291973931
2020-01-28Prefer Type& over Type &Michael Pratt
And Type* over Type *. This is basically a whitespace only change. gVisor code already prefers left-alignment of pointers and references, but clang-format formats for consistency with the majority of a file, and some files leaned the wrong way. This is a one-time pass to make us completely conforming. Autogenerated with: $ find . \( -name "*.cc" -or -name "*.c" -or -name "*.h" \) \ | xargs clang-format -i -style="{BasedOnStyle: Google, \ DerivePointerAlignment: false, PointerAlignment: Left}" PiperOrigin-RevId: 291972421
2020-01-27Create platform_util for tests.Adin Scannell
PiperOrigin-RevId: 291869423
2020-01-27Add a type to represent the NDP Source Link Layer Address optionGhanan Gowripalan
Tests: - header.TestNDPSourceLinkLayerAddressOptionEthernetAddress - header.TestNDPSourceLinkLayerAddressOptionSerialize - header.TestNDPOptionsIterCheck - header.TestNDPOptionsIter PiperOrigin-RevId: 291856429
2020-01-27Fix header ordering and format all C++ code.Adin Scannell
PiperOrigin-RevId: 291844200
2020-01-27Merge pull request #1561 from zhangningdlut:chris_ttygVisor bot
PiperOrigin-RevId: 291821850
2020-01-27Cleanup glog and add real caller information.Adin Scannell
In general, we've learned that logging must be avoided at all costs in the hot path. It's unlikely that the optimizations here were significant in any case, since buffer would certainly escape. This also adds a test to ensure that the caller identification works as expected, and so that logging can be benchmarked. Original: BenchmarkGoogleLogging-6 1222255 949 ns/op With this change: BenchmarkGoogleLogging-6 517323 2346 ns/op Fixes #184 PiperOrigin-RevId: 291815420
2020-01-27Update package locations.Adin Scannell
Because the abi will depend on the core types for marshalling (usermem, context, safemem, safecopy), these need to be flattened from the sentry directory. These packages contain no sentry-specific details. PiperOrigin-RevId: 291811289
2020-01-27Merge pull request #1676 from majek:marek/FIX-1632-expose-NewPacketConngVisor bot
PiperOrigin-RevId: 291803499
2020-01-27Fix licenses.Adin Scannell
The preferred Copyright holder is "The gVisor Authors". PiperOrigin-RevId: 291786657
2020-01-27Update ChecksumVVWithoffset to use unrolled version.Bhasker Hariharan
Fixes #1656 PiperOrigin-RevId: 291777279
2020-01-27Update bug number for supporting extended attribute namespaces.Dean Deng
PiperOrigin-RevId: 291774815
2020-01-27Refactor to hide C from channel.Endpoint.Ting-Yu Wang
This is to aid later implementation for /dev/net/tun device. PiperOrigin-RevId: 291746025
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-27Expose gonet.NewPacketConn, for parity with gonet.NewConn APIMarek Majkowski
gonet.Conn can be created with both gonet.NewConn and gonet.Dial. gonet.PacketConn was created only by gonet.DialUDP. This prevented us from being able to use PacketConn in udp.NewForwarder() context. This simple constructor - NewPacketConn, allows user to create correct structure from that context.
2020-01-27Replace calculateChecksum w/ the unrolled version.Bhasker Hariharan
Fixes #1656 PiperOrigin-RevId: 291703760
2020-01-26Unroll checksum computation loop.Bhasker Hariharan
Checksum computation is one of the most expensive bits of packet processing. Manual unrolling of the loop provides significant improvement in checksum speed. Updates #1656 BenchmarkChecksum/checksum_64-12 49834124 23.6 ns/op BenchmarkChecksum/checksum_128-12 27111997 44.1 ns/op BenchmarkChecksum/checksum_256-12 11416683 91.5 ns/op BenchmarkChecksum/checksum_512-12 6375298 174 ns/op BenchmarkChecksum/checksum_1024-12 3403852 338 ns/op BenchmarkChecksum/checksum_1500-12 2343576 493 ns/op BenchmarkChecksum/checksum_2048-12 1730521 656 ns/op BenchmarkChecksum/checksum_4096-12 920469 1327 ns/op BenchmarkChecksum/checksum_8192-12 445885 2637 ns/op BenchmarkChecksum/checksum_16384-12 226342 5268 ns/op BenchmarkChecksum/checksum_32767-12 114210 10503 ns/op BenchmarkChecksum/checksum_32768-12 99138 10610 ns/op BenchmarkChecksum/checksum_65535-12 53438 21158 ns/op BenchmarkChecksum/checksum_65536-12 52993 21067 ns/op BenchmarkUnrolledChecksum/checksum_64-12 61035639 19.1 ns/op BenchmarkUnrolledChecksum/checksum_128-12 36067015 33.6 ns/op BenchmarkUnrolledChecksum/checksum_256-12 19731220 60.4 ns/op BenchmarkUnrolledChecksum/checksum_512-12 9091291 116 ns/op BenchmarkUnrolledChecksum/checksum_1024-12 4976406 226 ns/op BenchmarkUnrolledChecksum/checksum_1500-12 3685224 328 ns/op BenchmarkUnrolledChecksum/checksum_2048-12 2579108 447 ns/op BenchmarkUnrolledChecksum/checksum_4096-12 1350475 887 ns/op BenchmarkUnrolledChecksum/checksum_8192-12 658248 1780 ns/op BenchmarkUnrolledChecksum/checksum_16384-12 335869 3534 ns/op BenchmarkUnrolledChecksum/checksum_32767-12 168650 7095 ns/op BenchmarkUnrolledChecksum/checksum_32768-12 168075 7098 ns/op BenchmarkUnrolledChecksum/checksum_65535-12 75085 14277 ns/op BenchmarkUnrolledChecksum/checksum_65536-12 75921 14127 ns/op PiperOrigin-RevId: 291643290
