summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls
AgeCommit message (Collapse)Author
2018-12-10Implement MSG_WAITALLIan Gudger
MSG_WAITALL requests that recv family calls do not perform short reads. It only has an effect for SOCK_STREAM sockets, other types ignore it. PiperOrigin-RevId: 224918540 Change-Id: Id97fbf972f1f7cbd4e08eec0138f8cbdf1c94fe7
2018-12-10Add type safety to shm ids and keys.Rahat Mahmood
PiperOrigin-RevId: 224864380 Change-Id: I49542279ad56bf15ba462d3de1ef2b157b31830a
2018-12-10Validate FS_BASE in Task.CloneMichael Pratt
arch_prctl already verified that the new FS_BASE was canonical, but Task.Clone did not. Centralize these checks in the arch packages. Failure to validate could cause an error in PTRACE_SET_REGS when we try to switch to the app. PiperOrigin-RevId: 224862398 Change-Id: Iefe63b3f9aa6c4810326b8936e501be3ec407f14
2018-12-06Fixing O_TRUNC behavior to match Linux.Zach Koopmans
PiperOrigin-RevId: 224351139 Change-Id: I9453bd75e5a8d38db406bb47fdc01038ac60922e
2018-12-05Check for CAP_SYS_RESOURCE in prctl(PR_SET_MM, ...)Zach Koopmans
If sys_prctl is called with PR_SET_MM without CAP_SYS_RESOURCE, the syscall should return failure with errno set to EPERM. See: http://man7.org/linux/man-pages/man2/prctl.2.html PiperOrigin-RevId: 224182874 Change-Id: I630d1dd44af8b444dd16e8e58a0764a0cf1ad9a3
2018-12-04Linkat(2) should sanity check flags.Brian Geffon
PiperOrigin-RevId: 224047765 Change-Id: I6f3c75b33c32bf8f8910ea3fab35406d7d672d87
2018-12-04Max link traversals should be for an entire path.Brian Geffon
The number of symbolic links that are allowed to be followed are for a full path and not just a chain of symbolic links. PiperOrigin-RevId: 224047321 Change-Id: I5e3c4caf66a93c17eeddcc7f046d1e8bb9434a40
2018-12-04Fix mempolicy_test on bazel.Rahat Mahmood
Bazel runs multiple test cases on the same thread. Some of the test cases rely on the test thread starting with the default memory policy, while other tests modify the test thread's memory policy. This obviously breaks when the test framework doesn't run each test case on a new thread. Also fixing an incompatibility where set_mempolicy(2) was prevented from specifying an empty nodemask, which is allowed for some modes. PiperOrigin-RevId: 224038957 Change-Id: Ibf780766f2706ebc9b129dbc8cf1b85c2a275074
2018-11-26Implementation of preadv2 for Linux 4.4 supportZach Koopmans
Implement RWF_HIPRI (4.6) silently passes the read call. Implement -1 offset calls readv. PiperOrigin-RevId: 222840324 Change-Id: If9ddc1e8d086e1a632bdf5e00bae08205f95b6b0
2018-11-20Fix recursive read lock taken on TaskSetFabricio Voznika
SyncSyscallFiltersToThreadGroup and Task.TheadID() both acquired TaskSet RWLock in R mode and could deadlock if a writer comes in between. PiperOrigin-RevId: 222313551 Change-Id: I4221057d8d46fec544cbfa55765c9a284fe7ebfa
2018-11-20Update futex to use usermem abstractions.Adin Scannell
This eliminates the indirection that existed in task_futex. PiperOrigin-RevId: 221832498 Change-Id: Ifb4c926d493913aa6694e193deae91616a29f042
2018-11-08Implement sync_file_range()Andrei Vagin
