summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-07-09tss: block userspace access to all I/O ports.Liu Hua
A userspace process (CPL=3) can access an i/o port if the bit corresponding to the port is set to 0 in the I/O permission bitmap. Configure the I/O permission bitmap address beyond the last valid byte in the TSS so access to all i/o ports is blocked. Signed-off-by: Liu Hua <sdu.liu@huawei.com> Change-Id: I3df76980c3735491db768f7210e71703f86bb989 PiperOrigin-RevId: 257336518
2019-07-09ext4: disklayout: Directory Entry implementation.Ayush Ranjan
PiperOrigin-RevId: 257314911
2019-07-09build: add nogo for static validationAdin Scannell
PiperOrigin-RevId: 257297820
2019-07-09Cleanup straggling syscall dependencies.Adin Scannell
PiperOrigin-RevId: 257293198
2019-07-08Don't mask errors in createAt loop.Nicolas Lacasse
The error set in the loop in createAt was being masked by other errors declared with ":=". This allowed an ErrResolveViaReadlink error to escape, which can cause a sentry panic. Added test case which repros without the fix. PiperOrigin-RevId: 257061767
2019-07-08Internal change.gVisor bot
PiperOrigin-RevId: 257042681
2019-07-08Merge pull request #375 from jmgao:mastergVisor bot
PiperOrigin-RevId: 257041876
2019-07-08Don't try to execute a file that is not regular.Nicolas Lacasse
PiperOrigin-RevId: 257037608
2019-07-08ext4: disklayout: inode impl.Ayush Ranjan
PiperOrigin-RevId: 257010414
2019-07-03Avoid importing platforms from many source filesAndrei Vagin
PiperOrigin-RevId: 256494243
2019-07-03Fix syscall doc for getresgidIan Lewis
PiperOrigin-RevId: 256481284
2019-07-03futex: compare keys for equality when doing a FUTEX_UNLOCK_PI.Neel Natu
PiperOrigin-RevId: 256453827
2019-07-03netstack/udp: connect with the AF_UNSPEC address family means disconnectAndrei Vagin
PiperOrigin-RevId: 256433283
2019-07-03Merge pull request #493 from ahmetb:reticulating-splinesgVisor bot
PiperOrigin-RevId: 256319059
2019-07-02Solve BounceToKernel may hang issueYong He
BounceToKernel will make vCPU quit from guest ring3 to guest ring0, but vCPUWaiter is not cleared when we unlock the vCPU, when next time this vCPU enter guest mode ring3, vCPU may enter guest mode with vCPUWaiter bit setted, this will cause the following BounceToKernel to this vCPU hangs at waitUntilNot. Halt may workaroud this issue, because halt process will reset vCPU status into vCPUUser, and notify all waiter for vCPU state change, but if there is no exception or syscall in this period, BounceToKernel will hang at waitUntilNot. PiperOrigin-RevId: 256299660
2019-07-02Remove map from fd_map, change to fd_table.Adin Scannell
This renames FDMap to FDTable and drops the kernel.FD type, which had an entire package to itself and didn't serve much use (it was freely cast between types, and served as more of an annoyance than providing any protection.) Based on BenchmarkFDLookupAndDecRef-12, we can expect 5-10 ns per lookup operation, and 10-15 ns per concurrent lookup operation of savings. This also fixes two tangential usage issues with the FDMap. Namely, non-atomic use of NewFDFrom and associated calls to Remove (that are both racy and fail to drop the reference on the underlying file.) PiperOrigin-RevId: 256285890
2019-07-02Add documentation for remaining syscalls (fixes #197, #186)Ian Lewis
Adds support level documentation for all syscalls. Removes the Undocumented utility function to discourage usage while leaving SupportUndocumented as the default support level for Syscall structs. PiperOrigin-RevId: 256281927
2019-07-02Mark timers_test flaky because setrlimit(RLIMIT_CPU) is broken in some kernels.Neel Natu
https://bugzilla.redhat.com/show_bug.cgi?id=1568337 PiperOrigin-RevId: 256276198
2019-07-02Ext4: DiskLayout: Inode interface.Ayush Ranjan
PiperOrigin-RevId: 256234390