2020-01-24Add support for device special files to VFS2 tmpfs.Jamie Liu
PiperOrigin-RevId: 291471892
2020-01-24Lock the NIC when checking if an address is tentativeGhanan Gowripalan
PiperOrigin-RevId: 291426657
2020-01-24Add anonymous device number allocation to VFS2.Jamie Liu
Note that in VFS2, filesystem device numbers are per-vfs.FilesystemImpl rather than global, avoiding the need for a "registry" type to handle save/restore. (This is more consistent with Linux anyway: compare e.g. mm/shmem.c:shmem_mount() => fs/super.c:mount_nodev() => (indirectly) set_anon_super().) PiperOrigin-RevId: 291425193
2020-01-24Increase timeouts for NDP tests' async eventsGhanan Gowripalan
Increase the timeout to 1s when waiting for async NDP events to help reduce flakiness. This will not significantly increase test times as the async events continue to receive an event on a channel. The increased timeout allows more time for an event to be sent on the channel as the previous timeout of 100ms caused some flakes. Test: Existing tests pass PiperOrigin-RevId: 291420936
2020-01-24Ignore external SIGURGMichael Pratt
Go 1.14+ sends SIGURG to Ms to attempt asynchronous preemption of a G. Since it can't guarantee that a SIGURG is only related to preemption, it continues to forward them to signal.Notify (see runtime.sighandler). We should ignore these signals, as applications shouldn't receive them. Note that this means that truly external SIGURG can no longer be sent to the application (as with SIGCHLD). PiperOrigin-RevId: 291415357
2020-01-24Fix corpus_name to match our ingestion config[1].Brad Burlage
PiperOrigin-RevId: 291412676
2020-01-23Remove epoll entry from map when dropping it.Nicolas Lacasse
This pattern (delete from map when dropping) is also used in epoll.RemoveEntry, and seems like generally a good idea. PiperOrigin-RevId: 291268208
2020-01-23Merge pull request #1617 from kevinGC:iptables-write-filter-protogVisor bot
PiperOrigin-RevId: 291249314
2020-01-23Fix kythe build.Brad Burlage
* Pass --auth_credentials now that we're using RBE * Fix kzips not being uploaded to the root of the GCS bucket PiperOrigin-RevId: 291241757
2020-01-23Check for EINTR from KVM_CREATE_VMMichael Pratt
The kernel may return EINTR from: kvm_create_vm kvm_init_mmu_notifier mmu_notifier_register do_mmu_notifier_register mm_take_all_locks Go 1.14's preemptive scheduling signals make hitting this much more likely. PiperOrigin-RevId: 291212669
2020-01-23Try running kythe build on RBE.Brad Burlage
Also add our RBE project/instance to the --config=remote defaults. PiperOrigin-RevId: 291201426
2020-01-23Fix master build case.Adin Scannell
Otherwise, this will be built when building a specific release tag (typically in the past), causing the master binary to be overwritten with something older. We can generally assume that tags will be applied after the commit has been integrated, and therefore that any builds pointing to tags will use only the tags. Another way to fix this would be to introduce something akin to the KOKORO_BUILD_NIGHTLY environment variable, but it doesn't seem strictly necessary. PiperOrigin-RevId: 291198171
2020-01-22De-duplicate common test functionality for VFS2 filesystems.Rahat Mahmood
PiperOrigin-RevId: 291041576
2020-01-22Use embedded mutex pattern for stack.NICGhanan Gowripalan
- Wrap NIC's fields that should only be accessed while holding the mutex in an anonymous struct with the embedded mutex. - Make sure NIC's spoofing and promiscuous mode flags are only read while holding the NIC's mutex. - Use the correct endpoint when sending DAD messages. - Do not hold the NIC's lock when sending DAD messages. This change does not introduce any behaviour changes. Tests: Existing tests continue to pass. PiperOrigin-RevId: 291036251