sync_file_range - sync a file segment with disk In Linux, sync_file_range() accepts three flags: SYNC_FILE_RANGE_WAIT_BEFORE Wait upon write-out of all pages in the specified range that have already been submitted to the device driver for write-out before performing any write. SYNC_FILE_RANGE_WRITE Initiate write-out of all dirty pages in the specified range which are not presently submitted write-out. Note that even this may block if you attempt to write more than request queue size. SYNC_FILE_RANGE_WAIT_AFTER Wait upon write-out of all pages in the range after performing any write. In this implementation: SYNC_FILE_RANGE_WAIT_BEFORE without SYNC_FILE_RANGE_WAIT_AFTER isn't supported right now. SYNC_FILE_RANGE_WRITE is skipped. It should initiate write-out of all dirty pages, but it doesn't wait, so it should be safe to do nothing while nobody uses SYNC_FILE_RANGE_WAIT_BEFORE. SYNC_FILE_RANGE_WAIT_AFTER is equal to fdatasync(). In Linux, sync_file_range() doesn't writes out the file's meta-data, but fdatasync() does if a file size is changed. PiperOrigin-RevId: 220730840 Change-Id: Iae5dfb23c2c916967d67cf1a1ad32f25eb3f6286
2018-11-08Create stubs for syscalls upto Linux 4.4.Rahat Mahmood
Create syscall stubs for missing syscalls upto Linux 4.4 and advertise a kernel version of 4.4. PiperOrigin-RevId: 220667680 Change-Id: Idbdccde538faabf16debc22f492dd053a8af0ba7
2018-11-01Prevent premature destruction of shm segments.Rahat Mahmood
Shm segments can be marked for lazy destruction via shmctl(IPC_RMID), which destroys a segment once it is no longer attached to any processes. We were unconditionally decrementing the segment refcount on shmctl(IPC_RMID) which allowed a user to force a segment to be destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding memory maps to the segment. This is problematic because the memory released by a segment destroyed this way can be reused by a different process while remaining accessible by the process with outstanding maps to the segment. PiperOrigin-RevId: 219713660 Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845
2018-10-23Track paths and provide a rename hook.Adin Scannell
This change also adds extensive testing to the p9 package via mocks. The sanity checks and type checks are moved from the gofer into the core package, where they can be more easily validated. PiperOrigin-RevId: 218296768 Change-Id: I4fc3c326e7bf1e0e140a454cbacbcc6fd617ab55
2018-10-20Add more unimplemented syscall eventsFabricio Voznika
Added events for *ctl syscalls that may have multiple different commands. For runsc, each syscall event is only logged once. For *ctl syscalls, use the cmd as identifier, not only the syscall number. PiperOrigin-RevId: 218015941 Change-Id: Ie3c19131ae36124861e9b492a7dbe1765d9e5e59
2018-10-19Use correct company name in copyright headerIan Gudger
PiperOrigin-RevId: 217951017 Change-Id: Ie08bf6987f98467d07457bcf35b5f1ff6e43c035
2018-10-17Check thread group CPU timers in the CPU clock ticker.Jamie Liu
This reduces the number of goroutines and runtime timers when ITIMER_VIRTUAL or ITIMER_PROF are enabled, or when RLIMIT_CPU is set. This also ensures that thread group CPU timers only advance if running tasks are observed at the time the CPU clock advances, mostly eliminating the possibility that a CPU timer expiration observes no running tasks and falls back to the group leader. PiperOrigin-RevId: 217603396 Change-Id: Ia24ce934d5574334857d9afb5ad8ca0b6a6e65f4
2018-10-17Move Unix transport out of netstackIan Gudger
PiperOrigin-RevId: 217557656 Change-Id: I63d27635b1a6c12877279995d2d9847b6a19da9b
2018-10-15Clean up Rename and Unlink checks for EBUSY.Nicolas Lacasse
- Change Dirent.Busy => Dirent.isMountPoint. The function body is unchanged, and it is no longer exported. - fs.MayDelete now checks that the victim is not the process root. This aligns with Linux's namei.c:may_delete(). - Fix "is-ancestor" checks to actually compare all ancestors, not just the parents. - Fix handling of paths that end in dots, which are handled differently in Rename vs. Unlink. PiperOrigin-RevId: 217239274 Change-Id: I7a0eb768e70a1b2915017ce54f7f95cbf8edf1fb
