summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-09-28Merge release-20210921.0-37-ged083bac4 (automated)gVisor bot
2021-09-28Support naive Masquerade NAT targetGhanan Gowripalan
* Does not accept a port range (Issue #5772). * Does not support checking for tuple conflits (Issue #5773). PiperOrigin-RevId: 399524088
2021-09-27Merge release-20210921.0-36-ge251f6cc5 (automated)gVisor bot
2021-09-27Move `sighandling` package out of `sentry`.Etienne Perot
PiperOrigin-RevId: 399295737
2021-09-27Merge release-20210921.0-35-gdc64617d5 (automated)gVisor bot
2021-09-27Implement S/R for StatsTamir Duberstein
PiperOrigin-RevId: 399276940
2021-09-27Merge release-20210921.0-34-g1fe0a6691 (automated)gVisor bot
2021-09-27Prevent PacketData from being modified.Ayush Ranjan
PacketData should not be modified and should be treated readonly because it represents packet payload. The old DeleteFront method allowed callers to modify the underlying buffer which should not be allowed. Added a way to consume from the PacketData instead of deleting from it. Updated call points to use that instead. Reported-by: syzbot+faee5cb350f769a52d1b@syzkaller.appspotmail.com PiperOrigin-RevId: 399268473
2021-09-27Merge release-20210921.0-33-g455924ee1 (automated)gVisor bot
2021-09-27Store pending endpoints in a setTamir Duberstein
There's no need for synthetic keys here. PiperOrigin-RevId: 399263134
2021-09-25Merge release-20210921.0-32-g2e25547e0 (automated)gVisor bot
2021-09-24Merge pull request #6570 from sudo-sturbia:ipc/procgVisor bot
PiperOrigin-RevId: 398849334
2021-09-24Merge release-20210921.0-30-ge3657847c (automated)gVisor bot
2021-09-24Update the comment for Task.netnsAndrei Vagin
Task.netns can be accessed atomically, so Task.mu isn't needed to access it. PiperOrigin-RevId: 398773947
2021-09-24Merge release-20210921.0-29-gb510c9846 (automated)gVisor bot
2021-09-24Merge pull request #6647 from avagin:task-netnsgVisor bot
PiperOrigin-RevId: 398763161
2021-09-24Run proc's static-file tests in a container.Zyad A. Ali
Some /proc files are static in gVisor, but can be updated in native linux. To test the values of these files, move them to a separate test and run it using "container" tag to avoid faulty comparisons in native. Since a separate IPC namespace is used, update shm comparisons to check the actual value, not an interval.
2021-09-24Merge release-20210921.0-27-g12175748a (automated)gVisor bot
2021-09-23Allow lisafs client to send more data than MaxMessageSize using chunks.Ayush Ranjan
The p9 client does the same. This allows applications to read/write >= 2MB of data. This enables the read write benchmarks to work with lisafs. Updates #5466 PiperOrigin-RevId: 398659947
2021-09-23kernel: allow to access Task.netns without taking Task.muAndrei Vagin
This allows to avoind unnecessary lock-ordering dependencies on task.mu.
