summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel
AgeCommit message (Collapse)Author
2018-06-27Fix semaphore data racesFabricio Voznika
PiperOrigin-RevId: 202371908 Change-Id: I72603b1d321878cae6404987c49e64732b676331
2018-06-27Call mm.CheckIORange() when copying in IOVecs.Nicolas Lacasse
CheckIORange is analagous to Linux's access_ok() method, which is checked when copying in IOVecs in both lib/iov_iter.c:import_single_range() and lib/iov_iter.c:import_iovec() => fs/read_write.c:rw_copy_check_uvector(). gVisor copies in IOVecs via Task.SingleIOSequence() and Task.CopyInIovecs(). We were checking the address range bounds, but not whether the address is valid. To conform with linux, we should also check that the address is valid. For usual preadv/pwritev syscalls, the effect of this change is not noticeable, since we find out that the address is invalid before the syscall completes. For vectorized async-IO operations, however, this change is necessary because Linux returns EFAULT when the operation is submitted, but before it executes. Thus, we must validate the iovecs when copying them in. PiperOrigin-RevId: 202370092 Change-Id: I8759a63ccf7e6b90d90d30f78ab8935a0fcf4936
2018-06-26Automated rollback of changelist 201596247Brian Geffon
PiperOrigin-RevId: 202151720 Change-Id: I0491172c436bbb32b977f557953ba0bc41cfe299
2018-06-25Don't read cwd or root without holding muMichael Pratt
PiperOrigin-RevId: 202043090 Change-Id: I3c47fb3413ca8615d50d8a0503d72fcce9b09421
2018-06-25Don't read FSContext.root without holding FSContext.muMichael Pratt
IsChrooted still has the opportunity to race with another thread entering the FSContext into a chroot, but that is unchanged (and fine, AFAIK). PiperOrigin-RevId: 202029117 Change-Id: I38bce763b3a7715fa6ae98aa200a19d51a0235f1
2018-06-21netstack: tcp socket connected state S/R support.Zhaozhong Ni
PiperOrigin-RevId: 201596247 Change-Id: Id22f47b2cdcbe14aa0d930f7807ba75f91a56724
2018-06-21Drop return from SendExternalSignalMichael Pratt
SendExternalSignal is no longer called before CreateProcess, so it can enforce this simplified precondition. StartForwarding, and after Kernel.Start. PiperOrigin-RevId: 201591170 Change-Id: Ib7022ef7895612d7d82a00942ab59fa433c4d6e9
2018-06-21Implement ioctl(FIOASYNC)Ian Gudger
FIOASYNC and friends are used to send signals when a file is ready for IO. This may or may not be needed by Nginx. While Nginx does use it, it is unclear if the code that uses it has any effect. PiperOrigin-RevId: 201550828 Change-Id: I7ba05a7db4eb2dfffde11e9bd9a35b65b98d7f50
2018-06-20sentry: pending signals S/R optimization.Zhaozhong Ni
Almost all of the hundreds of pending signal queues are empty upon save. PiperOrigin-RevId: 201380318 Change-Id: I40747072435299de681d646e0862efac0637e172
2018-06-19sentry: futex S/R optimization.Zhaozhong Ni
No need to save thousands of zerovalue buckets. PiperOrigin-RevId: 201258598 Change-Id: I5d3ea7b6a5345117ab4f610332d5288ca550be33
2018-06-15FIFOs should support O_TRUNC as a no-op.Brian Geffon
PiperOrigin-RevId: 200759323 Change-Id: I683b2edcc2188304c4ca563e46af457e23625905
2018-06-14Ignore expiration count in kernelCPUClockListener.Notify.Jamie Liu
PiperOrigin-RevId: 200590832 Change-Id: I35b817ecccc9414a742dee4815dfc67d0c7d0496
2018-06-08Fix sigaltstack semantics.Adin Scannell
Walking off the bottom of the sigaltstack, for example with recursive faults, results in forced signal delivery, not resetting the stack or pushing signal stack to whatever happens to lie below the signal stack. PiperOrigin-RevId: 199856085 Change-Id: I0004d2523f0df35d18714de2685b3eaa147837e0
2018-05-17Fix capability check for sysv semaphores.Rahat Mahmood
Capabilities for sysv sem operations were being checked against the current task's user namespace. They should be checked against the user namespace owning the ipc namespace for the sems instead, per ipc/util.c:ipcperms(). PiperOrigin-RevId: 197063111 Change-Id: Iba29486b316f2e01ee331dda4e48a6ab7960d589
2018-05-17Implement sysv shm.Rahat Mahmood
PiperOrigin-RevId: 197058289 Change-Id: I3946c25028b7e032be4894d61acb48ac0c24d574
2018-05-15sentry: Replaces saving of inet.Stack with retrieval via context.Kevin Krakauer
Previously, inet.Stack was referenced in 2 structs in sentry/socket that can be saved/restored. If an app is saved and restored on another machine, it may try to use the old stack, which will have been replaced by a new stack on the new machine. PiperOrigin-RevId: 196733985 Change-Id: I6a8cfe73b5d7a90749734677dada635ab3389cb9
2018-05-11Remove error return from AddressSpace.Release()Michael Pratt
PiperOrigin-RevId: 196291289 Change-Id: Ie3487be029850b0b410b82416750853a6c4a2b00
2018-05-08Capture restore file system corruption errors in exit error.Zhaozhong Ni
PiperOrigin-RevId: 195850822 Change-Id: I4d7bdd8fe129c5ed461b73e1d7458be2cf5680c2
2018-05-08Fix warning: redundant if ...; err != nil check, just return error instead.Ian Gudger
This warning is produced by golint. PiperOrigin-RevId: 195833381 Change-Id: Idd6a7e57e3cfdf00819f2374b19fc113585dc1e1
2018-05-08Fix format string type in testIan Gudger
PiperOrigin-RevId: 195831778 Change-Id: I413dc909cedc18fbf5320a4f75d876f1be133c6c
2018-05-07Fix misspellingsIan Gudger
PiperOrigin-RevId: 195742598 Change-Id: Ibd4a8e4394e268c87700b6d1e50b4b37dfce5182
2018-05-04Run gofmt -s on everythingIan Gudger
PiperOrigin-RevId: 195469901 Change-Id: I66d5c7a334bbb8b47e40d266a2661291c2d91c7f
2018-05-03Fix misspellings.Cyrille Hemidy
PiperOrigin-RevId: 195307689 Change-Id: I499f19af49875a43214797d63376f20ae788d2f4
2018-05-02Use png for the run states diagramZhengyu He
PiperOrigin-RevId: 195071508 Change-Id: I63314bf7529560e4c779ef07cc9399ad8d53f0a2
2018-05-01Implement SO_TIMESTAMPIan Gudger
PiperOrigin-RevId: 195047018 Change-Id: I6d99528a00a2125f414e1e51e067205289ec9d3d
2018-04-28Check in gVisor.Googler
PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463