Age | Commit message (Collapse) | Author |
|
|
|
Socket option values are now required to implement marshal.Marshallable.
Co-authored-by: Rahat Mahmood <rahat@google.com>
PiperOrigin-RevId: 322831612
|
|
|
|
|
|
It accesses e.receiver which is protected by the endpoint lock.
WARNING: DATA RACE
Write at 0x00c0006aa2b8 by goroutine 189:
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect.func1()
pkg/sentry/socket/unix/transport/connectioned.go:359 +0x50
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).BidirectionalConnect()
pkg/sentry/socket/unix/transport/connectioned.go:327 +0xa3c
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect()
pkg/sentry/socket/unix/transport/connectioned.go:363 +0xca
pkg/sentry/socket/unix.(*socketOpsCommon).Connect()
pkg/sentry/socket/unix/unix.go:420 +0x13a
pkg/sentry/socket/unix.(*SocketOperations).Connect()
<autogenerated>:1 +0x78
pkg/sentry/syscalls/linux.Connect()
pkg/sentry/syscalls/linux/sys_socket.go:286 +0x251
Previous read at 0x00c0006aa2b8 by goroutine 270:
pkg/sentry/socket/unix/transport.(*baseEndpoint).Connected()
pkg/sentry/socket/unix/transport/unix.go:789 +0x42
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).State()
pkg/sentry/socket/unix/transport/connectioned.go:479 +0x2f
pkg/sentry/socket/unix.(*socketOpsCommon).State()
pkg/sentry/socket/unix/unix.go:714 +0xc3e
pkg/sentry/socket/unix.(*socketOpsCommon).SendMsg()
pkg/sentry/socket/unix/unix.go:466 +0xc44
pkg/sentry/socket/unix.(*SocketOperations).SendMsg()
<autogenerated>:1 +0x173
pkg/sentry/syscalls/linux.sendTo()
pkg/sentry/syscalls/linux/sys_socket.go:1121 +0x4c5
pkg/sentry/syscalls/linux.SendTo()
pkg/sentry/syscalls/linux/sys_socket.go:1134 +0x87
Reported-by: syzbot+c2be37eedc672ed59a86@syzkaller.appspotmail.com
PiperOrigin-RevId: 317236996
|
|
|
|
- Change FileDescriptionImpl Lock/UnlockPOSIX signature to
take {start,length,whence}, so the correct offset can be
calculated in the implementations.
- Create PosixLocker interface to make it possible to share
the same locking code from different implementations.
Closes #1480
PiperOrigin-RevId: 316910286
|
|
|
|
In case of SOCK_SEQPACKET, it has to be ignored.
In case of SOCK_STREAM, EISCONN or EOPNOTSUPP has to be returned.
PiperOrigin-RevId: 315755972
|
|
|
|
LockFD is the generic implementation that can be embedded in
FileDescriptionImpl implementations. Unique lock ID is
maintained in vfs.FileDescription and is created on demand.
Updates #1480
PiperOrigin-RevId: 315604825
|
|
|
|
PiperOrigin-RevId: 314450191
|
|
|
|
|
|
Updates #1197, #1198, #1672
PiperOrigin-RevId: 310432006
|
|
|
|
Three updates:
- Mark all vfs2 socket syscalls as supported.
- Use the same dev number and ino number generator for all types of sockets,
unlike in VFS1.
- Do not use host fd for hostinet metadata.
Fixes #1476, #1478, #1484, 1485, #2017.
PiperOrigin-RevId: 309994579
|
|
|
|
All three follow the same pattern:
1. Refactor VFS1 sockets into socketOpsCommon, so that most of the methods can
be shared with VFS2.
2. Create a FileDescriptionImpl with the corresponding socket operations,
rewriting the few that cannot be shared with VFS1.
3. Set up a VFS2 socket provider that creates a socket by setting up a dentry
in the global Kernel.socketMount and connecting it with a new
FileDescription.
This mostly completes the work for porting sockets to VFS2, and many syscall
tests can be enabled as a result.
There are several networking-related syscall tests that are still not passing:
1. net gofer tests
2. socketpair gofer tests
2. sendfile tests (splice is not implemented in VFS2 yet)
Updates #1478, #1484, #1485
PiperOrigin-RevId: 309457331
|
|
|
|
Enforce write permission checks in BoundEndpointAt, which corresponds to the
permission checks in Linux (net/unix/af_unix.c:unix_find_other).
Also, create bound socket files with the correct permissions in VFS2.
Fixes #2324.
PiperOrigin-RevId: 308949084
|
|
|
|
PiperOrigin-RevId: 308932254
|
|
|
|
Named pipes and sockets can be represented in two ways in gofer fs:
1. As a file on the remote filesystem. In this case, all file operations are
passed through 9p.
2. As a synthetic file that is internal to the sandbox. In this case, the
dentry stores an endpoint or VFSPipe for sockets and pipes respectively,
which replaces interactions with the remote fs through the gofer.
In gofer.filesystem.MknodAt, we attempt to call mknod(2) through 9p,
and if it fails, fall back to the synthetic version.
Updates #1200.
PiperOrigin-RevId: 308828161
|
|
|
|
The FileDescription implementation for hostfs sockets uses the standard Unix
socket implementation (unix.SocketVFS2), but is also tied to a hostfs dentry.
Updates #1672, #1476
PiperOrigin-RevId: 308716426
|
|
|
|
This previously changed in 305699233, but this behaviour turned out to
be load bearing.
PiperOrigin-RevId: 307033802
|
|
|
|
PiperOrigin-RevId: 305699233
|
|
|
|
Updates #1476, #1478, #1484, #1485.
PiperOrigin-RevId: 304845354
|
|
|
|
|
|
This change involves several steps:
- Refactor the VFS1 unix socket implementation to share methods between VFS1
and VFS2 where possible. Re-implement the rest.
- Override the default PRead, Read, PWrite, Write, Ioctl, Release methods in
FileDescriptionDefaultImpl.
- Add functions to create and initialize a new Dentry/Inode and FileDescription
for a Unix socket file.
Updates #1476
PiperOrigin-RevId: 304689796
|
|
|
|
|
|
|
|
|
|
Currently, Send() will copy data into a new byte slice without regard to the
original size. Size checks should be performed before the allocation takes
place.
Note that for the sake of performance, we avoid putting the buffer
allocation into the critical section. As a result, the size checks need to be
performed again within Enqueue() in case the limit has changed.
PiperOrigin-RevId: 292058147
|
|
|
|
Because the abi will depend on the core types for marshalling (usermem,
context, safemem, safecopy), these need to be flattened from the sentry
directory. These packages contain no sentry-specific details.
PiperOrigin-RevId: 291811289
|
|
PiperOrigin-RevId: 291745021
|
|
|
|
Fixes #1490
Fixes #1495
PiperOrigin-RevId: 289523250
|
|
|
|
* Rename syncutil to sync.
* Add aliases to sync types.
* Replace existing usage of standard library sync package.
This will make it easier to swap out synchronization primitives. For example,
this will allow us to use primitives from github.com/sasha-s/go-deadlock to
check for lock ordering violations.
Updates #1472
PiperOrigin-RevId: 289033387
|
|
|