Age | Commit message (Collapse) | Author |
|
These options allow overriding the signal that gets sent to the process when
I/O operations are available on the file descriptor, rather than the default
`SIGIO` signal. Doing so also populates `siginfo` to contain extra information
about which file descriptor caused the event (`si_fd`) and what events happened
on it (`si_band`). The logic around which FD is populated within `si_fd`
matches Linux's, which means it has some weird edge cases where that value may
not actually refer to a file descriptor that is still valid.
This CL also ports extra S/R logic regarding async handler in VFS2.
Without this, async I/O handlers aren't properly re-registered after S/R.
PiperOrigin-RevId: 345436598
|
|
PiperOrigin-RevId: 335051794
|
|
- Rewrite arch.Stack.{Push,Pop}. For the most part, stack now
implements marshal.CopyContext and can be used as the target of
marshal operations. Stack.Push had some extra logic for
automatically null-terminating slices. This was only used for two
specific types of slices, and is now handled explicitly.
- Delete usermem.CopyObject{In,Out}.
- Replace most remaining uses of the encoding/binary package with
go-marshal. Most of these were using the binary package to compute
the size of a struct, which go-marshal can directly replace. ~3 uses
of the binary package remain. These aren't reasonably replaceable by
go-marshal: for example one use is to construct the syscall
trampoline for systrap.
- Fill out remaining convenience wrappers in the primitive package.
PiperOrigin-RevId: 334502375
|
|
This patch adds minor changes for Arm64 platform:
1, add SetRobustList/GetRobustList support for arm64 syscall module.
2, add newfstatat support for arm64 vfs2 syscall module.
3, add tls value in ProtoBuf.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 331940975
|
|
PiperOrigin-RevId: 331256608
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
This patch load/save TLS for the container application.
Related issue: full context-switch supporting for Arm64 #1238
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/2761 from lubinszARM:pr_tls_2 cb5dbca1c9c3f378002406da7a58887f9b5032b3
PiperOrigin-RevId: 322887044
|
|
We need to initialize an empty fp state area for the sentry.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
* Aggregate architecture Overview in "What is gVisor?" as it makes more sense
in one place.
* Drop "user-space kernel" and use "application kernel". The term "user-space
kernel" is confusing when some platform implementation do not run in
user-space (instead running in guest ring zero).
* Clear up the relationship between the Platform page in the user guide and the
Platform page in the architecture guide, and ensure they are cross-linked.
* Restore the call-to-action quick start link in the main page, and drop the
GitHub link (which also appears in the top-right).
* Improve image formatting by centering all doc and blog images, and move the
image captions to the alt text.
PiperOrigin-RevId: 311845158
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 308472331
|
|
PiperOrigin-RevId: 308100771
|
|
PiperOrigin-RevId: 306306809
|
|
The comments in the ticket indicate that this behavior
is fine and that the ticket should be closed, so we shouldn't
need pointers to the ticket.
PiperOrigin-RevId: 306266071
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I5bb8fa7d580d173b1438d6465e1adb442216c8fa
|
|
The build tag for 32-bit x86 is 386, not i386.
Updates #2298
PiperOrigin-RevId: 304206373
|
|
SA_RESTORER is always used on Intel platform.
But this flag is optional on other platforms.
The vdso is enabled, so we can use the sigreturn trampolines
the vdso provides instead on Arm platform.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 301700868
|
|
This issue was caused by 'restart_syscall'.
The value of Register R0 should be stored after finishing sysemu.
So that we can restore the value and restart syscall.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Linux use the task.thread.uw.tp_value field to store the
TLS pointer on arm64 platform, and we use a similar way
in gvisor to store it in the arch/State struct.
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: Ie76b5c6d109bc27ccfd594008a96753806db7764
|
|
There is no cpuid instruction on arm64, so we need to defined it
just to avoid a compile time error.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
PiperOrigin-RevId: 297674924
|
|
This patch defines the structures and
adds the implementations for fpsimd initialization.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Fixes #1708
Signed-off-by: Haibo Xu haibo.xu@arm.com
Change-Id: Ib15768692ead17c81c06f7666ca3f0a14064c3a0
|
|
PiperOrigin-RevId: 294300040
|
|
PiperOrigin-RevId: 294271541
|
|
These were out-of-band notes that can help provide additional context
and simplify automated imports.