2019-07-02Merge pull request #279 from kevinGC:iptables-1-pkggVisor bot
PiperOrigin-RevId: 256231055
2019-07-02Simplify (and fix) refcounts in createAt.Nicolas Lacasse
fileOpAt holds references on the Dirents passed as arguments to the callback, and drops refs when finished, so we don't need to DecRef those Dirents ourselves However, all Dirents that we get from FindInode/FindLink must be DecRef'd. This CL cleans up the ref-counting logic, and fixes some refcount issues in the process. PiperOrigin-RevId: 256220882
2019-07-02sentry/kernel: add syslog messageAhmet Alp Balkan
It feels like "reticulating splines" is missing from the list of meaningless syslog messages. Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
2019-07-01Fix unix/transport.queue reference leaks.Ian Gudger
Fix two leaks for connectionless Unix sockets: * Double connect: Subsequent connects would leak a reference on the previously connected endpoint. * Close unconnected: Sockets which were not connected at the time of closure would leak a reference on their receiver. PiperOrigin-RevId: 256070451
2019-07-01Use new location of python-hello image in tests.Nicolas Lacasse
PiperOrigin-RevId: 256062988
2019-07-01Check remaining traversal limit when creating a file through a symlink.Nicolas Lacasse
This fixes the case when an app tries to create a file that already exists, and is a symlink to itself. A test was added. PiperOrigin-RevId: 256044811
2019-06-29Add stack trace printing to reference leak checking.Ian Gudger
PiperOrigin-RevId: 255759891
2019-06-28Drop local_server support.Adin Scannell
PiperOrigin-RevId: 255713414
2019-06-28Add finalizer on AtomicRefCount to check for leaks.Ian Gudger
PiperOrigin-RevId: 255711454
2019-06-28Drop ashmem and binder.Adin Scannell
These are unfortunately unused and unmaintained. They can be brought back in the future if need requires it. PiperOrigin-RevId: 255697132
2019-06-28Remove events from name_to_handle_at and open_by_handle_at.Nicolas Lacasse
These syscalls require filesystem support that gVisor does not provide, and is not planning to implement. Their absense should not trigger an event. PiperOrigin-RevId: 255692871
2019-06-28ext4: disklayout: SuperBlock interface implementations.Ayush Ranjan
PiperOrigin-RevId: 255687771
2019-06-28Fix suggestions from clang.Nicolas Lacasse
PiperOrigin-RevId: 255679603
2019-06-28Automated rollback of changelist 255263686Nicolas Lacasse
PiperOrigin-RevId: 255679453
2019-06-28platform/ptrace: return more detailed errorsAndrei Vagin
Right now, if we can't create a stub process, we will see this error: panic: unable to activate mm: resource temporarily unavailable It would be better to know the root cause of this "resource temporarily unavailable". PiperOrigin-RevId: 255656831
2019-06-28Superblock interface in the disk layout package for ext4.Ayush Ranjan
PiperOrigin-RevId: 255644277
2019-06-28runsc: allow openat for runsc-raceAndrei Vagin
I see that runsc-race is killed by SIGSYS, because openat isn't allowed by seccomp filters: 60052 openat(AT_FDCWD, "/proc/sys/vm/overcommit_memory", O_RDONLY|O_CLOEXEC <unfinished ...> 60052 <... openat resumed> ) = 257 60052 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0xfaacf1, si_syscall=__NR_openat, si_arch=AUDIT_ARCH_X86_64} --- PiperOrigin-RevId: 255640808
2019-06-28Fix deadloop in proc subtask listYong He
Readdir of /proc/x/task/ will get direntry entries from tasks of specified taskgroup. Now the tasks slice is unsorted, use sort.SearchInts search entry from the slice may cause infinity loops. The fix is sort the slice before search. This issue could be easily reproduced via following steps, revise Readdir in pkg/sentry/fs/proc/task.go, force set taskInts into test slice []int{1, 11, 7, 5, 10, 6, 8, 3, 9, 2, 4}, then run docker image and run ls /proc/1/task, the command will cause infinity loops.
