Age | Commit message (Collapse) | Author |
|
|
|
Because there is no inode structure stored in the sandbox, inotify watches
must be held on the dentry. This would be an issue in the presence of hard
links, where multiple dentries would need to share the same set of watches,
but in VFS2, we do not support the internal creation of hard links on gofer
fs. As a result, we make the assumption that every dentry corresponds to a
unique inode.
Furthermore, dentries can be cached and then evicted, even if the underlying
file has not be deleted. We must prevent this from occurring if there are any
watches that would be lost. Note that if the dentry was deleted or invalidated
(d.vfsd.IsDead()), we should still destroy it along with its watches.
Additionally, when a dentry’s last watch is removed, we cache it if it also
has zero references. This way, the dentry can eventually be evicted from
memory if it is no longer needed. This is accomplished with a new dentry
method, OnZeroWatches(), which is called by Inotify.RmWatch and
Inotify.Release. Note that it must be called after all inotify locks are
released to avoid violating lock order. Stress tests are added to make sure
that inotify operations don't deadlock with gofer.OnZeroWatches.
Updates #1479.
PiperOrigin-RevId: 317958034
|
|
|
|
Per manual page:
"All applications must properly handle a return of DT_UNKNOWN."
PiperOrigin-RevId: 317957013
|
|
|
|
It preserves the same functionality (almost none) as in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317943522
|
|
|
|
PiperOrigin-RevId: 317941748
|
|
|
|
PiperOrigin-RevId: 317933650
|
|
|
|
PiperOrigin-RevId: 317796028
|
|
|
|
Copybara force-pushes to the PR immediately before merging which triggers a PR
build. Since the PR is merged, the refspec +refs/pull/{pr_num}/merge is not
available and the build fails causing all master commit CI builds to show a
failure.
This change remove the clone step from travis and clone manually in a way
which always would succeed. We fetch +refs/pull/{pr_num}/head and cherry pick
that onto the target branch.
I have tested this in https://github.com/ayushr2/gvisor/pull/1 and
https://github.com/ayushr2/gvisor/pull/2.
PiperOrigin-RevId: 317759891
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317700049
|
|
|
|
... and unify logic for detached netsted endpoints.
sniffer.go caused crashes if a packet delivery is attempted when the dispatcher
is nil.
Extracted the endpoint nesting logic into a common composable type so it can be
used by the Fuchsia Netstack (the pattern is widespread there).
PiperOrigin-RevId: 317682842
|
|
|
|
Despite what the man page says, linux will return EINVAL when calling
getdents() an a /proc/[tid]/net file corresponding to a zombie task. This
causes readdir() to return a null pointer AND errno=EINVAL.
See fs/proc/proc_net.c:proc_tgid_net_readdir() for where this occurs.
We have tests that recursively read /proc, and are likely to hit this when
running natively, so we must catch and handle this case.
PiperOrigin-RevId: 317674168
|
|
|
|
Correct behavior when given zero size arguments and trying to set user.* xattrs
on files other than regular files or directories.
Updates #2923.
PiperOrigin-RevId: 317590409
|
|
|
|
I forgot to update getdents earlier. Several thousand runs of the fsync and
proc_net_unix tests all passed as well.
Updates #2923.
PiperOrigin-RevId: 317415488
|
|
|
|
- Return ENOENT if target path is empty.
- Make sure open(2) with O_CREAT|O_EXCL returns EEXIST when necessary.
- Correctly update atime in tmpfs using touchATime().
Updates #2923.
PiperOrigin-RevId: 317382655
|
|
|
|
PiperOrigin-RevId: 317377571
|
|
|
|
Make proc/self/fd iteration work properly. Also, the comment on
kernfs.Inode.IterDirents did not accurately reflect how parameters should be
used/were used in kernfs.Inode impls other than fdDir.
Updates #2923.
PiperOrigin-RevId: 317370325
|
|
|
|
Like vfs1, we have a trivial implementation that ignores all valid advice.
Updates #2923.
PiperOrigin-RevId: 317349505
|
|
|
|
Test:
- TestIncrementChecksumErrors
Fixes #2943
PiperOrigin-RevId: 317348158
|
|
|
|
Check for unsupported flags, and silently support RWF_HIPRI by doing nothing.
From pkg/abi/linux/file.go: "gVisor does not implement the RWF_HIPRI feature,
but the flag is accepted as a valid flag argument for preadv2/pwritev2."
Updates #2923.
PiperOrigin-RevId: 317330631
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317314460
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317298186
|
|
|
|
Always check if a synthetic file already exists at a location before creating a
file there, and do not try to delete synthetic gofer files from the remote fs.
This fixes runsc_ptrace socket tests that create/unlink synthetic, named socket
files.
Updates #2923.
PiperOrigin-RevId: 317293648
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317246916
|
|
|
|
It accesses e.receiver which is protected by the endpoint lock.
WARNING: DATA RACE
Write at 0x00c0006aa2b8 by goroutine 189:
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect.func1()
pkg/sentry/socket/unix/transport/connectioned.go:359 +0x50
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).BidirectionalConnect()
pkg/sentry/socket/unix/transport/connectioned.go:327 +0xa3c
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect()
pkg/sentry/socket/unix/transport/connectioned.go:363 +0xca
pkg/sentry/socket/unix.(*socketOpsCommon).Connect()
pkg/sentry/socket/unix/unix.go:420 +0x13a
pkg/sentry/socket/unix.(*SocketOperations).Connect()
<autogenerated>:1 +0x78
pkg/sentry/syscalls/linux.Connect()
pkg/sentry/syscalls/linux/sys_socket.go:286 +0x251
Previous read at 0x00c0006aa2b8 by goroutine 270:
pkg/sentry/socket/unix/transport.(*baseEndpoint).Connected()
pkg/sentry/socket/unix/transport/unix.go:789 +0x42
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).State()
pkg/sentry/socket/unix/transport/connectioned.go:479 +0x2f
pkg/sentry/socket/unix.(*socketOpsCommon).State()
pkg/sentry/socket/unix/unix.go:714 +0xc3e
pkg/sentry/socket/unix.(*socketOpsCommon).SendMsg()
pkg/sentry/socket/unix/unix.go:466 +0xc44
pkg/sentry/socket/unix.(*SocketOperations).SendMsg()
<autogenerated>:1 +0x173
pkg/sentry/syscalls/linux.sendTo()
pkg/sentry/syscalls/linux/sys_socket.go:1121 +0x4c5
pkg/sentry/syscalls/linux.SendTo()
pkg/sentry/syscalls/linux/sys_socket.go:1134 +0x87
Reported-by: syzbot+c2be37eedc672ed59a86@syzkaller.appspotmail.com
PiperOrigin-RevId: 317236996
|
|
|
|
Users that never set iptables rules shouldn't incur the iptables performance
cost. Suggested by Ian (@iangudger).
PiperOrigin-RevId: 317232921
|
|
|
|
Metadata was useful for debugging and safety, but enough tests exist that we
should see failures when (de)serialization is broken. It made stack
initialization more cumbersome and it's also getting in the way of ip6tables.
PiperOrigin-RevId: 317210653
|