summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket/unix
AgeCommit message (Collapse)Author
2020-07-23Merge release-20200622.1-195-g6f7f73996 (automated)gVisor bot
2020-07-23Marshallable socket opitons.Ayush Ranjan
Socket option values are now required to implement marshal.Marshallable. Co-authored-by: Rahat Mahmood <rahat@google.com> PiperOrigin-RevId: 322831612
2020-06-24Merge release-20200608.0-119-g364ac92ba (automated)gVisor bot
2020-06-19Merge release-20200608.0-89-g70c45e09c (automated)gVisor bot
2020-06-18socket/unix: (*connectionedEndpoint).State() has to take the endpoint lockAndrei Vagin
It accesses e.receiver which is protected by the endpoint lock. WARNING: DATA RACE Write at 0x00c0006aa2b8 by goroutine 189: pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect.func1() pkg/sentry/socket/unix/transport/connectioned.go:359 +0x50 pkg/sentry/socket/unix/transport.(*connectionedEndpoint).BidirectionalConnect() pkg/sentry/socket/unix/transport/connectioned.go:327 +0xa3c pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect() pkg/sentry/socket/unix/transport/connectioned.go:363 +0xca pkg/sentry/socket/unix.(*socketOpsCommon).Connect() pkg/sentry/socket/unix/unix.go:420 +0x13a pkg/sentry/socket/unix.(*SocketOperations).Connect() <autogenerated>:1 +0x78 pkg/sentry/syscalls/linux.Connect() pkg/sentry/syscalls/linux/sys_socket.go:286 +0x251 Previous read at 0x00c0006aa2b8 by goroutine 270: pkg/sentry/socket/unix/transport.(*baseEndpoint).Connected() pkg/sentry/socket/unix/transport/unix.go:789 +0x42 pkg/sentry/socket/unix/transport.(*connectionedEndpoint).State() pkg/sentry/socket/unix/transport/connectioned.go:479 +0x2f pkg/sentry/socket/unix.(*socketOpsCommon).State() pkg/sentry/socket/unix/unix.go:714 +0xc3e pkg/sentry/socket/unix.(*socketOpsCommon).SendMsg() pkg/sentry/socket/unix/unix.go:466 +0xc44 pkg/sentry/socket/unix.(*SocketOperations).SendMsg() <autogenerated>:1 +0x173 pkg/sentry/syscalls/linux.sendTo() pkg/sentry/syscalls/linux/sys_socket.go:1121 +0x4c5 pkg/sentry/syscalls/linux.SendTo() pkg/sentry/syscalls/linux/sys_socket.go:1134 +0x87 Reported-by: syzbot+c2be37eedc672ed59a86@syzkaller.appspotmail.com PiperOrigin-RevId: 317236996
2020-06-17Merge release-20200608.0-69-g96519e2c9 (automated)gVisor bot
2020-06-17Implement POSIX locksFabricio Voznika
- Change FileDescriptionImpl Lock/UnlockPOSIX signature to take {start,length,whence}, so the correct offset can be calculated in the implementations. - Create PosixLocker interface to make it possible to share the same locking code from different implementations. Closes #1480 PiperOrigin-RevId: 316910286
2020-06-10Merge release-20200522.0-119-ga5a4f8048 (automated)gVisor bot
2020-06-10socket/unix: handle sendto address argument for connected socketsAndrei Vagin
In case of SOCK_SEQPACKET, it has to be ignored. In case of SOCK_STREAM, EISCONN or EOPNOTSUPP has to be returned. PiperOrigin-RevId: 315755972
2020-06-10Merge release-20200522.0-112-g67565078b (automated)gVisor bot
2020-06-09Implement flock(2) in VFS2Fabricio Voznika
LockFD is the generic implementation that can be embedded in FileDescriptionImpl implementations. Unique lock ID is maintained in vfs.FileDescription and is created on demand. Updates #1480 PiperOrigin-RevId: 315604825
2020-06-03Merge release-20200522.0-65-ge6334e81 (automated)gVisor bot
2020-06-02Check that two sockets with different types can't be connected to each otherAndrei Vagin
PiperOrigin-RevId: 314450191
2020-05-27Merge release-20200518.0-45-g0bc022b7 (automated)gVisor bot
2020-05-07Merge release-20200422.0-52-g9115f26 (automated)gVisor bot
2020-05-07Allocate device numbers for VFS2 filesystems.Jamie Liu
Updates #1197, #1198, #1672 PiperOrigin-RevId: 310432006
2020-05-05Merge release-20200422.0-29-gfaf89dd (automated)gVisor bot
2020-05-05Update vfs2 socket TODOs.Dean Deng
Three updates: - Mark all vfs2 socket syscalls as supported. - Use the same dev number and ino number generator for all types of sockets, unlike in VFS1. - Do not use host fd for hostinet metadata. Fixes #1476, #1478, #1484, 1485, #2017. PiperOrigin-RevId: 309994579
2020-05-01Merge release-20200422.0-9-g82bae30 (automated)gVisor bot
2020-05-01Port netstack, hostinet, and netlink sockets to VFS2.Dean Deng
All three follow the same pattern: 1. Refactor VFS1 sockets into socketOpsCommon, so that most of the methods can be shared with VFS2. 2. Create a FileDescriptionImpl with the corresponding socket operations, rewriting the few that cannot be shared with VFS1. 3. Set up a VFS2 socket provider that creates a socket by setting up a dentry in the global Kernel.socketMount and connecting it with a new FileDescription. This mostly completes the work for porting sockets to VFS2, and many syscall tests can be enabled as a result. There are several networking-related syscall tests that are still not passing: 1. net gofer tests 2. socketpair gofer tests 2. sendfile tests (splice is not implemented in VFS2 yet) Updates #1478, #1484, #1485 PiperOrigin-RevId: 309457331
