summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-09-18Add "Containing a Real Vulnerability" blog postFabricio Voznika
PiperOrigin-RevId: 332477119
2020-09-18Fix definition of SchedParam.Rahat Mahmood
Linux defines this struct as: struct sched_param { int priority; } ... in include/linux/sched.h. PiperOrigin-RevId: 332473133
2020-09-18Drop ARCH_GET_FSMichael Pratt
Go does not call arch_prctl(ARCH_GET_FS), nor am I sure it ever did. Drop the filter. PiperOrigin-RevId: 332470532
2020-09-18Use common parsing utilities when sniffingGhanan Gowripalan
Extract parsing utilities so they can be used by the sniffer. Fixes #3930 PiperOrigin-RevId: 332401880
2020-09-17fuse.DeviceFD needs to hold a reference on the associated filesystem.Rahat Mahmood
This fixes a use-after-free in fuse.DeviceFD.Release. PiperOrigin-RevId: 332394146
2020-09-17Test IPv4 WritePackets statsKevin Krakauer
IPv6 tests will be added in another CL along with ip6tables. PiperOrigin-RevId: 332389102
2020-09-17ip6tables: filter table supportKevin Krakauer
`ip6tables -t filter` is now usable. NAT support will come in a future CL. #3549 PiperOrigin-RevId: 332381801
2020-09-17{Set,Get} SO_LINGER on all endpoints.Nayana Bidari
SO_LINGER is a socket level option and should be stored on all endpoints even though it is used to linger only for TCP endpoints. PiperOrigin-RevId: 332369252
2020-09-17Fix root tests target in Makefile.Ayush Ranjan
PiperOrigin-RevId: 332358833
2020-09-17[testing] Use container address to talk to server running inside container.Ayush Ranjan
Docker does not have IPv6 port forwarding as tracked by the following issue: https://github.com/moby/moby/issues/11518 So when running bazel itself inside a docker container, we can not use the host port bindings to communicate with sockets inside the container. This was causing integration tests and image tests to fail when run through our Makefile targets. PiperOrigin-RevId: 332355051
2020-09-17Change sizeofInt32 to string sizeChong Cai
This constant is used to represent int32 stored in file xattrs. The integers are stored as strings there, so the real size should be the string size (number of digits) instead of an int size (4 bytes). PiperOrigin-RevId: 332353217
2020-09-17Set mode when creating Merkle tree fileChong Cai
PiperOrigin-RevId: 332340342
2020-09-17Complete vfs2 implementation of fallocate.Dean Deng
This change includes overlay, special regular gofer files, and hostfs. Fixes #3589. PiperOrigin-RevId: 332330860
2020-09-17Merge pull request #3979 from jinmouil:feature/fuse-fixgVisor bot
PiperOrigin-RevId: 332328860
2020-09-17Return ENOPROTOOPT for all SOL_PACKET options.Bhasker Hariharan
This is required to make tcpdump work. tcpdump falls back to not using things like PACKET_RX_RING if setsockopt returns ENOPROTOOPT. This used to be the case before https://github.com/google/gvisor/commit/6f8fb7e0db2790ff1f5ba835780c03fe245e437f. Fixes #3981 PiperOrigin-RevId: 332326517
2020-09-17Fix kernfs unlinkat and rmdirat incorrect resolved path nameJinmou Li
2020-09-17Provide testing container with docker config file.Ayush Ranjan
This is needed by test/e2e/integration_test:TestCheckpointRestore to check for filesystem versioning. PiperOrigin-RevId: 332285566
2020-09-17Remove option to panic goferFabricio Voznika
Gofer panics are suppressed by p9 server and an error is returned to the caller, making it effectively the same as returning EROFS. PiperOrigin-RevId: 332282959
2020-09-17Deflake vdso_clock_gettime test.Jamie Liu
PiperOrigin-RevId: 332281930
2020-09-17Disable nodejs12.4 test async-hooks/test-statwatcher.Jamie Liu
PiperOrigin-RevId: 332281912
2020-09-17Add VFS2 overlay support in runscFabricio Voznika
All tests under runsc are passing with overlay enabled. Updates #1487, #1199 PiperOrigin-RevId: 332181267
2020-09-16Merge pull request #3934 from avagin:feature/fusegVisor bot
PiperOrigin-RevId: 332122081
2020-09-16Implement OpenAt() for verity fsChong Cai
OpenAt() for verity fs is implemented by opening both the target file or directory and the corresponding Merkle tree file in the underlying file system. Generally they are only open for read. In allowRuntimeEnable mode, the Merkle tree file is also open for write. PiperOrigin-RevId: 332116423
2020-09-16Cleanup device name confusion in packetimpact testbenchZeling Feng
There are two device names on the test net. - The sniffer/injector device which is always a linux device. Only the testbench library is interested in this device. - The device which is on the DUT. It happens to be the same device as the former if DUT is linux. An individual test might be interested in this device if the test cares about the device name. PiperOrigin-RevId: 332112968
