summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls
AgeCommit message (Collapse)Author
2020-05-26Implement splice(2) and tee(2) for VFS2.Jamie Liu
Updates #138 PiperOrigin-RevId: 313326354
2020-05-15Remove debug log left behind by mistake.Bhasker Hariharan
PiperOrigin-RevId: 311808460
2020-05-14Make utimes_test pass on VFS2.Jamie Liu
PiperOrigin-RevId: 311657502
2020-05-14Port memfd_create to vfs2 and finish implementation of file seals.Nicolas Lacasse
Closes #2612. PiperOrigin-RevId: 311548074
2020-05-07Fix ARM64 build.Adin Scannell
The common syscall definitions mean that ARM64-exclusive files need stubs in the ARM64 build. PiperOrigin-RevId: 310446698
2020-05-07Move pkg/sentry/vfs/{eventfd,timerfd} to new packages in pkg/sentry/fsimpl.Nicolas Lacasse
They don't depend on anything in VFS2, so they should be their own packages. PiperOrigin-RevId: 310416807
2020-05-07Port signalfd to vfs2.Nicolas Lacasse
PiperOrigin-RevId: 310404113
2020-05-06Remove vfs.FileDescriptionOptions.InvalidWrite.Jamie Liu
Compare: https://elixir.bootlin.com/linux/v5.6/source/fs/timerfd.c#L431 PiperOrigin-RevId: 310246908
2020-05-06Fix runsc syscall documentation generation.Adin Scannell
We can register any number of tables with any number of architectures, and need not limit the definitions to the architecture in question. This allows runsc to generate documentation for all architectures simultaneously. Similarly, this simplifies the VFSv2 patching process. PiperOrigin-RevId: 310224827
2020-05-06Add maximum memory limit.Nicolas Lacasse
PiperOrigin-RevId: 310179277
2020-05-05Update vfs2 socket TODOs.Dean Deng
Three updates: - Mark all vfs2 socket syscalls as supported. - Use the same dev number and ino number generator for all types of sockets, unlike in VFS1. - Do not use host fd for hostinet metadata. Fixes #1476, #1478, #1484, 1485, #2017. PiperOrigin-RevId: 309994579
2020-05-04Port eventfd to VFS2.Nicolas Lacasse
And move sys_timerfd.go to just timerfd.go for consistency. Updates #1475. PiperOrigin-RevId: 309835029
2020-04-29Add read/write timeouts for VFS2 socket files.Dean Deng
Updates #1476 PiperOrigin-RevId: 309098590
2020-04-25Enable automated marshalling for signals and the arch package.Rahat Mahmood
PiperOrigin-RevId: 308472331
2020-04-24Port SCM Rights to VFS2.Dean Deng
Fixes #1477. PiperOrigin-RevId: 308317511
2020-04-23Enable automated marshalling for mempolicy syscalls.Rahat Mahmood
PiperOrigin-RevId: 308170679
2020-04-23Enable automated marshalling for epoll events.Rahat Mahmood
Ensure we use the correct architecture-specific defintion of epoll event, and use go-marshal for serialization. PiperOrigin-RevId: 308145677
2020-04-21Fix set/getsockopt in vfs2 override.Dean Deng
Updates #1476. PiperOrigin-RevId: 307726055
2020-04-21Misc VFS2 fixesFabricio Voznika
- Fix defer operation ordering in kernfs.Filesystem.AccessAt() - Add AT_NULL entry in proc/pid/auvx - Fix line padding in /proc/pid/maps - Fix linux_dirent serialization for getdents(2) - Remove file creation flags from vfs.FileDescription.statusFlags() Updates #1193, #1035 PiperOrigin-RevId: 307704159
2020-04-17prlimit: don't check credentials on selfKevin Krakauer
prlimit was erroneously comparing UIDs and GIDs when getting/setting a process' own limits. From the manpage: To set or get the resources of a process other than itself, the caller must have the CAP_SYS_RESOURCE capability, or the real, effective, and saved set user IDs of the target process must match the real user ID of the caller and the real, effective, and saved set group IDs of the target process must match the real group ID of the caller. PiperOrigin-RevId: 307127266
2020-04-16Implement pipe(2) and pipe2(2) for VFS2.Jamie Liu
Updates #1035 PiperOrigin-RevId: 306968644
2020-04-16Make ExtractErrno a functionFabricio Voznika
PiperOrigin-RevId: 306891171
2020-04-14Fix cleanup around socketpair() failure to copy out FDs.Jamie Liu
- Use the fs.File, rather than the vfs.FileDescription, in the VFS1 version. - Check for a nil fs.File/vfs.FileDescription before calling DecRef, which is possible if a racing dup2() or dup3() replaces the file descriptor between when it is installed and when it is returned. (This is not possible in Linux because Linux separates allocation of a file descriptor from binding an allocated file descriptor to a struct file, and dup2/dup3 return EBUSY if asked to replace an allocated but unbound file descriptor.) PiperOrigin-RevId: 306517101
2020-04-14Pass O_LARGEFILE in syscalls/linux/vfs2.openat.Jamie Liu
Needed for PipeTest_Flags: files opened by open() and openat() get O_LARGEFILE (on architectures with 64-bit off_t), but not FDs created by other syscalls such as pipe(). Updates #1035 PiperOrigin-RevId: 306504788
2020-04-13Don't allow read/write when offset+size overflows.Nicolas Lacasse
PiperOrigin-RevId: 306348346
2020-04-13Port socket-related syscalls to VFS2.Dean Deng
Note that most kinds of sockets are not yet supported in VFS2 (only Unix sockets are partially supported at the moment), so these syscalls will still generally fail. Enabling them allows us to begin running socket tests for VFS2 as more features are ported over. Updates #1476, #1478, #1484, #1485. PiperOrigin-RevId: 306292294