2018-10-09Add memunit to sysinfo(2).Brian Geffon
Also properly add padding after Procs in the linux.Sysinfo structure. This will be implicitly padded to 64bits so we need to do the same. PiperOrigin-RevId: 216372907 Change-Id: I6eb6a27800da61d8f7b7b6e87bf0391a48fdb475
2018-10-08Statfs Namelen should be NAME_MAX not PATH_MAXMichael Pratt
We accidentally set the wrong maximum. I've also added PATH_MAX and NAME_MAX to the linux abi package. PiperOrigin-RevId: 216221311 Change-Id: I44805fcf21508831809692184a0eba4cee469633
2018-10-08Implement shared futexes.Jamie Liu
- Shared futex objects on shared mappings are represented by Mappable + offset, analogous to Linux's use of inode + offset. Add type futex.Key, and change the futex.Manager bucket API to use futex.Keys instead of addresses. - Extend the futex.Checker interface to be able to return Keys for memory mappings. It returns Keys rather than just mappings because whether the address or the target of the mapping is used in the Key depends on whether the mapping is MAP_SHARED or MAP_PRIVATE; this matters because using mapping target for a futex on a MAP_PRIVATE mapping causes it to stop working across COW-breaking. - futex.Manager.WaitComplete depends on atomic updates to futex.Waiter.addr to determine when it has locked the right bucket, which is much less straightforward for struct futex.Waiter.key. Switch to an atomically-accessed futex.Waiter.bucket pointer. - futex.Manager.Wake now needs to take a futex.Checker to resolve addresses for shared futexes. CLONE_CHILD_CLEARTID requires the exit path to perform a shared futex wakeup (Linux: kernel/fork.c:mm_release() => sys_futex(tsk->clear_child_tid, FUTEX_WAKE, ...)). This is a problem because futexChecker is in the syscalls/linux package. Move it to kernel. PiperOrigin-RevId: 216207039 Change-Id: I708d68e2d1f47e526d9afd95e7fed410c84afccf
2018-10-01Add itimer types to linux package, straceMichael Pratt
PiperOrigin-RevId: 215278262 Change-Id: Icd10384c99802be6097be938196044386441e282
2018-09-18Allow for MSG_CTRUNC in input flags for recv.Brian Geffon
PiperOrigin-RevId: 213481363 Change-Id: I8150ea20cebeb207afe031ed146244de9209e745
2018-09-17Allow NULL data in mount(2)Michael Pratt
PiperOrigin-RevId: 213315267 Change-Id: I7562bcd81fb22e90aa9c7dd9eeb94803fcb8c5af
2018-09-14Make gVisor hard link check match Linux's.Nicolas Lacasse
Linux permits hard-linking if the target is owned by the user OR the target has Read+Write permission. PiperOrigin-RevId: 213024613 Change-Id: If642066317b568b99084edd33ee4e8822ec9cbb3
2018-09-14Fix interaction between rt_sigtimedwait and ignored signals.Jamie Liu
PiperOrigin-RevId: 213011782 Change-Id: I716c6ea3c586b0c6c5a892b6390d2d11478bc5af
2018-09-05Open(2) isn't honoring O_NOFOLLOWBrian Geffon
PiperOrigin-RevId: 211644897 Change-Id: I882ed827a477d6c03576463ca5bf2d6351892b90
2018-08-23Implement POSIX per-process interval timers.Jamie Liu
PiperOrigin-RevId: 210021612 Change-Id: If7c161e6fd08cf17942bfb6bc5a8d2c4e271c61e
2018-08-20getdents should return type=DT_DIR for SpecialDirectories.Nicolas Lacasse
It was returning DT_UNKNOWN, and this was breaking numpy. PiperOrigin-RevId: 209459351 Change-Id: Ic6f548e23aa9c551b2032b92636cb5f0df9ccbd4
2018-08-14Automated rollback of changelist 208284483Nicolas Lacasse
PiperOrigin-RevId: 208685417 Change-Id: Ie2849c4811e3a2d14a002f521cef018ded0c6c4a
2018-08-10Implemented the splice(2) syscall.Justine Olshan
