| Age | Commit message (Collapse) | Author |
|---|
|
|
|
PiperOrigin-RevId: 382788878
|
|
|
|
This change makes the checklocks analyzer considerable more powerful, adding:
* The ability to traverse complex structures, e.g. to have multiple nested
fields as part of the annotation.
* The ability to resolve simple anonymous functions and closures, and perform
lock analysis across these invocations. This does not apply to closures that
are passed elsewhere, since it is not possible to know the context in which
they might be invoked.
* The ability to annotate return values in addition to receivers and other
parameters, with the same complex structures noted above.
* Ignoring locking semantics for "fresh" objects, i.e. objects that are
allocated in the local frame (typically a new-style function).
* Sanity checking of locking state across block transitions and returns, to
ensure that no unexpected locks are held.
Note that initially, most of these findings are excluded by a comprehensive
nogo.yaml. The findings that are included are fundamental lock violations.
The changes here should be relatively low risk, minor refactorings to either
include necessary annotations to simplify the code structure (in general
removing closures in favor of methods) so that the analyzer can be easily
track the lock state.
This change additional includes two changes to nogo itself:
* Sanity checking of all types to ensure that the binary and ast-derived
types have a consistent objectpath, to prevent the bug above from occurring
silently (and causing much confusion). This also requires a trick in
order to ensure that serialized facts are consumable downstream. This can
be removed with https://go-review.googlesource.com/c/tools/+/331789 merged.
* A minor refactoring to isolation the objdump settings in its own package.
This was originally used to implement the sanity check above, but this
information is now being passed another way. The minor refactor is preserved
however, since it cleans up the code slightly and is minimal risk.
PiperOrigin-RevId: 382613300
|
|
|
|
PiperOrigin-RevId: 382603592
|
|
|
|
Update/remove most syserror errors to linuxerr equivalents. For list
of removed errors, see //pkg/syserror/syserror.go.
PiperOrigin-RevId: 382574582
|
|
|
|
Update all instances of the above errors to the faster linuxerr implementation.
With the temporary linuxerr.Equals(), no logical changes are made.
PiperOrigin-RevId: 382306655
|
|
|
|
The unordered map may generate different hash due to its order. The
children map needs to be sorted each time before hashing to avoid false
verification failure due to the map.
Store the sorted children map in verity dentry to avoid sorting it each
time verification happens.
Also serialize the whole VerityDescriptor struct to hash now that the
map is removed from it.
PiperOrigin-RevId: 382201560
|
|
|
|
PiperOrigin-RevId: 382194711
|
|
|
|
Remove three syserror entries duplicated in linuxerr. Because of the
linuxerr.Equals method, this is a mere change of return values from
syserror to linuxerr definitions.
Done with only these three errnos as CLs removing all grow to a significantly
large size.
PiperOrigin-RevId: 382173835
|
|
In Linux the list entries command returns the name of the input interface assigned to the iptable rule.
iptables -S
> -A FORWARD -i docker0 -o docker0 -j ACCEPT
Meanwhile, in gVsior this interface name is ignored.
iptables -S
> -A FORWARD -o docker0 -j ACCEPT
|
|
|
|
PiperOrigin-RevId: 381982257
|
|
|
|
PiperOrigin-RevId: 381375705
|
|
|
|
- These metrics are replaced with WeirdnessMetric with fields
watchdog_stuck_startup and watchdog_stuck_tasks.
PiperOrigin-RevId: 381365617
|
|
|
|
A caller of CreateProcessGroup looks up a thread group without locks, so
the target process can exit before CreateProcessGroup will be called.
Reported-by: syzbot+6abb7c34663dacbd55a8@syzkaller.appspotmail.com
PiperOrigin-RevId: 381351069
|
|
|
|
PiperOrigin-RevId: 381145216
|
|
|
|
Compare
if (!thread_group_leader(tracee))
tracee = rcu_dereference(tracee->group_leader);
in security/yama/yama_lsm.c:ptracer_exception_found().
PiperOrigin-RevId: 381074242
|
|
|
|
Add Equals method to compare syserror and unix.Errno errors to linuxerr errors.
This will facilitate removal of syserror definitions in a followup, and
finding needed conversions from unix.Errno to linuxerr.
PiperOrigin-RevId: 380909667
|
|
|
|
PiperOrigin-RevId: 380904249
|
|
|
|
Fixes #2726
PiperOrigin-RevId: 380753516
|
|
|
|
tcpdump is largely supported. We've also chose not to implement writeable
AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333).
Fixes #173.
PiperOrigin-RevId: 380733686
|
|
|
|
IPv6 SO_ORIGINAL_DST is supported, and the flag check as-written will detect
when other flags are needed.
Fixes #3549.
PiperOrigin-RevId: 380059115
|
|
|
|
...and pass it explicitly.
This reverts commit b63e61828d0652ad1769db342c17a3529d2d24ed.
PiperOrigin-RevId: 380039167
|
|
|
|
Move Error struct to pkg/errors package for use in multiple places.
Move linuxerr static definitions under pkg/errors/linuxerr.
Add a lookup list for quick lookup of *errors.Error by errno. This is useful
when converting syserror errors and unix.Errno/syscall.Errrno values to
*errors.Error.
Update benchmarks routines to include conversions.
The below benchmarks show *errors.Error usage to be comparable to using
unix.Errno.
BenchmarkAssignUnix
BenchmarkAssignUnix-32 787875022 1.284 ns/op
BenchmarkAssignLinuxerr
BenchmarkAssignLinuxerr-32 1000000000 1.209 ns/op
BenchmarkAssignSyserror
BenchmarkAssignSyserror-32 759269229 1.429 ns/op
BenchmarkCompareUnix
BenchmarkCompareUnix-32 1000000000 1.310 ns/op
BenchmarkCompareLinuxerr
BenchmarkCompareLinuxerr-32 1000000000 1.241 ns/op
BenchmarkCompareSyserror
BenchmarkCompareSyserror-32 147196165 8.248 ns/op
BenchmarkSwitchUnix
BenchmarkSwitchUnix-32 373233556 3.664 ns/op
BenchmarkSwitchLinuxerr
BenchmarkSwitchLinuxerr-32 476323929 3.294 ns/op
BenchmarkSwitchSyserror
BenchmarkSwitchSyserror-32 39293408 29.62 ns/op
BenchmarkReturnUnix
BenchmarkReturnUnix-32 1000000000 0.5042 ns/op
BenchmarkReturnLinuxerr
BenchmarkReturnLinuxerr-32 1000000000 0.8152 ns/op
BenchmarkConvertUnixLinuxerr
BenchmarkConvertUnixLinuxerr-32 739948875 1.547 ns/op
BenchmarkConvertUnixLinuxerrZero
BenchmarkConvertUnixLinuxerrZero-32 977733974 1.489 ns/op
PiperOrigin-RevId: 379806801
|
|
|
|
UpperHalf is shared with all address spaces.
PiperOrigin-RevId: 379790539
|
|
|
|
PiperOrigin-RevId: 379766106
|
|
|
|
PiperOrigin-RevId: 379337677
|
|
|
