summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls
AgeCommit message (Collapse)Author
2021-02-25Merge release-20210208.0-96-ge50ee2620 (automated)gVisor bot
2021-02-25Implement SEM_STAT_ANY cmd of semctl.Jing Chen
PiperOrigin-RevId: 359591577
2021-02-24Merge release-20210208.0-85-gacd516cfe (automated)gVisor bot
2021-02-24Add YAMA security module restrictions on ptrace(2).Dean Deng
Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723
2021-02-24Merge release-20210208.0-84-g6e000d342 (automated)gVisor bot
2021-02-24Use async task context for async IO.Dean Deng
PiperOrigin-RevId: 359235699
2021-02-22Merge release-20210208.0-80-gc5a4e1000 (automated)gVisor bot
2021-02-22unix: sendmmsg and recvmsg have to cap a number of message to UIO_MAXIOVAndrei Vagin
Reported-by: syzbot+f2489ba0b999a45d1ad1@syzkaller.appspotmail.com PiperOrigin-RevId: 358866218
2021-02-11Merge release-20210201.0-87-gc833eed80 (automated)gVisor bot
2021-02-11Implement semtimedop.Jing Chen
PiperOrigin-RevId: 357031904
2021-02-09Merge release-20210201.0-56-ge51f775cb (automated)gVisor bot
2021-02-08[go-marshal] Remove binary package reference from syscalls package.Ayush Ranjan
Fixes a bug in our getsockopt(2) implementation which was incorrectly using binary.Size() instead of Marshallable.SizeBytes(). PiperOrigin-RevId: 356396551
2021-02-02Merge release-20210125.0-60-gd6d169320 (automated)gVisor bot
2021-02-02Add ETIMEDOUT to partial result listFabricio Voznika
Reported-by: syzbot+db8d83f93b84fcb84374@syzkaller.appspotmail.com PiperOrigin-RevId: 355213994
2021-01-28Merge release-20210125.0-15-gd8c330254 (automated)gVisor bot
2021-01-28Add O_PATH support in vfs2gVisor bot
PiperOrigin-RevId: 354367665
2021-01-26Merge release-20210112.0-93-g203890b13 (automated)gVisor bot
2021-01-26Move inotify events from syscall to vfs layer.Dean Deng
This also causes inotify events to be generated when reading files for exec. This change also requires us to adjust splice+inotify tests due to discrepancies between gVisor and Linux behavior. Note that these discrepancies existed before; we just did not exercise them previously. See comment for more details. Fixes #5348. PiperOrigin-RevId: 353907187
2021-01-22Merge release-20210112.0-75-gf52f0101b (automated)gVisor bot
2021-01-22Implement F_GETLK fcntl.Dean Deng
Fixes #5113. PiperOrigin-RevId: 353313374
2021-01-21Merge release-20210112.0-56-g2c58af226 (automated)gVisor bot
2021-01-20Update splice syscall documentation.Dean Deng
PiperOrigin-RevId: 352954044
2021-01-21Merge release-20210112.0-51-g55332aca9 (automated)gVisor bot
2021-01-20Move Lock/UnlockPOSIX into LockFD util.Dean Deng
PiperOrigin-RevId: 352904728
2021-01-15Merge release-20210112.0-25-ge57ebcd37 (automated)gVisor bot
2021-01-14Simplify the pipe implementation.Jamie Liu
- Remove the pipe package's dependence on the buffer package, which becomes unused as a result. The buffer package is currently intended to serve two use cases, pipes and temporary buffers, and does neither optimally as a result; this change facilitates retooling the buffer package to better serve the latter. - Pass callbacks taking safemem.BlockSeq to the internal pipe I/O methods, which makes most callbacks trivial. - Fix VFS1's splice() and tee() to immediately return if a pipe returns a partial write. PiperOrigin-RevId: 351911375
2021-01-12Merge release-20201216.0-87-g4e03e8754 (automated)gVisor bot
2021-01-12Fix simple mistakes identified by goreportcard.Adin Scannell
These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971
2021-01-08Merge release-20201216.0-72-gbf343394d (automated)gVisor bot
2021-01-07Implement the semtimedop syscallAndrei Vagin
Signed-off-by: Andrei Vagin <avagin@gmail.com>
2021-01-05Merge release-20201208.0-110-gce7a4440c (automated)gVisor bot
2021-01-05Fix panic when parsing SO_TIMESTAMP cmsgKevin Krakauer
PiperOrigin-RevId: 350223482
2020-12-31Merge release-20201208.0-102-g807a080d9 (automated)gVisor bot
2020-12-31Add missing error checks for FileDescription.Init.Dean Deng
Syzkaller discovered this bug in pipefs by doing something quite strange: creat(&(0x7f0000002a00)='./file1\x00', 0x0) mount(&(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='devtmpfs\x00', 0x20000d, 0x0) creat(&(0x7f0000000000)='./file1/file0\x00', 0x0) This can be reproduced with: touch mymount mkfifo /dev/mypipe mount -o ro -t devtmpfs devtmpfs mymount echo 123 > mymount/mypipe PiperOrigin-RevId: 349687714
2020-12-30Merge release-20201208.0-98-g0fb5de115 (automated)gVisor bot
2020-12-30Merge release-20201208.0-96-ged5850e8e (automated)gVisor bot
2020-12-30Merge release-20201208.0-95-gfc153750e (automated)gVisor bot
2020-12-30Merge release-20201208.0-94-gffa9a715a (automated)gVisor bot
2020-12-30Merge release-20201208.0-91-g85c1c3ed4 (automated)gVisor bot
2020-12-29Merge release-20201208.0-90-g91c05c609 (automated)gVisor bot
2020-12-28Merge release-20201208.0-89-g3ff7324df (automated)gVisor bot
2020-12-23vfs1: don't allow to open socket filesAndrei Vagin
open() has to return ENXIO in this case. O_PATH isn't supported by vfs1. PiperOrigin-RevId: 348820478
2020-12-17[netstack] Implement MSG_ERRQUEUE flag for recvmsg(2).Ayush Ranjan
Introduces the per-socket error queue and the necessary cmsg mechanisms. PiperOrigin-RevId: 348028508
2020-12-15Implement command SEM_INFO and SEM_STAT for semctl.Jing Chen
PiperOrigin-RevId: 347711998
2020-12-15[syzkaller] Avoid AIOContext from resurrecting after being marked dead.Ayush Ranjan
syzkaller reported the closing of a nil channel. This is only possible when the AIOContext was destroyed twice. Some scenarios that could lead to this: - It died and then some called aioCtx.Prepare() on it and then killed it again which could cause the double destroy. The context could have been destroyed in between the call to LookupAIOContext() and Prepare(). - aioManager was destroyed but it did not update the contexts map. So Lookup could still return a dead AIOContext and then someone could call Prepare on it and kill it again. So added a check in aioCtx.Prepare() for the context being dead. This will prevent a dead context from resurrecting. Also refactored code to destroy the aioContext consistently. Earlier we were not munmapping the aioContexts that were destroyed upon aioManager destruction. Reported-by: syzbot+ef6a588d0ce6059991d2@syzkaller.appspotmail.com PiperOrigin-RevId: 347704347
2020-12-14Merge release-20201208.0-41-gab593661e (automated)gVisor bot
2020-12-12Merge release-20201208.0-40-g08d36b6c6 (automated)gVisor bot
2020-12-12Merge release-20201208.0-39-g4aef908c9 (automated)gVisor bot
2020-12-12Merge release-20201208.0-38-g4b697aae5 (automated)gVisor bot
2020-12-12Merge release-20201208.0-36-g1e92732eb (automated)gVisor bot