summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls
AgeCommit message (Collapse)Author
2019-11-27Add support for receiving TOS and TCLASS control messages in hostinet.Dean Deng
This involves allowing getsockopt/setsockopt for the corresponding socket options, as well as allowing hostinet to process control messages received from the actual recvmsg syscall. PiperOrigin-RevId: 282851425
2019-11-26Allow open(O_TRUNC) and (f)truncate for proc files.Ian Lewis
This allows writable proc and devices files to be opened with O_CREAT|O_TRUNC. This is encountered most frequently when interacting with proc or devices files via the command line. e.g. $ echo 8192 1048576 4194304 > /proc/sys/net/ipv4/tcp_rmem Also adds a test to test the behavior of open(O_TRUNC), truncate, and ftruncate on named pipes. Fixes #1116 PiperOrigin-RevId: 282677425
2019-11-26Mark execveat as supported for linux64_arm64.Dean Deng
PiperOrigin-RevId: 282667122
2019-11-20Pass OpenTruncate to gofer in Open call when opening file with O_TRUNC.Nicolas Lacasse
Note that the Sentry still calls Truncate() on the file before calling Open. A new p9 version check was added to ensure that the p9 server can handle the the OpenTruncate flag. If not, then the flag is stripped before sending. PiperOrigin-RevId: 281609112
2019-11-14Fix return codes for {get,set}sockopt for some nullptr cases.Ting-Yu Wang
Updates #1092 PiperOrigin-RevId: 280547239
2019-11-14Check that a file is a regular file with open(O_TRUNC).Kevin Krakauer
It was possible to panic the sentry by opening a cache revalidating folder with O_TRUNC|O_CREAT. Avoids breaking php tests. PiperOrigin-RevId: 280533213
2019-11-08Automated rollback of changelist 278417533Kevin Krakauer
PiperOrigin-RevId: 279365629
2019-11-04Check that a file is a regular file with open(O_TRUNC).Kevin Krakauer
It was possible to panic the sentry by opening a cache revalidating folder with O_TRUNC|O_CREAT. PiperOrigin-RevId: 278417533
2019-11-04Update membarrier bugMichael Pratt
Updates #267 PiperOrigin-RevId: 278402684
2019-10-29Disallow execveat on interpreter scripts with fd opened with O_CLOEXEC.Dean Deng
When an interpreter script is opened with O_CLOEXEC and the resulting fd is passed into execveat, an ENOENT error should occur (the script would otherwise be inaccessible to the interpreter). This matches the actual behavior of Linux's execveat. PiperOrigin-RevId: 277306680
2019-10-25Aggregate arguments for loading executables into a single struct.Dean Deng
This change simplifies the function signatures of functions related to loading executables, such as LoadTaskImage, Load, loadBinary. PiperOrigin-RevId: 276821187
2019-10-24Handle AT_SYMLINK_NOFOLLOW flag for execveat.Dean Deng
PiperOrigin-RevId: 276441249
2019-10-23Handle AT_EMPTY_PATH flag in execveat.Dean Deng
PiperOrigin-RevId: 276419967
2019-10-22Update const names to be Go style.Ian Lewis
PiperOrigin-RevId: 276165962
2019-10-21Remove old TODO.Nicolas Lacasse
PiperOrigin-RevId: 275956240
2019-10-21Add basic implementation of execveat syscall and associated tests.Dean Deng
Allow file descriptors of directories as well as AT_FDCWD. PiperOrigin-RevId: 275929668
2019-10-16Reorder BUILD license and load functions in gvisor.Kevin Krakauer
PiperOrigin-RevId: 275139066
2019-10-16Add sublevel to kernel versionMichael Pratt
Standard Linux kernel versions are VERSION.PATCHLEVEL.SUBLEVEL. e.g., 4.4.0, even when the sublevel is 0. Match this standard. PiperOrigin-RevId: 275125715
2019-10-16Fix syscall changes lost in rebaseMichael Pratt
These syscalls were changed in the amd64 file around the time the arm64 PR was sent out, so their changes got lost. Updates #63 PiperOrigin-RevId: 275114194
2019-10-07Merge pull request #753 from lubinszARM:pr_syscall_linuxgVisor bot
PiperOrigin-RevId: 273364848
2019-10-03Don't report partialResult errors from sendfileAndrei Vagin
The input file descriptor is always a regular file, so sendfile can't lose any data if it will not be able to write them to the output file descriptor. Reported-by: syzbot+22d22330a35fa1c02155@syzkaller.appspotmail.com PiperOrigin-RevId: 272730357
2019-10-02Merge branch 'master' into pr_syscall_linuxAndrei Vagin
2019-09-30splice: compare inode numbers only if both ends are pipesAndrei Vagin
It isn't allowed to splice data from and into the same pipe. But right now this check is broken, because we don't check that both ends are pipes. PiperOrigin-RevId: 272107022
2019-09-30Only copy out remaining time on nanosleep successMichael Pratt
It looks like the old code attempted to do this, but didn't realize that err != nil even in the happy case. PiperOrigin-RevId: 272005887
2019-09-27Merge pull request #864 from tanjianfeng:fix-861gVisor bot
PiperOrigin-RevId: 271649711
2019-09-27Implement SO_BINDTODEVICE sockoptgVisor bot
PiperOrigin-RevId: 271644926
2019-09-24Stub out readahead implementation.Adin Scannell
Closes #261 PiperOrigin-RevId: 270973347
2019-09-20fix set hostnameJianfeng Tan
Previously, when we set hostname: $ strace hostname abc ... sethostname("abc", 3) = -1 ENAMETOOLONG (File name too long) ... According to man 2 sethostname: "The len argument specifies the number of bytes in name. (Thus, name does not require a terminating null byte.)" We wrongly use the CopyStringIn() to check terminating zero byte in the implementation of sethostname syscall. To fix this, we use CopyInBytes() instead. Fixes: #861 Reported-by: chenglang.hy <chenglang.hy@antfin.com> Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
