summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-04-17Fix watchdog skipStack: the meaning was reversed.Adin Scannell
PiperOrigin-RevId: 307166317
2020-04-17prlimit: don't check credentials on selfKevin Krakauer
prlimit was erroneously comparing UIDs and GIDs when getting/setting a process' own limits. From the manpage: To set or get the resources of a process other than itself, the caller must have the CAP_SYS_RESOURCE capability, or the real, effective, and saved set user IDs of the target process must match the real user ID of the caller and the real, effective, and saved set group IDs of the target process must match the real group ID of the caller. PiperOrigin-RevId: 307127266
2020-04-17Merge pull request #1978 from lubinszARM:pr_signal_mmgVisor bot
PiperOrigin-RevId: 307078788
2020-04-17Get /bin/true to run on VFS2Zach Koopmans
Included: - loader_test.go RunTest and TestStartSignal VFS2 - container_test.go TestAppExitStatus on VFS2 - experimental flag added to runsc to turn on VFS2 Note: shared mounts are not yet supported. PiperOrigin-RevId: 307070753
2020-04-17Permit setting unknown optionsTamir Duberstein
This previously changed in 305699233, but this behaviour turned out to be load bearing. PiperOrigin-RevId: 307033802
2020-04-16Implement pipe(2) and pipe2(2) for VFS2.Jamie Liu
Updates #1035 PiperOrigin-RevId: 306968644
2020-04-16Make ExtractErrno a functionFabricio Voznika
PiperOrigin-RevId: 306891171
2020-04-14Fix cleanup around socketpair() failure to copy out FDs.Jamie Liu
- Use the fs.File, rather than the vfs.FileDescription, in the VFS1 version. - Check for a nil fs.File/vfs.FileDescription before calling DecRef, which is possible if a racing dup2() or dup3() replaces the file descriptor between when it is installed and when it is returned. (This is not possible in Linux because Linux separates allocation of a file descriptor from binding an allocated file descriptor to a struct file, and dup2/dup3 return EBUSY if asked to replace an allocated but unbound file descriptor.) PiperOrigin-RevId: 306517101
2020-04-14Pass O_LARGEFILE in syscalls/linux/vfs2.openat.Jamie Liu
Needed for PipeTest_Flags: files opened by open() and openat() get O_LARGEFILE (on architectures with 64-bit off_t), but not FDs created by other syscalls such as pipe(). Updates #1035 PiperOrigin-RevId: 306504788
2020-04-13Don't allow read/write when offset+size overflows.Nicolas Lacasse
PiperOrigin-RevId: 306348346
2020-04-13Merge pull request #2168 from xiaobo55x:ptrace_testgVisor bot
PiperOrigin-RevId: 306306809
2020-04-13Merge pull request #2321 from lubinszARM:pr_nogogVisor bot
PiperOrigin-RevId: 306300032
2020-04-13Port socket-related syscalls to VFS2.Dean Deng
Note that most kinds of sockets are not yet supported in VFS2 (only Unix sockets are partially supported at the moment), so these syscalls will still generally fail. Enabling them allows us to begin running socket tests for VFS2 as more features are ported over. Updates #1476, #1478, #1484, #1485. PiperOrigin-RevId: 306292294
2020-04-13Remove obsolete TODOs for b/38173783Jon Budd
The comments in the ticket indicate that this behavior is fine and that the ticket should be closed, so we shouldn't need pointers to the ticket. PiperOrigin-RevId: 306266071
2020-04-13Fix VFS2 getdents()/getdents64() alignment.Jamie Liu
PiperOrigin-RevId: 306263615
2020-04-10Add logging message for noNewPrivileges OCI option.Ian Lewis
noNewPrivileges is ignored if set to false since gVisor assumes that PR_SET_NO_NEW_PRIVS is always enabled. PiperOrigin-RevId: 305991947
2020-04-10Port extended attributes to VFS2.Dean Deng
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs and goferfs. Note that because of the slightly different order of checks between VFS2 and Linux, one of the xattr tests needs to be relaxed slightly. Fixes #2363. PiperOrigin-RevId: 305985121
