summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls/linux
AgeCommit message (Collapse)Author
2019-12-02Merge release-20191114.0-45-g9194aab (automated)gVisor bot
2019-12-02Support sending IP_TOS and IPV6_TCLASS control messages with hostinet sockets.Dean Deng
There are two potential ways of sending a TOS byte with outgoing packets: including a control message in sendmsg, or setting the IP_TOS/IPV6_TCLASS socket options (for IPV4 and IPV6 respectively). This change lets hostinet support the former. PiperOrigin-RevId: 283346737
2019-11-28Merge release-20191114.0-41-g684f757 (automated)gVisor bot
2019-11-27Add support for receiving TOS and TCLASS control messages in hostinet.Dean Deng
This involves allowing getsockopt/setsockopt for the corresponding socket options, as well as allowing hostinet to process control messages received from the actual recvmsg syscall. PiperOrigin-RevId: 282851425
2019-11-27Merge release-20191114.0-39-g20279c3 (automated)gVisor bot
2019-11-26Allow open(O_TRUNC) and (f)truncate for proc files.Ian Lewis
This allows writable proc and devices files to be opened with O_CREAT|O_TRUNC. This is encountered most frequently when interacting with proc or devices files via the command line. e.g. $ echo 8192 1048576 4194304 > /proc/sys/net/ipv4/tcp_rmem Also adds a test to test the behavior of open(O_TRUNC), truncate, and ftruncate on named pipes. Fixes #1116 PiperOrigin-RevId: 282677425
2019-11-27Merge release-20191114.0-36-g519ceab (automated)gVisor bot
2019-11-26Mark execveat as supported for linux64_arm64.Dean Deng
PiperOrigin-RevId: 282667122
2019-11-20Merge release-20191114.0-16-g012102e (automated)gVisor bot
2019-11-20Pass OpenTruncate to gofer in Open call when opening file with O_TRUNC.Nicolas Lacasse
Note that the Sentry still calls Truncate() on the file before calling Open. A new p9 version check was added to ensure that the p9 server can handle the the OpenTruncate flag. If not, then the flag is stripped before sending. PiperOrigin-RevId: 281609112
2019-11-15Merge release-20191104.0-44-gaf323eb (automated)gVisor bot
2019-11-14Fix return codes for {get,set}sockopt for some nullptr cases.Ting-Yu Wang
Updates #1092 PiperOrigin-RevId: 280547239
2019-11-15Merge release-20191104.0-43-g339536d (automated)gVisor bot
2019-11-14Check that a file is a regular file with open(O_TRUNC).Kevin Krakauer
It was possible to panic the sentry by opening a cache revalidating folder with O_TRUNC|O_CREAT. Avoids breaking php tests. PiperOrigin-RevId: 280533213
2019-11-08Merge release-20190806.1-383-gaf58a4e (automated)gVisor bot
2019-11-08Automated rollback of changelist 278417533Kevin Krakauer
PiperOrigin-RevId: 279365629
2019-11-04Merge release-20190806.1-368-g4fdd69d (automated)gVisor bot
2019-11-04Check that a file is a regular file with open(O_TRUNC).Kevin Krakauer
It was possible to panic the sentry by opening a cache revalidating folder with O_TRUNC|O_CREAT. PiperOrigin-RevId: 278417533
2019-11-04Merge release-20190806.1-366-g3b4f544 (automated)gVisor bot
2019-11-04Update membarrier bugMichael Pratt
Updates #267 PiperOrigin-RevId: 278402684
2019-10-29Merge release-20190806.1-333-g29273b0 (automated)gVisor bot
2019-10-29Disallow execveat on interpreter scripts with fd opened with O_CLOEXEC.Dean Deng