2019-09-18Signalfd supportAdin Scannell
Note that the exact semantics for these signalfds are slightly different from Linux. These signalfds are bound to the process at creation time. Reads, polls, etc. are all associated with signals directed at that task. In Linux, all signalfd operations are associated with current, regardless of where the signalfd originated. In practice, this should not be an issue given how signalfds are used. In order to fix this however, we will need to plumb the context through all the event APIs. This gets complicated really quickly, because the waiter APIs are all netstack-specific, and not generally exposed to the context. Probably not worthwhile fixing immediately. PiperOrigin-RevId: 269901749
2019-09-18enable syscalls/linux to support arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com> Change-Id: I45af8a54304f8bb0e248ab15f4e20b173ea9e430
2019-09-13gvisor: return ENOTDIR from the unlink syscallAndrei Vagin
ENOTDIR has to be returned when a component used as a directory in pathname is not, in fact, a directory. PiperOrigin-RevId: 269037893
2019-09-12Implement splice methods for pipes and sockets.Adin Scannell
This also allows the tee(2) implementation to be enabled, since dup can now be properly supported via WriteTo. Note that this change necessitated some minor restructoring with the fs.FileOperations splice methods. If the *fs.File is passed through directly, then only public API methods are accessible, which will deadlock immediately since the locking is already done by fs.Splice. Instead, we pass through an abstract io.Reader or io.Writer, which elide locks and use the underlying fs.FileOperations directly. PiperOrigin-RevId: 268805207
2019-08-27Fix sendfile(2) error codeFabricio Voznika
When output file is in append mode, sendfile(2) should fail with EINVAL and not EBADF. Closes #721 PiperOrigin-RevId: 265718958
2019-08-19Document RWF_HIPRI not implemented for preadv2/pwritev2.Zach Koopmans
Document limitation of no reasonable implementation for RWF_HIPRI flag (High Priority Read/Write for block-based file systems). PiperOrigin-RevId: 264237589
2019-08-12Handle ENOSPC with a partial write.Nicolas Lacasse
Similar to the EPIPE case, we can return the number of bytes written before ENOSPC was encountered. If the app tries to write more, we can return ENOSPC on the next write. PiperOrigin-RevId: 263041648
2019-08-07ext: vfs.FileDescriptionImpl and vfs.FilesystemImpl implementations.Ayush Ranjan
- This also gets rid of pipes for now because pipe does not have vfs2 specific support yet. - Added file path resolution logic. - Fixes testing infrastructure. - Does not include unit tests yet. PiperOrigin-RevId: 262213950
2019-08-06Require pread/pwrite for splice file offsetsMichael Pratt
If there is an offset, the file must support pread/pwrite. See fs/splice.c:do_splice. PiperOrigin-RevId: 261944932
2019-08-02Plumbing for iptables sockopts.Kevin Krakauer
PiperOrigin-RevId: 261413396
2019-08-01Drop reference on fs.Inode if Mount goes wrong.Nicolas Lacasse
PiperOrigin-RevId: 261203674
2019-07-30Merge pull request #607 from DarcySail:mastergVisor bot
PiperOrigin-RevId: 260783254
2019-07-30Add feature to launch Sentry from an open host FD.Zach Koopmans
Adds feature to launch from an open host FD instead of a binary_path. The FD should point to a valid executable and most likely be statically compiled. If the executable is not statically compiled, the loader will search along the interpreter paths, which must be able to be resolved in the Sandbox's file system or start will fail. PiperOrigin-RevId: 260756825
2019-07-30Combine multiple epoll events copiesHang Su
Allocate a larger memory buffer and combine multiple copies into one copy, to reduce the number of copies from kernel memory to user memory. Signed-off-by: Hang Su <darcy.sh@antfin.com>
2019-07-29Rate limit the unimplemented syscall event handler.Nicolas Lacasse
This introduces two new types of Emitters: 1. MultiEmitter, which will forward events to other registered Emitters, and 2. RateLimitedEmitter, which will forward events to a wrapped Emitter, subject to given rate limits. The methods in the eventchannel package itself act like a multiEmitter, but is not actually an Emitter. Now we have a DefaultEmitter, and the methods in eventchannel simply forward calls to the DefaultEmitter. The unimplemented syscall handler now uses a RateLimetedEmitter that wraps the DefaultEmitter. PiperOrigin-RevId: 260612770
2019-07-19Merge pull request #450 from Pixep:feature/add-clock-boottime-as-monotonicgVisor bot
PiperOrigin-RevId: 258996346
2019-07-18net/tcp/setockopt: impelment setsockopt(fd, SOL_TCP, TCP_INQ)Andrei Vagin
PiperOrigin-RevId: 258859507
2019-07-17sys_time: Wrap comments to 80 columnsAdrien Leravat
2019-07-17Separate O_DSYNC and O_SYNC.Jamie Liu
PiperOrigin-RevId: 258657913
2019-07-12Don't emit an event for extended attribute syscalls.Nicolas Lacasse
These are filesystem-specific, and filesystems are allowed to return ENOTSUP if they are not supported. PiperOrigin-RevId: 257813477
2019-07-09Cleanup straggling syscall dependencies.Adin Scannell
PiperOrigin-RevId: 257293198
2019-07-08Don't mask errors in createAt loop.Nicolas Lacasse
The error set in the loop in createAt was being masked by other errors declared with ":=". This allowed an ErrResolveViaReadlink error to escape, which can cause a sentry panic. Added test case which repros without the fix. PiperOrigin-RevId: 257061767