Currently the implementation matches the behavior of moving data between two file descriptors. However, it does not implement this through zero-copy movement. Thus, this code is a starting point to build the more complex implementation. PiperOrigin-RevId: 208284483 Change-Id: Ibde79520a3d50bc26aead7ad4f128d2be31db14e
2018-08-10Validate FS.base before establishing it in the task's register set.Neel Natu
PiperOrigin-RevId: 208229341 Change-Id: I5d84bc52bbafa073446ef497e56958d0d7955aa8
2018-08-09Fix missing O_LARGEFILE from O_CREAT filesMichael Pratt
Cleanup some more syscall.O_* references while we're here. PiperOrigin-RevId: 208133460 Change-Id: I48db71a38f817e4f4673977eafcc0e3874eb9a25
2018-08-02Copy creds in accessMichael Pratt
PiperOrigin-RevId: 207181631 Change-Id: Ic6205278715a9260fb970efb414fc758ea72c4c6
2018-08-02Update comment referenceMichael Pratt
PiperOrigin-RevId: 207180809 Change-Id: I08c264812919e81b2c56fdd4a9ef06924de8b52f
2018-08-02Automated rollback of changelist 207037226Zhaozhong Ni
PiperOrigin-RevId: 207125440 Change-Id: I6c572afb4d693ee72a0c458a988b0e96d191cd49
2018-08-02Add seccomp(2) support.Brian Geffon
Add support for the seccomp syscall and the flag SECCOMP_FILTER_FLAG_TSYNC. PiperOrigin-RevId: 207101507 Change-Id: I5eb8ba9d5ef71b0e683930a6429182726dc23175
2018-08-01Automated rollback of changelist 207007153Michael Pratt
PiperOrigin-RevId: 207037226 Change-Id: I8b5f1a056d4f3eab17846f2e0193bb737ecb5428
2018-08-01stateify: convert all packages to use explicit mode.Zhaozhong Ni
PiperOrigin-RevId: 207007153 Change-Id: Ifedf1cc3758dc18be16647a4ece9c840c1c636c9
2018-07-31proc: show file flags in fdinfoAndrei Vagin
Currently, there is an attempt to print FD flags, but they are not decoded into a number, so we see something like this: /criu # cat /proc/self/fdinfo/0 flags: {%!o(bool=000false)} Actually, fdinfo has to contain file flags. Change-Id: Idcbb7db908067447eb9ae6f2c3cfb861f2be1a97 PiperOrigin-RevId: 206794498
2018-07-27Added the O_LARGEFILE flag.Justine Olshan
This flag will always be true for gVisor files. PiperOrigin-RevId: 206355963 Change-Id: I2f03d2412e2609042df43b06d1318cba674574d0
2018-07-27stateify: support explicit annotation mode; convert refs and stack packages.Zhaozhong Ni
We have been unnecessarily creating too many savable types implicitly. PiperOrigin-RevId: 206334201 Change-Id: Idc5a3a14bfb7ee125c4f2bb2b1c53164e46f29a8
2018-07-19kernel: mutations on creds now require a copy.Adin Scannell
PiperOrigin-RevId: 205315612 Change-Id: I9a0a1e32c8abfb7467a38743b82449cc92830316
2018-07-12Fix aio eventfd lookupMichael Pratt
We're failing to set eventFile in the outer scope. PiperOrigin-RevId: 204392995 Change-Id: Ib9b04f839599ef552d7b5951d08223e2b1d5f6ad
2018-06-29aio: Return EINVAL if the number of events is negative.Nicolas Lacasse
PiperOrigin-RevId: 202671065 Change-Id: I248b74544d47ddde9cd59d89aa6ccb7dad2b6f89
2018-06-28Check for invalid offset when submitting an AIO read/write request.Nicolas Lacasse
PiperOrigin-RevId: 202528335 Change-Id: Ic32312cf4337bcb40a7155cb2174e5cd89a280f7
2018-06-27Ignore MADV_DONTDUMP and MADV_DODUMP.Jamie Liu
PiperOrigin-RevId: 202361912 Change-Id: I1d0ee529073954d467b870872f494cebbf8ea61a
2018-06-21Implement ioctl(FIOASYNC)Ian Gudger
FIOASYNC and friends are used to send signals when a file is ready for IO. This may or may not be needed by Nginx. While Nginx does use it, it is unclear if the code that uses it has any effect. PiperOrigin-RevId: 201550828 Change-Id: I7ba05a7db4eb2dfffde11e9bd9a35b65b98d7f50