PiperOrigin-RevId: 293525915
|
|
For amd64, this has been done on cl/288342928.
PiperOrigin-RevId: 292170856
|
|
Because the abi will depend on the core types for marshalling (usermem,
context, safemem, safecopy), these need to be flattened from the sentry
directory. These packages contain no sentry-specific details.
PiperOrigin-RevId: 291811289
|
|
PiperOrigin-RevId: 291745021
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
Change-Id: I9cce23db4e5caec82ce42b4970fdb7f7e8c08f1d
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/773 from lubinszARM:pr_arch_basic 3fe2fd8e6286766bbe489ef971dce204f924feba
PiperOrigin-RevId: 289795569
|
|
* Rename syncutil to sync.
* Add aliases to sync types.
* Replace existing usage of standard library sync package.
This will make it easier to swap out synchronization primitives. For example,
this will allow us to use primitives from github.com/sasha-s/go-deadlock to
check for lock ordering violations.
Updates #1472
PiperOrigin-RevId: 289033387
|
|
PiperOrigin-RevId: 288342928
|
|
PiperOrigin-RevId: 283828423
|
|
PiperOrigin-RevId: 275139066
|
|
PiperOrigin-RevId: 270680704
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
This can be merged after:
https://github.com/google/gvisor-website/pull/77
or
https://github.com/google/gvisor-website/pull/78
PiperOrigin-RevId: 253132620
|
|
Based on the guidelines at
https://opensource.google.com/docs/releasing/authors/.
1. $ rg -l "Google LLC" | xargs sed -i 's/Google LLC.*/The gVisor Authors./'
2. Manual fixup of "Google Inc" references.
3. Add AUTHORS file. Authors may request to be added to this file.
4. Point netstack AUTHORS to gVisor AUTHORS. Drop CONTRIBUTORS.
Fixes #209
PiperOrigin-RevId: 245823212
Change-Id: I64530b24ad021a7d683137459cafc510f5ee1de9
|
|
PiperOrigin-RevId: 245818639
Change-Id: I03703ef0fb9b6675955637b9fe2776204c545789
|
|
PiperOrigin-RevId: 245341004
Change-Id: Ic4d581039d034a8ae944b43e45e84eb2c3973657
|
|
PiperOrigin-RevId: 242978508
Change-Id: I0ea59ac5ba1dd499e87c53f2e24709371048679b
|
|
- Change proc to return envp on overwrite of argv with limitations from
upstream.
- Add unit tests
- Change layout of argv/envp on the stack so that end of argv is contiguous with
beginning of envp.
PiperOrigin-RevId: 232506107
Change-Id: I993880499ab2c1220f6dc456a922235c49304dec
|
|
Nothing reads them and they can simply get stale.
Generated with:
$ sed -i "s/licenses(\(.*\)).*/licenses(\1)/" **/BUILD
PiperOrigin-RevId: 231818945
Change-Id: Ibc3f9838546b7e94f13f217060d31f4ada9d4bf0
|
|
arch_prctl already verified that the new FS_BASE was canonical, but
Task.Clone did not. Centralize these checks in the arch packages.
Failure to validate could cause an error in PTRACE_SET_REGS when we try
to switch to the app.
PiperOrigin-RevId: 224862398
Change-Id: Iefe63b3f9aa6c4810326b8936e501be3ec407f14
|
|
This change also adds extensive testing to the p9 package via mocks. The sanity
checks and type checks are moved from the gofer into the core package, where
they can be more easily validated.
PiperOrigin-RevId: 218296768
Change-Id: I4fc3c326e7bf1e0e140a454cbacbcc6fd617ab55
|
|
PiperOrigin-RevId: 217951017
Change-Id: Ie08bf6987f98467d07457bcf35b5f1ff6e43c035
|
|
This is a defense-in-depth measure. If the sentry is compromised, this prevents
system call injection to the stubs. There is some complexity with respect to
ptrace and seccomp interactions, so this protection is not really available
for kernel versions < 4.8; this is detected dynamically.
Note that this also solves the vsyscall emulation issue by adding in
appropriate trapping for those system calls. It does mean that a compromised
sentry could theoretically inject these into the stub (ignoring the trap and
resume, thereby allowing execution), but they are harmless.
PiperOrigin-RevId: 216647581
Change-Id: Id06c232cbac1f9489b1803ec97f83097fcba8eb8
|