2019-06-27Complete pipe support on overlayfsFabricio Voznika
Get/Set pipe size and ioctl support were missing from overlayfs. It required moving the pipe.Sizer interface to fs so that overlay could get access. Fixes #318 PiperOrigin-RevId: 255511125
2019-06-27Fix various spelling issues in the documentationMichael Pratt
Addresses obvious typos, in the documentation only. COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/443 from Pixep:fix/documentation-spelling 4d0688164eafaf0b3010e5f4824b35d1e7176d65 PiperOrigin-RevId: 255477779
2019-06-27Cache directory entries in the overlayMichael Pratt
Currently, the overlay dirCache is only used for a single logical use of getdents. i.e., it is discard when the FD is closed or seeked back to the beginning. But the initial work of getting the directory contents can be quite expensive (particularly sorting large directories), so we should keep it as long as possible. This is very similar to the readdirCache in fs/gofer. Since the upper filesystem does not have to allow caching readdir entries, the new CacheReaddir MountSourceOperations method controls this behavior. This caching should be trivially movable to all Inodes if desired, though that adds an additional copy step for non-overlay Inodes. (Overlay Inodes already do the extra copy). PiperOrigin-RevId: 255477592
2019-06-27gvisor/ptrace: grub initial thread registers only onceAndrei Vagin
PiperOrigin-RevId: 255465635
2019-06-27Merge pull request #461 from brb-g:128_procseekendgVisor bot
PiperOrigin-RevId: 255462850
2019-06-26Preserve permissions when checking lowerFabricio Voznika
The code was wrongly assuming that only read access was required from the lower overlay when checking for permissions. This allowed non-writable files to be writable in the overlay. Fixes #316 PiperOrigin-RevId: 255263686
2019-06-26Follow symlinks when creating a file, and create the target.Nicolas Lacasse
If we have a symlink whose target does not exist, creating the symlink (either via 'creat' or 'open' with O_CREAT flag) should create the target of the symlink. Previously, gVisor would error with EEXIST in this case PiperOrigin-RevId: 255232944
2019-06-26Always set SysProcAttr.Ctty to an FD in the child's FD table.Nicolas Lacasse
Go was going to change the behavior of SysProcAttr.Ctty such that it must be an FD in the *parent* FD table: https://go-review.googlesource.com/c/go/+/178919/ However, after some debate, it was decided that this change was too backwards-incompatible, and so it was reverted. https://github.com/golang/go/issues/29458 The behavior going forward is unchanged: the Ctty FD must be an FD in the *child* FD table. PiperOrigin-RevId: 255228476
2019-06-25Add TODO reminder to remove tmpfs caching optionsMichael Pratt
Updates #179 PiperOrigin-RevId: 255081565
2019-06-25Add //pkg/fdchannel.Jamie Liu
To accompany flipcall connections in cases where passing FDs is required (as for gofers). PiperOrigin-RevId: 255062277
2019-06-25Use different Ctty FDs based on the go version.Nicolas Lacasse
An upcoming change in Go 1.13 [1] changes the semantics of the SysProcAttr.Ctty field. Prior to the change, the FD must be an FD in the child process's FD table (aka "post-shuffle"). After the change, the FD must be an FD in the current process's FD table (aka "pre-shuffle"). To be compatible with both versions this CL introduces a new boolean "CttyFdIsPostShuffle" which indicates whether a pre- or post-shuffle FD should be provided. We use build tags to chose the correct one. 1: https://go-review.googlesource.com/c/go/+/178919/ PiperOrigin-RevId: 255015303
2019-06-25gvisor: lockless read access for task credentialsAndrei Vagin
Credentials are immutable and even before these changes we could read them without locks, but we needed to take a task lock to get a credential object from a task object. It is possible to avoid this lock, if we will guarantee that a credential object will not be changed after setting it on a task. PiperOrigin-RevId: 254989492
2019-06-24fsgopher: reopen files via /proc/self/fdAndrei Vagin
When we reopen file by path, we can't be sure that we will open exactly the same file. The file can be deleted and another one with the same name can be created. PiperOrigin-RevId: 254898594