summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls
AgeCommit message (Collapse)Author
2019-11-04Check that a file is a regular file with open(O_TRUNC).Kevin Krakauer
It was possible to panic the sentry by opening a cache revalidating folder with O_TRUNC|O_CREAT. PiperOrigin-RevId: 278417533
2019-11-04Update membarrier bugMichael Pratt
Updates #267 PiperOrigin-RevId: 278402684
2019-10-29Disallow execveat on interpreter scripts with fd opened with O_CLOEXEC.Dean Deng
When an interpreter script is opened with O_CLOEXEC and the resulting fd is passed into execveat, an ENOENT error should occur (the script would otherwise be inaccessible to the interpreter). This matches the actual behavior of Linux's execveat. PiperOrigin-RevId: 277306680
2019-10-25Aggregate arguments for loading executables into a single struct.Dean Deng
This change simplifies the function signatures of functions related to loading executables, such as LoadTaskImage, Load, loadBinary. PiperOrigin-RevId: 276821187
2019-10-24Handle AT_SYMLINK_NOFOLLOW flag for execveat.Dean Deng
PiperOrigin-RevId: 276441249
2019-10-23Handle AT_EMPTY_PATH flag in execveat.Dean Deng
PiperOrigin-RevId: 276419967
2019-10-22Update const names to be Go style.Ian Lewis
PiperOrigin-RevId: 276165962
2019-10-21Remove old TODO.Nicolas Lacasse
PiperOrigin-RevId: 275956240
2019-10-21Add basic implementation of execveat syscall and associated tests.Dean Deng
Allow file descriptors of directories as well as AT_FDCWD. PiperOrigin-RevId: 275929668
2019-10-16Reorder BUILD license and load functions in gvisor.Kevin Krakauer
PiperOrigin-RevId: 275139066
2019-10-16Add sublevel to kernel versionMichael Pratt
Standard Linux kernel versions are VERSION.PATCHLEVEL.SUBLEVEL. e.g., 4.4.0, even when the sublevel is 0. Match this standard. PiperOrigin-RevId: 275125715
2019-10-16Fix syscall changes lost in rebaseMichael Pratt
These syscalls were changed in the amd64 file around the time the arm64 PR was sent out, so their changes got lost. Updates #63 PiperOrigin-RevId: 275114194
2019-10-07Merge pull request #753 from lubinszARM:pr_syscall_linuxgVisor bot
PiperOrigin-RevId: 273364848
2019-10-03Don't report partialResult errors from sendfileAndrei Vagin
The input file descriptor is always a regular file, so sendfile can't lose any data if it will not be able to write them to the output file descriptor. Reported-by: syzbot+22d22330a35fa1c02155@syzkaller.appspotmail.com PiperOrigin-RevId: 272730357
2019-10-02Merge branch 'master' into pr_syscall_linuxAndrei Vagin
2019-09-30splice: compare inode numbers only if both ends are pipesAndrei Vagin
It isn't allowed to splice data from and into the same pipe. But right now this check is broken, because we don't check that both ends are pipes. PiperOrigin-RevId: 272107022
2019-09-30Only copy out remaining time on nanosleep successMichael Pratt
It looks like the old code attempted to do this, but didn't realize that err != nil even in the happy case. PiperOrigin-RevId: 272005887
2019-09-27Merge pull request #864 from tanjianfeng:fix-861gVisor bot
PiperOrigin-RevId: 271649711
2019-09-27Implement SO_BINDTODEVICE sockoptgVisor bot
PiperOrigin-RevId: 271644926
2019-09-24Stub out readahead implementation.Adin Scannell
Closes #261 PiperOrigin-RevId: 270973347
2019-09-20fix set hostnameJianfeng Tan
Previously, when we set hostname: $ strace hostname abc ... sethostname("abc", 3) = -1 ENAMETOOLONG (File name too long) ... According to man 2 sethostname: "The len argument specifies the number of bytes in name. (Thus, name does not require a terminating null byte.)" We wrongly use the CopyStringIn() to check terminating zero byte in the implementation of sethostname syscall. To fix this, we use CopyInBytes() instead. Fixes: #861 Reported-by: chenglang.hy <chenglang.hy@antfin.com> Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