2020-09-16Automated rollback of changelist 329526153Nayana Bidari
PiperOrigin-RevId: 332097286
2020-09-16Bind loopback subnets' lifetime to perm addressGhanan Gowripalan
The lifetime of addreses in a loopback interface's associated subnets should be bound to their respective permanent addresses. This change also fixes a race when the stack attempts to get an IPv4 rereferencedNetworkEndpoint for an address in an associated subnet on a loopback interface. Before this change, the stack would only check if an IPv4 address is contained in an associated subnet while holding a read lock but wouldn't do this same check after releasing the read lock for a write lock to create a temporary address. This may cause the stack to bind the lifetime of the address to a new (temporary) endpoint instead of the associated subnet's permanent address. Test: integration_test.TestLoopbackSubnetLifetimeBoundToAddr PiperOrigin-RevId: 332094719
2020-09-16Implement PRead for verity fsChong Cai
PRead is implemented by read from the underlying file in blocks, and verify each block. The verified contents are saved into the output buffer. PiperOrigin-RevId: 332092267
2020-09-16Gracefully translate unknown errno.Ting-Yu Wang
Neither POSIX.1 nor Linux defines an upperbound for errno. PiperOrigin-RevId: 332085017
2020-09-16[runtime tests] Add documentation.Ayush Ranjan
Added a README describing what these tests are, how they work and how to run them locally. Also reorganized the exclude files into a directory. PiperOrigin-RevId: 332079697
2020-09-16Merge pull request #3893 from lubinszARM:pr_n1_03gVisor bot
PiperOrigin-RevId: 332069743
2020-09-16fuse: fix data race in fusefs Release()Jinmou Li
fix #3956
2020-09-16fuse: fix FUSE_RELEASE reply handlingJinmou Li
fix #3963
2020-09-16FUSE readdir test fix ino initializationJinmou Li
2020-09-16Update fuse.md design doc with design detailsJinmou Li
2020-09-16test/fuse: use the getdents syscall instead of opendir/readdirAndrei Vagin
opendir() is a libc wrapper. Different libc-s can implement it differently.
2020-09-16test/fuse: clean upAndrei Vagin
2020-09-16Fix FUSE connection control lock ordering and race in unit testJinmou Li
2020-09-16fuse: don't pass lock by valueAndrei Vagin
copylocks: directory.go:34:7: Allocate passes lock by value: fuse/fuse.directoryFD contains fuse/fuse.fileDescription contains pkg/sentry/vfs/vfs.FileDescription contains pkg/sync/sync.Mutex
2020-09-16fuse: fix a compile time errorAndrei Vagin
readdir_test.cc:134:24: error: variable length arrays are a C99 feature [-Werror,-Wvla-extension] char readdir_payload[readdir_payload_size];
2020-09-16Revert "fuse: add benchmarking support for FUSE"Andrei Vagin
test/fuse/benchmark/read_benchmark.cc:34: Failure Expected: (fuse_prefix) != (nullptr), actual: NULL vs (nullptr) external/com_google_benchmark/src/benchmark_runner.cc:120: RunInThread: Check `st.iterations() >= st.max_iterations' failed. Benchmark returned before State::KeepRunning() returned false! --- FAIL: Benchmarks_BM_Read/262144/real_time (0.29s) runner.go:502: test "Benchmarks.BM_Read/262144/real_time" failed with error exit status 134, want nil FAIL
2020-09-16Fix FUSE unit test after vfs interface changeJinmou Li
2020-09-16Fix FUSE go unit test merge conflict mistakeJinmou Li
2020-09-16Receive broadcast packets on interested endpointsGhanan Gowripalan
When a broadcast packet is received by the stack, the packet should be delivered to each endpoint that may be interested in the packet. This includes all any address and specified broadcast address listeners. Test: integration_test.TestReuseAddrAndBroadcast PiperOrigin-RevId: 332060652
2020-09-16fs/fuse: Move the 'marshal' and 'primitive' packages to the 'pkg' directory.Andrei Vagin
2020-09-16fuse_open: add padding to open out requestBoyuan He
2020-09-16Unexport fusefs.inode.nodeIDCraig Chi
2020-09-16Implement FUSE_UNLINKBoyuan He
Fixes #3696
2020-09-16Fix comments of TODO issues.Craig Chi
2020-09-16Add FUSE umount supportJinmou Li
This change implements Release for the FUSE filesystem and expected behaviors of the FUSE devices. It includes several checks for aborted connection in the path for making a request and a function to abort all the ongoing FUSE requests in order.
2020-09-16Fix FUSE_RELEASE protocol reply processingJinmou Li
This commit fixes the potential unexpected errors of original handling of FUSE_RELEASE responses while keep the same behavior (ignoring any reply).