2020-04-10Use O_CLOEXEC when dup'ing FDsFabricio Voznika
The sentry doesn't allow execve, but it's a good defense in-depth measure. PiperOrigin-RevId: 305958737
2020-04-10Remove TODO from kernel.StracerFabricio Voznika
The dependency strace=>kernel grew over time. strace also depends on task's FD table and FSContext. It could be fixed with some interfaces the other way, but then we're trading an interface for another, and kernel.Stracer is likely cleaner. Closes #155 PiperOrigin-RevId: 305909678
2020-04-09Merge pull request #2253 from amscanne:nogogVisor bot
PiperOrigin-RevId: 305807868
2020-04-10Enable syscall ptrace test on arm64.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I5bb8fa7d580d173b1438d6465e1adb442216c8fa
2020-04-09Replace type assertion with TaskFromContext.Ting-Yu Wang
This should fix panic at aio callback. PiperOrigin-RevId: 305798549
2020-04-09Downgrade VFS1-specific FIXME to a NOTE.Jamie Liu
PiperOrigin-RevId: 305794509
2020-04-09Remove TODOs from Async IOFabricio Voznika
Block and drain requests in io_destroy(2). Note the reason to create read-only mapping. PiperOrigin-RevId: 305786312
2020-04-09Convert int and bool socket options to use GetSockOptInt and GetSockOptBoolAndrei Vagin
PiperOrigin-RevId: 305699233
2020-04-09remove nogo exemption for machine_arm64_unsafe.goBin Lu
Minimize the use of unsafe. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-04-08splice: cap splice calls to MAX_RW_COUNTAndrei Vagin
The Linux does the same. Reported-by: syzbot+e81716e8956e92e9d56b@syzkaller.appspotmail.com PiperOrigin-RevId: 305625439
2020-04-08Don't call platform.AddressSpace.MapFile with no permissions.Jamie Liu
PiperOrigin-RevId: 305598136
2020-04-08Clean up TODOsFabricio Voznika
PiperOrigin-RevId: 305592245
2020-04-08Remove InodeOperations FIXMEs that will be obsoleted by VFS2.Dean Deng
PiperOrigin-RevId: 305588941
2020-04-08Handle utimes correctly for shared gofer filesystems.Dean Deng
Determine system time from within the sentry rather than relying on the remote filesystem to prevent inconsistencies. Resolve related TODOs; the time discrepancies in question don't exist anymore. PiperOrigin-RevId: 305557099
2020-04-08Do not hold FileDescription references in VFS2 procfs inodes.Jamie Liu
FileDescription references are side-effectual; for example, holding a reference on the write end of a pipe prevents reads from the read end from returning EOF. This change is consistent with Linux, but not VFS1; while VFS1 also has this bug, it's less visible there since VFS1 procfs disables caching. Updates #1195 PiperOrigin-RevId: 305545099
2020-04-08Enable SubprocessExited and SubprocessZombie for gVisorFabricio Voznika
Updates #164 PiperOrigin-RevId: 305544029
2020-04-08Fix unused result errors.Adin Scannell
This fixes a bug in the proc net directory. Updates #2243
2020-04-08Fix all printf formatting errors.Adin Scannell
Updates #2243
2020-04-08Fix all copy locks violations.Adin Scannell
This required minor restructuring of how system call tables were saved and restored, but it makes way more sense this way. Updates #2243
2020-04-07Make unlink tests pass with goferfsFabricio Voznika
Required directory checks were being skipped when there was no child cached. Now the code always loads the child file before unlinking it. Updates #1198 PiperOrigin-RevId: 305382323
2020-04-07Correctly distinguish between seekable and non-seekable host fds.Dean Deng
Check whether an fd is seekable by calling the seek syscall and examining the return value, instead of checking the file type, which is inaccurate. PiperOrigin-RevId: 305361593
2020-04-07Remove out-of-date TODOs.Ting-Yu Wang