2020-04-13Fix VFS2 getdents()/getdents64() alignment.Jamie Liu
PiperOrigin-RevId: 306263615
2020-04-10Add logging message for noNewPrivileges OCI option.Ian Lewis
noNewPrivileges is ignored if set to false since gVisor assumes that PR_SET_NO_NEW_PRIVS is always enabled. PiperOrigin-RevId: 305991947
2020-04-10Port extended attributes to VFS2.Dean Deng
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs and goferfs. Note that because of the slightly different order of checks between VFS2 and Linux, one of the xattr tests needs to be relaxed slightly. Fixes #2363. PiperOrigin-RevId: 305985121
2020-04-09Remove TODOs from Async IOFabricio Voznika
Block and drain requests in io_destroy(2). Note the reason to create read-only mapping. PiperOrigin-RevId: 305786312
2020-04-08splice: cap splice calls to MAX_RW_COUNTAndrei Vagin
The Linux does the same. Reported-by: syzbot+e81716e8956e92e9d56b@syzkaller.appspotmail.com PiperOrigin-RevId: 305625439
2020-04-06Port timerfd to VFS2.Nicolas Lacasse
PiperOrigin-RevId: 305067208
2020-03-31Implement automated marshalling for slices of Marshallable types.Rahat Mahmood
PiperOrigin-RevId: 304119255
2020-03-25Misc fixes to make stat_test pass (almost)Fabricio Voznika
The only test failing now requires socket which is not available in VFS2 yet. Updates #1198 PiperOrigin-RevId: 302976572
2020-03-23Correctly release taskPathOperation for accessAt.Dean Deng
PiperOrigin-RevId: 302518924
2020-03-16Enforce file size rlimits in VFS2Fabricio Voznika
Updates #1035 PiperOrigin-RevId: 301255357
2020-03-14Plumb VFS2 imported fds into virtual filesystem.Dean Deng
- When setting up the virtual filesystem, mount a host.filesystem to contain all files that need to be imported. - Make read/preadv syscalls to the host in cases where preadv2 may not be supported yet (likewise for writing). - Make save/restore functions in kernel/kernel.go return early if vfs2 is enabled. PiperOrigin-RevId: 300922353
2020-03-13Implement access/faccessat for VFS2.Dean Deng
Note that the raw faccessat system call does not actually take a flags argument; according to faccessat(2), the glibc wrapper implements the flags by using fstatat(2). Remove the flag argument that we try to extract from vfs1, which would just be a garbage value. Updates #1965 Fixes #2101 PiperOrigin-RevId: 300796067
2020-02-26Fix construct of linux.Stat for arm64.Rahat Mahmood
PiperOrigin-RevId: 297494373
2020-02-25Fix DATA RACE in fs.MayDelete.Adin Scannell
MayDelete must lock the directory also, otherwise concurrent renames may race. Note that this also changes the methods to be aligned with the actual Remove and RemoveDirectory methods to minimize confusion when reading the code. (It was hard to see that resolution was correct.) PiperOrigin-RevId: 297258304
2020-02-25Port most syscalls to VFS2.Jamie Liu
pipe and pipe2 aren't ported, pending a slight rework of pipe FDs for VFS2. mount and umount2 aren't ported out of temporary laziness. access and faccessat need additional FSImpl methods to implement properly, but are stubbed to prevent googletest from CHECK-failing. Other syscalls require additional plumbing. Updates #1623 PiperOrigin-RevId: 297188448
2020-02-20Remove bytes read/written from marshal.Marshallable API.gVisor bot
Users of the API only care about whether the copy in/out succeeds in their entirety, which is already signalled by the returned error. PiperOrigin-RevId: 296297843
2020-02-14Remove linux.EpollEvent.Fd.gVisor bot
glibc defines struct epoll_event in such a way that epoll_event.data.fd exists. However, the kernel's definition of struct epoll_event makes epoll_event.data an opaque uint64, so naming half of it "fd" just introduces confusion. Remove the Fd field, and make Data a [2]int32 to compensate. Also add required padding to linux.EpollEvent on ARM64. PiperOrigin-RevId: 295250424
2020-02-14Enable automated marshalling for struct stat.gVisor bot
This requires fixing a few build issues for non-am64 platforms. PiperOrigin-RevId: 295196922
2020-02-14Plumb VFS2 inside the SentrygVisor bot
- Added fsbridge package with interface that can be used to open and read from VFS1 and VFS2 files. - Converted ELF loader to use fsbridge - Added VFS2 types to FSContext - Added vfs.MountNamespace to ThreadGroup Updates #1623 PiperOrigin-RevId: 295183950
2020-02-10Refactor getxattr.Dean Deng
Put most of the logic for getxattr in one place for clarity. This simplifies FGetXattr and getXattrFromPath, which are just wrappers for getXattr. PiperOrigin-RevId: 294308332
2020-02-07Support listxattr and removexattr syscalls.Dean Deng
Note that these are only implemented for tmpfs, and other impls will still return EOPNOTSUPP. PiperOrigin-RevId: 293899385
2020-02-05Disable get/set xattrs until list/remove exist too.Nicolas Lacasse
PiperOrigin-RevId: 293411655
2020-02-04timer_create(2) should return 0 on successMichael Pratt
The timer ID is copied out to the argument. Fixes #1738 PiperOrigin-RevId: 293210801
2020-01-30Enforce splice offset limitsMichael Pratt
Splice must not allow negative offsets. Writes also must not allow offset + size to overflow int64. Reads are similarly broken, but not just in splice (b/148095030). Reported-by: syzbot+0e1ff0b95fb2859b4190@syzkaller.appspotmail.com PiperOrigin-RevId: 292361208