2021-09-23Merge release-20210921.0-26-g2b7766333 (automated)gVisor bot
2021-09-23Create the cgroupfs mount point in sysfs.Rahat Mahmood
Create the /sys/fs/cgroup directory when cgroups are available. This creates the empty directory to serve as the mountpoint, actually mounting cgroups is left to the launcher/userspace. This is consistent with Linux behaviour. Without this mountpoint, getdents(2) on /sys/fs indicates an empty directory even if the launcher mounts cgroupfs at /sys/fs/cgroup. The launcher can't create the mountpoint directory since sysfs doesn't support mkdir. PiperOrigin-RevId: 398596698
2021-09-23Merge release-20210921.0-25-g93ac15577 (automated)gVisor bot
2021-09-23Merge pull request #6573 from avagin:kvm-seccomp-mmapgVisor bot
PiperOrigin-RevId: 398572735
2021-09-23Merge release-20210921.0-20-g8627db006 (automated)gVisor bot
2021-09-23Pass AddressableEndpoint to IPTablesGhanan Gowripalan
...instead of an address. This allows a later change to more precisely select an address based on the NAT type (source vs. destination NAT). PiperOrigin-RevId: 398559901
2021-09-23Merge release-20210921.0-19-g1df5ad1c7 (automated)gVisor bot
2021-09-23Implement S/R for TransportEndpointStatsTamir Duberstein
PiperOrigin-RevId: 398559780
2021-09-23Merge release-20210921.0-18-g2e4f26ac5 (automated)gVisor bot
2021-09-23Compose ICMP endpoint with datagram-based endpointGhanan Gowripalan
An ICMP endpoint's write path can use the datagram-based endpoint. Updates #6565. Test: Datagram-based generic socket + ICMP/ping syscall tests. PiperOrigin-RevId: 398539844
2021-09-23Merge release-20210921.0-17-gd480289ad (automated)gVisor bot
2021-09-23Introduce method per iptables hookGhanan Gowripalan
...to make it clear what arguments are needed per hook. PiperOrigin-RevId: 398538776
2021-09-23Merge release-20210921.0-16-g603de33b7 (automated)gVisor bot
2021-09-23Avoid listenContext.listenEP when it is the receiverTamir Duberstein
This circular reference is misleading at best, and the various code and commentary that claim `listenEP` can be nil are impossible by definition. Add checklocks annotations to enforce preconditions. PiperOrigin-RevId: 398517574
2021-09-23Merge release-20210921.0-15-g861c6c897 (automated)gVisor bot
2021-09-22Merge pull request #6617 from Stig124:docs-aptgVisor bot
PiperOrigin-RevId: 398393055
2021-09-23Merge release-20210921.0-13-gde750eb1d (automated)gVisor bot
2021-09-22Add Execve and ExitNotifyParent checkpoints.Jamie Liu
Call sites for the two checkpoints aren't added yet. PiperOrigin-RevId: 398375903
2021-09-23Merge release-20210921.0-12-gd87725451 (automated)gVisor bot
2021-09-22Track UDP connectionsGhanan Gowripalan
This will enable NAT to be performed on UDP packets that are sent in response to packets sent by the stack. This will also enable ICMP errors to be properly NAT-ed in response to UDP packets (#5916). Updates #5915. PiperOrigin-RevId: 398373251
2021-09-22Make benchmark `String()` output prettier.Etienne Perot
PiperOrigin-RevId: 398372542
2021-09-23Merge release-20210921.0-10-gcea0a1aa7 (automated)gVisor bot
2021-09-22Fold rcv_test into tcp_testTamir Duberstein
This prevents go module errors of the form found packages tcp (accept.go) and rcv (rcv_test.go) in ... PiperOrigin-RevId: 398370042
2021-09-23Merge release-20210921.0-9-g6b7f58b2a (automated)gVisor bot
2021-09-22Add `NewCondition` helper in `bigquery.go`.Etienne Perot
PiperOrigin-RevId: 398366805
2021-09-22Merge release-20210906.0-59-g586f147cd (automated)gVisor bot
2021-09-22Do not rate limit ICMP Echos by defaultBruno Dal Bo
As per https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt linux does not limit ICMP Echos by default. icmp_ratemask - INTEGER Mask made of ICMP types for which rates are being limited. Significant bits: IHGFEDCBA9876543210 Default mask: 0000001100000011000 (6168) Bit definitions (see include/linux/icmp.h): 0 Echo Reply 3 Destination Unreachable * 4 Source Quench * 5 Redirect 8 Echo Request B Time Exceeded * C Parameter Problem * D Timestamp Request E Timestamp Reply F Info Request G Info Reply H Address Mask Request I Address Mask Reply * These are rate limited by default (see default mask above) Equivalently for ICMPv6. Lay out foundation for ICMP rate masks, exposing that configuration will be addressed later when the need arises (#6521). Fixes #6519 PiperOrigin-RevId: 398337963
2021-09-22Change EcdsaVerify to specifically P-384 and compute the SHA384 digest.Carmen Hanish
PiperOrigin-RevId: 398336708
2021-09-22kvm: check that safecopy is handled correctly in the guest ring0Andrei Vagin
Signed-off-by: Andrei Vagin <avagin@google.com>
2021-09-22kvm: trap mmap syscalls to map new regions to the guestAndrei Vagin
We install seccomp rules so that the SIGSYS signal is generated for each mmap system call. Then our signal handler executes the real mmap syscall and if a new regions is created, it maps it to the guest. Signed-off-by: Andrei Vagin <avagin@google.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 09:44:10 +0000