summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-06-23Merge release-20200608.0-112-g0c628c315 (automated)gVisor bot
2020-06-23Support inotify in vfs2 gofer fs.Dean Deng
Because there is no inode structure stored in the sandbox, inotify watches must be held on the dentry. This would be an issue in the presence of hard links, where multiple dentries would need to share the same set of watches, but in VFS2, we do not support the internal creation of hard links on gofer fs. As a result, we make the assumption that every dentry corresponds to a unique inode. Furthermore, dentries can be cached and then evicted, even if the underlying file has not be deleted. We must prevent this from occurring if there are any watches that would be lost. Note that if the dentry was deleted or invalidated (d.vfsd.IsDead()), we should still destroy it along with its watches. Additionally, when a dentry’s last watch is removed, we cache it if it also has zero references. This way, the dentry can eventually be evicted from memory if it is no longer needed. This is accomplished with a new dentry method, OnZeroWatches(), which is called by Inotify.RmWatch and Inotify.Release. Note that it must be called after all inotify locks are released to avoid violating lock order. Stress tests are added to make sure that inotify operations don't deadlock with gofer.OnZeroWatches. Updates #1479. PiperOrigin-RevId: 317958034
2020-06-23Merge release-20200608.0-111-g793edf4cb (automated)gVisor bot
2020-06-23Deflake proc test: Don't fail on DT_UNKNOWN.Ting-Yu Wang
Per manual page: "All applications must properly handle a return of DT_UNKNOWN." PiperOrigin-RevId: 317957013
2020-06-23Merge release-20200608.0-110-gedea9a8d0 (automated)gVisor bot
2020-06-23Port readahead to VFS2.Nicolas Lacasse
It preserves the same functionality (almost none) as in VFS1. Updates #2923 #1035 PiperOrigin-RevId: 317943522
2020-06-23Merge release-20200608.0-109-gca1bc46f1 (automated)gVisor bot
2020-06-23Internal change.gVisor bot
PiperOrigin-RevId: 317941748
2020-06-23Merge release-20200608.0-108-g44dd65ce1 (automated)gVisor bot
2020-06-23Merge pull request #2272 from lubinszARM:pr_serr_injectiongVisor bot
PiperOrigin-RevId: 317933650
2020-06-23Merge release-20200608.0-106-g38d7b2fe5 (automated)gVisor bot
2020-06-22Only allow regular files, sockets, pipes, and char devices to be imported.Dean Deng
PiperOrigin-RevId: 317796028
2020-06-22Merge release-20200608.0-105-gc9e697806 (automated)gVisor bot
2020-06-22Fix the way PR build clones gVisor.Ayush Ranjan
Copybara force-pushes to the PR immediately before merging which triggers a PR build. Since the PR is merged, the refspec +refs/pull/{pr_num}/merge is not available and the build fails causing all master commit CI builds to show a failure. This change remove the clone step from travis and clone manually in a way which always would succeed. We fetch +refs/pull/{pr_num}/head and cherry pick that onto the target branch. I have tested this in https://github.com/ayushr2/gvisor/pull/1 and https://github.com/ayushr2/gvisor/pull/2. PiperOrigin-RevId: 317759891
2020-06-22Merge release-20200608.0-104-g4573e7d86 (automated)gVisor bot
2020-06-22Check for invalid trailing / when traversing path in gofer OpenAt.Dean Deng
Updates #2923. PiperOrigin-RevId: 317700049
2020-06-22Merge release-20200608.0-103-g282a6aea1 (automated)gVisor bot
2020-06-22Extract common nested LinkEndpoint patternBruno Dal Bo
... and unify logic for detached netsted endpoints. sniffer.go caused crashes if a packet delivery is attempted when the dispatcher is nil. Extracted the endpoint nesting logic into a common composable type so it can be used by the Fuchsia Netstack (the pattern is widespread there). PiperOrigin-RevId: 317682842
2020-06-22Merge release-20200608.0-102-ga480b4faf (automated)gVisor bot
2020-06-22Allow readdir(/proc/[tid]/net) to return EINVAL on a zombie task.Nicolas Lacasse
Despite what the man page says, linux will return EINVAL when calling getdents() an a /proc/[tid]/net file corresponding to a zombie task. This causes readdir() to return a null pointer AND errno=EINVAL. See fs/proc/proc_net.c:proc_tgid_net_readdir() for where this occurs. We have tests that recursively read /proc, and are likely to hit this when running natively, so we must catch and handle this case. PiperOrigin-RevId: 317674168
2020-06-22Merge release-20200608.0-101-g00928d142 (automated)gVisor bot
2020-06-21Fix vfs2 extended attributes.Dean Deng
Correct behavior when given zero size arguments and trying to set user.* xattrs on files other than regular files or directories. Updates #2923. PiperOrigin-RevId: 317590409
2020-06-20Merge release-20200608.0-100-gf46f4a2af (automated)gVisor bot
2020-06-19Enable passing vfs2 tests.Dean Deng
I forgot to update getdents earlier. Several thousand runs of the fsync and proc_net_unix tests all passed as well. Updates #2923. PiperOrigin-RevId: 317415488
2020-06-19Merge release-20200608.0-99-gad9f46917 (automated)gVisor bot
2020-06-19Fix bugs in vfs2 to make symlink tests pass.Dean Deng
