Age | Commit message (Collapse) | Author |
|
In the general case, files may have offsets between MaxInt64 and MaxUint64; in
Linux pgoff is consistently represented by an unsigned long, and in gVisor the
offset types in memmap.MappableRange are uint64. However, regular file mmap is
constrained to int64 offsets (on 64-bit systems) by
mm/mmap.c:file_mmap_size_max() => MAX_LFS_FILESIZE == LLONG_MAX.
As a related fix, check for chunkStart overflow in fsutil.HostFileMapper; chunk
offsets are uint64s, but as noted above some file types may use uint64 offsets
beyond MaxInt64.
Reported-by: syzbot+71342a1585aed97ed9f7@syzkaller.appspotmail.com
PiperOrigin-RevId: 397136751
|
|
...to match Linux behaviour.
Fixes #5711.
PiperOrigin-RevId: 397132671
|
|
PiperOrigin-RevId: 397114051
|
|
Add global flags -profile-{block,cpu,heap,mutex} and -trace which
enable collection of the specified profile for the entire duration of a
container execution. This provides a way to definitively start profiling
before that application starts, rather than attempting to race with an
out-of-band `runsc debug`.
Note that only the main boot process is profiled.
This exposed a bug in Task.traceExecEvent: a crash when tracing and
-race are enabled. traceExecEvent is called off of the task goroutine,
but uses the Task as a context, which is a violation of the Task
contract. Switching to the AsyncContext fixes the issue.
Fixes #220
|
|
...to catch lock-related bugs in nogo tests.
Also update the endpoint's state field to be accessed while the mutex is
held instead of requiring atomic operations as nothing needs to call the
State method while the mutex is held.
Updates #6566.
PiperOrigin-RevId: 397010316
|
|
...to catch lock-related bugs in nogo tests.
This change also disables/enables packet reception before/after
save/restore with a flag that is protected by rcvMu instead of mu.
Updates #6566.
PiperOrigin-RevId: 396946187
|
|
PiperOrigin-RevId: 396938550
|
|
Replaced the current AddAddressWithOptions method with
AddAddressWithProperties which passes all address properties in
a single AddressProperties type. More properties that need to be
configured in the future are expected, so adding a type makes adding
them easier.
PiperOrigin-RevId: 396930729
|
|
...and EAFNOSUPPORT for unexpected address family.
To comply with Linux.
Updates #6021, #6575.
PiperOrigin-RevId: 396893590
|
|
PiperOrigin-RevId: 396754242
|
|
A raw IP endpoint's write and socket option get/set path can use the
datagram-based endpoint.
This change extracts tests from UDP that may also run on Raw IP sockets.
Updates #6565.
Test: Raw IP + datagram-based socket syscall tests.
PiperOrigin-RevId: 396729727
|
|
Code to get the loopback interface's index is scattered throughout the
syscall tests. Implement the code once and use that in tests (where
applicable).
While I am here, trim the dependencies/includes for network namespace
tests.
PiperOrigin-RevId: 396718124
|
|
Previously, we weren't making a copy when a sysv message queue was
receiving a message with the MSG_COPY flag. This flag indicates the
message being received should be left in the queue and a copy of the
message should be returned to userspace. Without the copy, a racing
process can modify the original message while it's being marshalled to
user memory.
Reported-by: syzbot+cb15e644698b20ff4e17@syzkaller.appspotmail.com
PiperOrigin-RevId: 396712856
|
|
Previously, any time a datagram-based network endpoint (e.g. UDP) was
bound, the bound NIC is always set based on the bound address (if
specified). However, we should only consider the endpoint bound to
an NIC if a NIC was explicitly bound to.
If an endpoint has been bound to an address and attempts to send packets
to an unconnected remote, the endpoint will default to sending packets
through the bound address' NIC if not explicitly bound to a NIC.
Updates #6565.
PiperOrigin-RevId: 396712415
|
|
Fixed a bug introduced in the following commit:
https://github.com/google/gvisor/commit/979d6e7d77b17e94defc29515180cc75d3560383
The commit introduced a bug which causes the recvmmsg dispatcher to never exit
as BlockingPoll is now called with two fds and poll will not return an error
anymore if one of the FD is closed. We need to explicitly check the events for
each FD to determine if the sentry FD is closed.
ReadV dispatcher does not have the same issue as Readv does not rely on sk_err
field of the underlying socket to determine if the socket is in an error
state. Recvmmsg OTOH seems to get confused and always returns EAGAIN if poll()
is called which queries the sk_err field and clears it.
PiperOrigin-RevId: 396676135
|
|
SOL_UDP is used when get/set-ing socket options to specify the socket
level. When creating normal UDP sockets, the protocol need not be
specified. When creating RAW IP sockets for UDP, use IPPROTO_UDP.
PiperOrigin-RevId: 396675986
|
|
PiperOrigin-RevId: 396670516
|
|
Rootless mode seems to work fine for simple containers with runsc run,
so allow its use.
Since runsc run is more widely used, require a workable --network option
is passed rather than automatically switching like runsc do does.
Fixes #3036
|
|
...if bound to an address.
We previously checked the source of a packet instead of the destination
of a packet when bound to an address.
PiperOrigin-RevId: 396497647
|
|
PiperOrigin-RevId: 396476303
|
|
Otherwise it can fail:
$ bazel cquery pkg/p9/... --output=starlark --starlark:file=tools/show_paths.bzl
...