2019-09-18Signalfd supportAdin Scannell
Note that the exact semantics for these signalfds are slightly different from Linux. These signalfds are bound to the process at creation time. Reads, polls, etc. are all associated with signals directed at that task. In Linux, all signalfd operations are associated with current, regardless of where the signalfd originated. In practice, this should not be an issue given how signalfds are used. In order to fix this however, we will need to plumb the context through all the event APIs. This gets complicated really quickly, because the waiter APIs are all netstack-specific, and not generally exposed to the context. Probably not worthwhile fixing immediately. PiperOrigin-RevId: 269901749
2019-09-18enable syscalls/linux to support arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com> Change-Id: I45af8a54304f8bb0e248ab15f4e20b173ea9e430
2019-09-13gvisor: return ENOTDIR from the unlink syscallAndrei Vagin
ENOTDIR has to be returned when a component used as a directory in pathname is not, in fact, a directory. PiperOrigin-RevId: 269037893
2019-09-12Implement splice methods for pipes and sockets.Adin Scannell
This also allows the tee(2) implementation to be enabled, since dup can now be properly supported via WriteTo. Note that this change necessitated some minor restructoring with the fs.FileOperations splice methods. If the *fs.File is passed through directly, then only public API methods are accessible, which will deadlock immediately since the locking is already done by fs.Splice. Instead, we pass through an abstract io.Reader or io.Writer, which elide locks and use the underlying fs.FileOperations directly. PiperOrigin-RevId: 268805207
2019-08-27Fix sendfile(2) error codeFabricio Voznika
When output file is in append mode, sendfile(2) should fail with EINVAL and not EBADF. Closes #721 PiperOrigin-RevId: 265718958
2019-08-19Document RWF_HIPRI not implemented for preadv2/pwritev2.Zach Koopmans
Document limitation of no reasonable implementation for RWF_HIPRI flag (High Priority Read/Write for block-based file systems). PiperOrigin-RevId: 264237589
2019-08-12Handle ENOSPC with a partial write.Nicolas Lacasse
Similar to the EPIPE case, we can return the number of bytes written before ENOSPC was encountered. If the app tries to write more, we can return ENOSPC on the next write. PiperOrigin-RevId: 263041648
2019-08-07ext: vfs.FileDescriptionImpl and vfs.FilesystemImpl implementations.Ayush Ranjan
- This also gets rid of pipes for now because pipe does not have vfs2 specific support yet. - Added file path resolution logic. - Fixes testing infrastructure. - Does not include unit tests yet. PiperOrigin-RevId: 262213950
2019-08-06Require pread/pwrite for splice file offsetsMichael Pratt
If there is an offset, the file must support pread/pwrite. See fs/splice.c:do_splice. PiperOrigin-RevId: 261944932
2019-08-02Plumbing for iptables sockopts.Kevin Krakauer
PiperOrigin-RevId: 261413396
2019-08-01Drop reference on fs.Inode if Mount goes wrong.Nicolas Lacasse
PiperOrigin-RevId: 261203674
2019-07-30Merge pull request #607 from DarcySail:mastergVisor bot
PiperOrigin-RevId: 260783254
2019-07-30Add feature to launch Sentry from an open host FD.Zach Koopmans
Adds feature to launch from an open host FD instead of a binary_path. The FD should point to a valid executable and most likely be statically compiled. If the executable is not statically compiled, the loader will search along the interpreter paths, which must be able to be resolved in the Sandbox's file system or start will fail. PiperOrigin-RevId: 260756825
2019-07-30Combine multiple epoll events copiesHang Su
Allocate a larger memory buffer and combine multiple copies into one copy, to reduce the number of copies from kernel memory to user memory. Signed-off-by: Hang Su <darcy.sh@antfin.com>