When an interpreter script is opened with O_CLOEXEC and the resulting fd is passed into execveat, an ENOENT error should occur (the script would otherwise be inaccessible to the interpreter). This matches the actual behavior of Linux's execveat. PiperOrigin-RevId: 277306680
2019-10-26Merge release-20190806.1-329-g1c480ab (automated)gVisor bot
2019-10-25Aggregate arguments for loading executables into a single struct.Dean Deng
This change simplifies the function signatures of functions related to loading executables, such as LoadTaskImage, Load, loadBinary. PiperOrigin-RevId: 276821187
2019-10-24Merge release-20190806.1-318-gd9fd536 (automated)gVisor bot
2019-10-24Handle AT_SYMLINK_NOFOLLOW flag for execveat.Dean Deng
PiperOrigin-RevId: 276441249
2019-10-23Handle AT_EMPTY_PATH flag in execveat.Dean Deng
PiperOrigin-RevId: 276419967
2019-10-22Merge release-20190806.1-304-gebe8001 (automated)gVisor bot
2019-10-22Update const names to be Go style.Ian Lewis
PiperOrigin-RevId: 276165962
2019-10-22Merge release-20190806.1-298-g070a8c2 (automated)gVisor bot
2019-10-21Remove old TODO.Nicolas Lacasse
PiperOrigin-RevId: 275956240
2019-10-21Merge release-20190806.1-297-g0b569b7 (automated)gVisor bot
2019-10-21Add basic implementation of execveat syscall and associated tests.Dean Deng
Allow file descriptors of directories as well as AT_FDCWD. PiperOrigin-RevId: 275929668
2019-10-16Reorder BUILD license and load functions in gvisor.Kevin Krakauer
PiperOrigin-RevId: 275139066
2019-10-16Merge release-20190806.1-282-g8fe48dc (automated)gVisor bot
2019-10-16Add sublevel to kernel versionMichael Pratt
Standard Linux kernel versions are VERSION.PATCHLEVEL.SUBLEVEL. e.g., 4.4.0, even when the sublevel is 0. Match this standard. PiperOrigin-RevId: 275125715
2019-10-16Merge release-20190806.1-279-gbbdcf44 (automated)gVisor bot
2019-10-16Fix syscall changes lost in rebaseMichael Pratt
These syscalls were changed in the amd64 file around the time the arm64 PR was sent out, so their changes got lost. Updates #63 PiperOrigin-RevId: 275114194
2019-10-07Merge release-20190806.1-243-g8fce24d (automated)gVisor bot
2019-10-07Merge pull request #753 from lubinszARM:pr_syscall_linuxgVisor bot
PiperOrigin-RevId: 273364848
2019-10-03Merge release-20190806.1-233-gdb218fd (automated)gVisor bot
2019-10-03Don't report partialResult errors from sendfileAndrei Vagin
The input file descriptor is always a regular file, so sendfile can't lose any data if it will not be able to write them to the output file descriptor. Reported-by: syzbot+22d22330a35fa1c02155@syzkaller.appspotmail.com PiperOrigin-RevId: 272730357
2019-10-02Merge branch 'master' into pr_syscall_linuxAndrei Vagin
2019-10-01Merge release-20190806.1-215-g29a1ba5 (automated)gVisor bot
2019-09-30splice: compare inode numbers only if both ends are pipesAndrei Vagin
It isn't allowed to splice data from and into the same pipe. But right now this check is broken, because we don't check that both ends are pipes. PiperOrigin-RevId: 272107022
2019-09-30Merge release-20190806.1-210-g3ad17ff (automated)gVisor bot
2019-09-30Only copy out remaining time on nanosleep successMichael Pratt
It looks like the old code attempted to do this, but didn't realize that err != nil even in the happy case. PiperOrigin-RevId: 272005887
2019-09-27Merge release-20190806.1-203-g8539abc (automated)gVisor bot
2019-09-27Merge pull request #864 from tanjianfeng:fix-861gVisor bot
PiperOrigin-RevId: 271649711
2019-09-27Merge release-20190806.1-201-gabbee56 (automated)gVisor bot