ERROR: Starlark evaluation error for //pkg/p9/p9test:mockgen:
Traceback (most recent call last):
File "tools/show_paths.bzl", line 8, column 32, in format
Error: 'NoneType' value has no field or method 'get'
PiperOrigin-RevId: 396457764
|
|
...as raw endpoints expect the packet's NICID to be set.
PiperOrigin-RevId: 396446552
|
|
Updates #220
|
|
Setting the ToS for IPv4 packets (SOL_IP, IP_TOS) should not affect the
Traffic Class of IPv6 packets (SOL_IPV6, IPV6_TCLASS).
Also only return the ToS value XOR Traffic Class as a packet cannot be
both an IPv4 and an IPv6 packet; It is invalid to return both the IPv4
ToS and IPv6 Traffic Class control messages when reading packets.
Updates #6389.
PiperOrigin-RevId: 396399096
|
|
Fixes #6558
PiperOrigin-RevId: 396393293
|
|
PiperOrigin-RevId: 396155387
|
|
PiperOrigin-RevId: 396042572
|
|
PiperOrigin-RevId: 395859347
|
|
Previously, gVisor did not represent loopback devices as an ethernet
device as Linux does. To maintain Linux API compatibility for packet
sockets, a workaround was used to add an ethernet header if a link
header was not already present in the packet buffer delivered to a
packet endpoint.
However, this workaround is a bug for non-ethernet based interfaces; not
all links use an ethernet header (e.g. pure L3/TUN interfaces).
As of 3b4bb947517d0d9010120aaa1c3989fd6abf278e, gVisor represents
loopback devices as an ethernet-based device so this workaround can
now be removed.
BUG: https://fxbug.dev/81592
Updates #6530, #6531.
PiperOrigin-RevId: 395819151
|
|
PiperOrigin-RevId: 395809193
|
|
This change removes NetworkDispatcher.DeliverOutboundPacket.
Since all packet writes go through the NIC (the only NetworkDispatcher),
we can deliver outgoing packets to interested packet endpoints before
writing the packet to the link endpoint as the stack expects that all
packets that get delivered to a link endpoint are transmitted on the
wire. That is, link endpoints no longer need to let the stack know when
it writes a packet as the stack already knows about the packet it writes
through a link endpoint.
PiperOrigin-RevId: 395761629
|
|
Fixes #6532
PiperOrigin-RevId: 395741741
|
|
PiperOrigin-RevId: 395338926
|
|
NewTempAbsPathInDir("/tmp") prevents the generated socket address from
exceeding sizeof(addr.sun_path). However, existing systems that are built with
the ANDROID configuration have their temp directory in a different location.
This change allows those systems to run tests that depend on UniqueUnixAddr.
PiperOrigin-RevId: 395336483
|
|
PiperOrigin-RevId: 395325998
|
|
This defines common infrastructure for dynamically-configured security checks,
including an example usage in the clone(2) path.
PiperOrigin-RevId: 394797270
|
|
PiperOrigin-RevId: 394560866
|
|
If we want to take two endpoint locks, we need to be sure that we always
take them in the same order.
Accept() locks the listening endpoint to work with acceptedChan and then
it calls GetLocalAddress that locks an accepted endpoint. Actually, we
can release the listening endpoint lock before calling GetLocalAddress.
Reported-by: syzbot+f52bd603f51a4ae91054@syzkaller.appspotmail.com
PiperOrigin-RevId: 394553823
|
|
PiperOrigin-RevId: 394481127
|
|
...through the loopback interface, only.
This change only supports sending on packet sockets through the loopback
interface as the loopback interface is the only interface used in packet
socket syscall tests - the other link endpoints are not excercised with
the existing test infrastructure.
Support for sending on packet sockets through the other interfaces will
be added as needed.
BUG: https://fxbug.dev/81592
PiperOrigin-RevId: 394368899
|
|
For a small receive buffer the first out-of-order segment will get accepted and
fill up the receive buffer today. This change now includes the size of the
out-of-order segment when checking whether to queue the out of order segment or
not.
PiperOrigin-RevId: 394351309
|
|
...from the UDP endpoint.
Datagram-based transport endpoints (e.g. UDP, RAW IP) can share a lot
of their write path due to the datagram-based nature of these endpoints.
Extract the common facilities from UDP so they can be shared with other
transport endpoints (in a later change).
Test: UDP syscall tests.
PiperOrigin-RevId: 394347774
|
|
PiperOrigin-RevId: 394331928
|
|
reflect.ValueOf takes an interface{}, so when passed a slice the compiler emits
a call to runtime.convTslice to heap-allocate a copy of the slice header.
PiperOrigin-RevId: 394310052
|
|
PiperOrigin-RevId: 394300607
|
|
PiperOrigin-RevId: 394296687
|
|
Reported-by: syzbot+1aab6800bd14829609b8@syzkaller.appspotmail.com
PiperOrigin-RevId: 394279838
|
|
A blog about RACK loss detection algorithm implemented in gVisor.
(https://datatracker.ietf.org/doc/rfc8985/)
PiperOrigin-RevId: 394265634
|
|
PiperOrigin-RevId: 394261815
|
|
These tests are permanently broken on Linux after 36e2c7421f02 "fs: don't allow
splice read/write without explicit ops".
PiperOrigin-RevId: 394161079
|