We already have network namespace for netstack. PiperOrigin-RevId: 305341954
2020-04-07Make gofer.dentry.destroyLocked idempotentFabricio Voznika
gofer operations accumulate dentries touched in a slice to call checkCachingLocked on them when the operation is over. In case the same dentry is touched multiple times during the operation, checkCachingLocked, and consequently destroyLocked, may be called more than once for the same dentry. Updates #1198 PiperOrigin-RevId: 305276819
2020-04-06Correctly implement magic symlinks in VFS2 procfs.Jamie Liu
Updates #1195 PiperOrigin-RevId: 305143567
2020-04-06Port timerfd to VFS2.Nicolas Lacasse
PiperOrigin-RevId: 305067208
2020-04-06Add socket files to tmpfs VFS2.Dean Deng
Updates #1476. PiperOrigin-RevId: 305024274
2020-04-04Record VFS2 sockets in global socket map.Dean Deng
Updates #1476, #1478, #1484, #1485. PiperOrigin-RevId: 304845354
2020-04-03Refactor software GSO code.Bhasker Hariharan
Software GSO implementation currently has a complicated code path with implicit assumptions that all packets to WritePackets carry same Data and it does this to avoid allocations on the path etc. But this makes it hard to reuse the WritePackets API. This change breaks all such assumptions by introducing a new Vectorised View API ReadToVV which can be used to cleanly split a VV into multiple independent VVs. Further this change also makes packet buffers linkable to form an intrusive list. This allows us to get rid of the array of packet buffers that are passed in the WritePackets API call and replace it with a list of packet buffers. While this code does introduce some more allocations in the benchmarks it doesn't cause any degradation. Updates #231 PiperOrigin-RevId: 304731742
2020-04-03Add FileDescriptionImpl for Unix sockets.Dean Deng
This change involves several steps: - Refactor the VFS1 unix socket implementation to share methods between VFS1 and VFS2 where possible. Re-implement the rest. - Override the default PRead, Read, PWrite, Write, Ioctl, Release methods in FileDescriptionDefaultImpl. - Add functions to create and initialize a new Dentry/Inode and FileDescription for a Unix socket file. Updates #1476 PiperOrigin-RevId: 304689796
2020-04-03Ensure EOF is handled propertly during splice.Adin Scannell
PiperOrigin-RevId: 304684417
2020-04-02Add NAME_MAX checks and update file timesFabricio Voznika
NAME_MAX should be enforced per filesystem implementation because other file systems may not have the same restriction. Gofer filesystem now keeps a reference to the kernel clock to avoid lookup in the Context on file access to update atime. Update access, modification, and status change times in tmpfs. Updates #1197, #1198. PiperOrigin-RevId: 304527148
2020-04-02Fix typo in TODO comments.Dean Deng
PiperOrigin-RevId: 304508083
2020-04-02Add equivalents to FMODE_PREAD/PWRITE to VFS2.Jamie Liu
This is mostly required for PipeTest_OffsetCalls. The options are DenyPRead/PWrite rather than AllowPRead/PWrite since, in Linux terms, fs/open.c:do_dentry_open sets FMODE_PREAD|FMODE_PWRITE unconditionally (although it allows filesystem implementations of open to unset these flags), so they're set for most FDs; it's usually FDs created outside of open(2) that don't get them, e.g.: - Syscall-created pipes (fs/pipe.c:create_pipe_files => fs/file_table.c:alloc_file_pseudo) - Epoll instances (fs/eventpoll.c:do_epoll_create => fs/anon_inodes.c:anon_inode_getfile => alloc_file_pseudo) - Sockets (net/socket.c:sock_alloc_file => alloc_file_pseudo) This CL adds the flags to epoll instances; a subsequent CL reworks the VFS2 implementation of pipe FDs to be filesystem-independent and adds the flags there, and sockets aren't implemented yet. Updates #1035 PiperOrigin-RevId: 304506434