Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-02-25 | Merge release-20210208.0-96-ge50ee2620 (automated) | gVisor bot | |
2021-02-25 | Implement SEM_STAT_ANY cmd of semctl. | Jing Chen | |
PiperOrigin-RevId: 359591577 | |||
2021-02-24 | Merge release-20210208.0-85-gacd516cfe (automated) | gVisor bot | |
2021-02-24 | Add YAMA security module restrictions on ptrace(2). | Dean Deng | |
Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723 | |||
2021-02-20 | Merge release-20210208.0-78-g93fc09248 (automated) | gVisor bot | |
2021-02-19 | Don't hold baseEndpoint.mu while calling EventUpdate(). | Nicolas Lacasse | |
This removes a three-lock deadlock between fdnotifier.notifier.mu, epoll.EventPoll.listsMu, and baseEndpoint.mu. A lock order comment was added to epoll/epoll.go. Also fix unsafe access of baseEndpoint.connected/receiver. PiperOrigin-RevId: 358515191 | |||
2021-02-11 | Merge release-20210201.0-86-gae8d966f5 (automated) | gVisor bot | |
2021-02-11 | Assign controlling terminal when tty is opened and support NOCTTY | Kevin Krakauer | |
PiperOrigin-RevId: 357015186 | |||
2021-02-09 | Merge release-20210201.0-64-gfe4f47896 (automated) | gVisor bot | |
2021-02-09 | kernel: reparentLocked has to update children maps of old and new parents | Andrei Vagin | |
Reported-by: syzbot+9ffc71246fe72c73fc25@syzkaller.appspotmail.com PiperOrigin-RevId: 356536113 | |||
2021-02-09 | Merge release-20210201.0-63-gd6dbe6e5c (automated) | gVisor bot | |
2021-02-09 | pipe: writeLocked has to return ErrWouldBlock if the pipe is full | Andrei Vagin | |
PiperOrigin-RevId: 356450303 | |||
2021-02-02 | Merge release-20210125.0-66-gfb422db70 (automated) | gVisor bot | |
2021-02-02 | Merge release-20210125.0-65-gff8b308a3 (automated) | gVisor bot | |
2021-02-02 | Remove call to Notify from pipe.VFSPipeFD.CopyOutFrom. | Jamie Liu | |
This was missed in cl/351911375; pipe.VFSPipeFD.SpliceFromNonPipe already calls Notify. PiperOrigin-RevId: 355246655 | |||
2021-01-26 | Merge release-20210112.0-96-gce39f8298 (automated) | gVisor bot | |
2021-01-26 | Implement error on pointers | Tamir Duberstein | |
This improves type-assertion safety. PiperOrigin-RevId: 353931228 | |||
2021-01-26 | Merge release-20210112.0-89-g394607540 (automated) | gVisor bot | |
2021-01-26 | Do not generate extraneous IN_CLOSE inotify events. | Dean Deng | |
IN_CLOSE should only be generated when a file description loses its last reference; not when a file descriptor is closed. See fs/file_table.c:__fput. Updates #5348. PiperOrigin-RevId: 353810697 | |||
2021-01-22 | Merge release-20210112.0-75-gf52f0101b (automated) | gVisor bot | |
2021-01-22 | Implement F_GETLK fcntl. | Dean Deng | |
Fixes #5113. PiperOrigin-RevId: 353313374 | |||
2021-01-22 | Merge release-20210112.0-74-g6c0e1d9cf (automated) | gVisor bot | |
2021-01-22 | Define tcpip.Payloader in terms of io.Reader | Tamir Duberstein | |
Fixes #1509. PiperOrigin-RevId: 353295589 | |||
2021-01-21 | Merge release-20210112.0-51-g55332aca9 (automated) | gVisor bot | |
2021-01-20 | Move Lock/UnlockPOSIX into LockFD util. | Dean Deng | |
PiperOrigin-RevId: 352904728 | |||
2021-01-15 | Merge release-20210112.0-25-ge57ebcd37 (automated) | gVisor bot | |
2021-01-14 | Simplify the pipe implementation. | Jamie Liu | |
- Remove the pipe package's dependence on the buffer package, which becomes unused as a result. The buffer package is currently intended to serve two use cases, pipes and temporary buffers, and does neither optimally as a result; this change facilitates retooling the buffer package to better serve the latter. - Pass callbacks taking safemem.BlockSeq to the internal pipe I/O methods, which makes most callbacks trivial. - Fix VFS1's splice() and tee() to immediately return if a pipe returns a partial write. PiperOrigin-RevId: 351911375 | |||
2021-01-12 | Merge release-20201216.0-87-g4e03e8754 (automated) | gVisor bot | |
2021-01-12 | Fix simple mistakes identified by goreportcard. | Adin Scannell | |
These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971 | |||
2021-01-12 | Merge release-20201216.0-85-ge06c2b126 (automated) | gVisor bot | |
2021-01-11 | Merge release-20201216.0-82-g4c4de6644 (automated) | gVisor bot | |
2020-12-31 | Merge release-20201208.0-102-g807a080d9 (automated) | gVisor bot | |
2020-12-31 | Add missing error checks for FileDescription.Init. | Dean Deng | |
Syzkaller discovered this bug in pipefs by doing something quite strange: creat(&(0x7f0000002a00)='./file1\x00', 0x0) mount(&(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='devtmpfs\x00', 0x20000d, 0x0) creat(&(0x7f0000000000)='./file1/file0\x00', 0x0) This can be reproduced with: touch mymount mkfifo /dev/mypipe mount -o ro -t devtmpfs devtmpfs mymount echo 123 > mymount/mypipe PiperOrigin-RevId: 349687714 | |||
2020-12-30 | Merge release-20201208.0-98-g0fb5de115 (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-95-gfc153750e (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-93-g3c58405a5 (automated) | gVisor bot | |
2020-12-28 | Merge release-20201208.0-89-g3ff7324df (automated) | gVisor bot | |
2020-12-15 | Implement command SEM_INFO and SEM_STAT for semctl. | Jing Chen | |
PiperOrigin-RevId: 347711998 | |||
2020-12-14 | Merge release-20201208.0-42-g65e4ed8fb (automated) | gVisor bot | |
2020-12-14 | Do not check for reference leaks after saving. | Dean Deng | |
We should not assert that all resources are dropped after saving. PiperOrigin-RevId: 347420131 | |||
2020-12-12 | Merge release-20201208.0-39-g4aef908c9 (automated) | gVisor bot | |
2020-12-12 | Merge release-20201208.0-38-g4b697aae5 (automated) | gVisor bot | |
2020-12-12 | Merge release-20201208.0-36-g1e92732eb (automated) | gVisor bot | |
2020-12-11 | Merge release-20201208.0-34-gd45420b15 (automated) | gVisor bot | |
2020-12-11 | Merge release-20201208.0-32-g305a45655 (automated) | gVisor bot | |
2020-12-11 | Merge release-20201208.0-31-g4cba3904f (automated) | gVisor bot | |
2020-12-11 | Remove existing nogo exceptions. | Adin Scannell | |
PiperOrigin-RevId: 347047550 | |||
2020-12-11 | Merge release-20201208.0-26-g73eccab91 (automated) | gVisor bot | |
2020-12-11 | Make semctl IPC_INFO cmd return the index of highest used entry. | Jing Chen | |
PiperOrigin-RevId: 346973338 | |||
2020-12-05 | Merge release-20201130.0-44-g8a45c8161 (automated) | gVisor bot | |