2020-04-29Merge release-20200413.0-18-gce19497 (automated)gVisor bot
2020-04-28Fix Unix socket permissions.Dean Deng
Enforce write permission checks in BoundEndpointAt, which corresponds to the permission checks in Linux (net/unix/af_unix.c:unix_find_other). Also, create bound socket files with the correct permissions in VFS2. Fixes #2324. PiperOrigin-RevId: 308949084
2020-04-29Merge release-20200413.0-16-gf93f2fd (automated)gVisor bot
2020-04-28Deduplicate unix socket Release() method.Dean Deng
PiperOrigin-RevId: 308932254
2020-04-28Merge release-20200413.0-10-gf3ca5ca (automated)gVisor bot
2020-04-28Support pipes and sockets in VFS2 gofer fs.Dean Deng
Named pipes and sockets can be represented in two ways in gofer fs: 1. As a file on the remote filesystem. In this case, all file operations are passed through 9p. 2. As a synthetic file that is internal to the sandbox. In this case, the dentry stores an endpoint or VFSPipe for sockets and pipes respectively, which replaces interactions with the remote fs through the gofer. In gofer.filesystem.MknodAt, we attempt to call mknod(2) through 9p, and if it fails, fall back to the synthetic version. Updates #1200. PiperOrigin-RevId: 308828161
2020-04-27Merge release-20200413.0-7-g1c2ecbb (automated)gVisor bot
2020-04-27Import host sockets.Dean Deng
The FileDescription implementation for hostfs sockets uses the standard Unix socket implementation (unix.SocketVFS2), but is also tied to a hostfs dentry. Updates #1672, #1476 PiperOrigin-RevId: 308716426
2020-04-17Merge release-20200323.0-174-gb4de018 (automated)gVisor bot
2020-04-17Permit setting unknown optionsTamir Duberstein
This previously changed in 305699233, but this behaviour turned out to be load bearing. PiperOrigin-RevId: 307033802
2020-04-09Merge release-20200323.0-103-g7928aa3 (automated)gVisor bot
2020-04-09Convert int and bool socket options to use GetSockOptInt and GetSockOptBoolAndrei Vagin
PiperOrigin-RevId: 305699233
2020-04-05Merge release-20200323.0-70-g24bee1c (automated)gVisor bot
2020-04-04Record VFS2 sockets in global socket map.Dean Deng
Updates #1476, #1478, #1484, #1485. PiperOrigin-RevId: 304845354
2020-04-04Merge release-20200323.0-69-gfc99a7e (automated)gVisor bot
2020-04-03Merge release-20200323.0-68-g5818663 (automated)gVisor bot
2020-04-03Add FileDescriptionImpl for Unix sockets.Dean Deng
This change involves several steps: - Refactor the VFS1 unix socket implementation to share methods between VFS1 and VFS2 where possible. Re-implement the rest. - Override the default PRead, Read, PWrite, Write, Ioctl, Release methods in FileDescriptionDefaultImpl. - Add functions to create and initialize a new Dentry/Inode and FileDescription for a Unix socket file. Updates #1476 PiperOrigin-RevId: 304689796
2020-03-06Merge release-20200219.0-122-g6fa5cee (automated)gVisor bot
2020-03-03Merge release-20200219.0-91-g844e4d2 (automated)gVisor bot
2020-02-11Merge release-20200127.0-130-g9be46e5 (automated)gVisor bot
2020-01-29Merge release-20200127.0-27-g4cb55a7 (automated)gVisor bot
2020-01-28Prevent arbitrary size allocation when sending UDS messages.Dean Deng
Currently, Send() will copy data into a new byte slice without regard to the original size. Size checks should be performed before the allocation takes place. Note that for the sake of performance, we avoid putting the buffer allocation into the critical section. As a result, the size checks need to be performed again within Enqueue() in case the limit has changed. PiperOrigin-RevId: 292058147
2020-01-27Merge release-20200115.0-110-g0e2f1b7 (automated)gVisor bot
2020-01-27Update package locations.Adin Scannell
Because the abi will depend on the core types for marshalling (usermem, context, safemem, safecopy), these need to be flattened from the sentry directory. These packages contain no sentry-specific details. PiperOrigin-RevId: 291811289
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-13Merge release-20191213.0-113-gdebd213 (automated)gVisor bot
2020-01-13Allow dual stack sockets to operate on AF_INETTamir Duberstein
Fixes #1490 Fixes #1495 PiperOrigin-RevId: 289523250
2020-01-10Merge release-20191213.0-96-g27500d5 (automated)gVisor bot
2020-01-09New sync package.Ian Gudger
* Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387
2020-01-09Merge release-20191213.0-82-gfbb2c00 (automated)gVisor bot