- Return ENOENT if target path is empty. - Make sure open(2) with O_CREAT|O_EXCL returns EEXIST when necessary. - Correctly update atime in tmpfs using touchATime(). Updates #2923. PiperOrigin-RevId: 317382655
2020-06-19Merge release-20200608.0-98-gf0feada89 (automated)gVisor bot
2020-06-19Use internal tmpfs in test runner, even when running with overlay.Nicolas Lacasse
PiperOrigin-RevId: 317377571
2020-06-19Merge release-20200608.0-97-g8655fb724 (automated)gVisor bot
2020-06-19Fix vfs2 proc/self/fd dirent iteration.Dean Deng
Make proc/self/fd iteration work properly. Also, the comment on kernfs.Inode.IterDirents did not accurately reflect how parameters should be used/were used in kernfs.Inode impls other than fdDir. Updates #2923. PiperOrigin-RevId: 317370325
2020-06-19Merge release-20200608.0-96-g7db196c4d (automated)gVisor bot
2020-06-19Port fadvise64 to vfs2.Dean Deng
Like vfs1, we have a trivial implementation that ignores all valid advice. Updates #2923. PiperOrigin-RevId: 317349505
2020-06-19Merge release-20200608.0-95-gd962f9f38 (automated)gVisor bot
2020-06-19Implement UDP cheksum verification.gVisor bot
Test: - TestIncrementChecksumErrors Fixes #2943 PiperOrigin-RevId: 317348158
2020-06-19Merge release-20200608.0-94-ga609fff9d (automated)gVisor bot
2020-06-19Fix vfs2 handling of preadv2/pwritev2 flags.Dean Deng
Check for unsupported flags, and silently support RWF_HIPRI by doing nothing. From pkg/abi/linux/file.go: "gVisor does not implement the RWF_HIPRI feature, but the flag is accepted as a valid flag argument for preadv2/pwritev2." Updates #2923. PiperOrigin-RevId: 317330631
2020-06-19Merge release-20200608.0-93-gf40d023ad (automated)gVisor bot
2020-06-19Don't adjust parent link count if we replace a child dir with another.Dean Deng
Updates #2923. PiperOrigin-RevId: 317314460
2020-06-19Merge release-20200608.0-92-g6b69b955d (automated)gVisor bot
2020-06-19Support all seek options in gofer specialFileFD.Seek.Dean Deng
Updates #2923. PiperOrigin-RevId: 317298186
2020-06-19Merge release-20200608.0-91-g46957ed24 (automated)gVisor bot
2020-06-19Fix synthetic file bugs in gofer fs.Dean Deng
Always check if a synthetic file already exists at a location before creating a file there, and do not try to delete synthetic gofer files from the remote fs. This fixes runsc_ptrace socket tests that create/unlink synthetic, named socket files. Updates #2923. PiperOrigin-RevId: 317293648
2020-06-19Merge release-20200608.0-90-g408f3d2cd (automated)gVisor bot
2020-06-18Fix vfs2 tmpfs link permission checks.Dean Deng
Updates #2923. PiperOrigin-RevId: 317246916
2020-06-19Merge release-20200608.0-89-g70c45e09c (automated)gVisor bot
2020-06-18socket/unix: (*connectionedEndpoint).State() has to take the endpoint lockAndrei Vagin
It accesses e.receiver which is protected by the endpoint lock. WARNING: DATA RACE Write at 0x00c0006aa2b8 by goroutine 189: pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect.func1() pkg/sentry/socket/unix/transport/connectioned.go:359 +0x50 pkg/sentry/socket/unix/transport.(*connectionedEndpoint).BidirectionalConnect() pkg/sentry/socket/unix/transport/connectioned.go:327 +0xa3c pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect() pkg/sentry/socket/unix/transport/connectioned.go:363 +0xca pkg/sentry/socket/unix.(*socketOpsCommon).Connect() pkg/sentry/socket/unix/unix.go:420 +0x13a pkg/sentry/socket/unix.(*SocketOperations).Connect() <autogenerated>:1 +0x78 pkg/sentry/syscalls/linux.Connect() pkg/sentry/syscalls/linux/sys_socket.go:286 +0x251 Previous read at 0x00c0006aa2b8 by goroutine 270: pkg/sentry/socket/unix/transport.(*baseEndpoint).Connected() pkg/sentry/socket/unix/transport/unix.go:789 +0x42 pkg/sentry/socket/unix/transport.(*connectionedEndpoint).State() pkg/sentry/socket/unix/transport/connectioned.go:479 +0x2f pkg/sentry/socket/unix.(*socketOpsCommon).State() pkg/sentry/socket/unix/unix.go:714 +0xc3e pkg/sentry/socket/unix.(*socketOpsCommon).SendMsg() pkg/sentry/socket/unix/unix.go:466 +0xc44 pkg/sentry/socket/unix.(*SocketOperations).SendMsg() <autogenerated>:1 +0x173 pkg/sentry/syscalls/linux.sendTo() pkg/sentry/syscalls/linux/sys_socket.go:1121 +0x4c5 pkg/sentry/syscalls/linux.SendTo() pkg/sentry/syscalls/linux/sys_socket.go:1134 +0x87 Reported-by: syzbot+c2be37eedc672ed59a86@syzkaller.appspotmail.com PiperOrigin-RevId: 317236996
2020-06-19Merge release-20200608.0-88-g0c169b6ad (automated)gVisor bot
2020-06-18iptables: skip iptables if no rules are setKevin Krakauer
Users that never set iptables rules shouldn't incur the iptables performance cost. Suggested by Ian (@iangudger). PiperOrigin-RevId: 317232921
2020-06-19Merge release-20200608.0-87-g28b8a5cc3 (automated)gVisor bot
2020-06-18iptables: remove metadata structKevin Krakauer
Metadata was useful for debugging and safety, but enough tests exist that we should see failures when (de)serialization is broken. It made stack initialization more cumbersome and it's also getting in the way of ip6tables. PiperOrigin-RevId: 317210653