2019-07-29Rate limit the unimplemented syscall event handler.Nicolas Lacasse
This introduces two new types of Emitters: 1. MultiEmitter, which will forward events to other registered Emitters, and 2. RateLimitedEmitter, which will forward events to a wrapped Emitter, subject to given rate limits. The methods in the eventchannel package itself act like a multiEmitter, but is not actually an Emitter. Now we have a DefaultEmitter, and the methods in eventchannel simply forward calls to the DefaultEmitter. The unimplemented syscall handler now uses a RateLimetedEmitter that wraps the DefaultEmitter. PiperOrigin-RevId: 260612770
2019-07-19Merge pull request #450 from Pixep:feature/add-clock-boottime-as-monotonicgVisor bot
PiperOrigin-RevId: 258996346
2019-07-18net/tcp/setockopt: impelment setsockopt(fd, SOL_TCP, TCP_INQ)Andrei Vagin
PiperOrigin-RevId: 258859507
2019-07-17sys_time: Wrap comments to 80 columnsAdrien Leravat
2019-07-17Separate O_DSYNC and O_SYNC.Jamie Liu
PiperOrigin-RevId: 258657913
2019-07-12Don't emit an event for extended attribute syscalls.Nicolas Lacasse
These are filesystem-specific, and filesystems are allowed to return ENOTSUP if they are not supported. PiperOrigin-RevId: 257813477
2019-07-09Cleanup straggling syscall dependencies.Adin Scannell
PiperOrigin-RevId: 257293198
2019-07-08Don't mask errors in createAt loop.Nicolas Lacasse
The error set in the loop in createAt was being masked by other errors declared with ":=". This allowed an ErrResolveViaReadlink error to escape, which can cause a sentry panic. Added test case which repros without the fix. PiperOrigin-RevId: 257061767
2019-07-03Fix syscall doc for getresgidIan Lewis
PiperOrigin-RevId: 256481284
2019-07-02Remove map from fd_map, change to fd_table.Adin Scannell
This renames FDMap to FDTable and drops the kernel.FD type, which had an entire package to itself and didn't serve much use (it was freely cast between types, and served as more of an annoyance than providing any protection.) Based on BenchmarkFDLookupAndDecRef-12, we can expect 5-10 ns per lookup operation, and 10-15 ns per concurrent lookup operation of savings. This also fixes two tangential usage issues with the FDMap. Namely, non-atomic use of NewFDFrom and associated calls to Remove (that are both racy and fail to drop the reference on the underlying file.) PiperOrigin-RevId: 256285890
2019-07-02Add documentation for remaining syscalls (fixes #197, #186)Ian Lewis
Adds support level documentation for all syscalls. Removes the Undocumented utility function to discourage usage while leaving SupportUndocumented as the default support level for Syscall structs. PiperOrigin-RevId: 256281927
2019-07-02Simplify (and fix) refcounts in createAt.Nicolas Lacasse
fileOpAt holds references on the Dirents passed as arguments to the callback, and drops refs when finished, so we don't need to DecRef those Dirents ourselves However, all Dirents that we get from FindInode/FindLink must be DecRef'd. This CL cleans up the ref-counting logic, and fixes some refcount issues in the process. PiperOrigin-RevId: 256220882
2019-07-01Check remaining traversal limit when creating a file through a symlink.Nicolas Lacasse
This fixes the case when an app tries to create a file that already exists, and is a symlink to itself. A test was added. PiperOrigin-RevId: 256044811
2019-06-28Remove events from name_to_handle_at and open_by_handle_at.Nicolas Lacasse
These syscalls require filesystem support that gVisor does not provide, and is not planning to implement. Their absense should not trigger an event. PiperOrigin-RevId: 255692871
2019-06-27Complete pipe support on overlayfsFabricio Voznika
Get/Set pipe size and ioctl support were missing from overlayfs. It required moving the pipe.Sizer interface to fs so that overlay could get access. Fixes #318 PiperOrigin-RevId: 255511125