summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-08-06Add LinkAt support to goferFabricio Voznika
Updates #1198 PiperOrigin-RevId: 325350818
2020-08-06Only register /dev/net/tun if supported.Dean Deng
PiperOrigin-RevId: 325266487
2020-08-05Add loss recovery option for TCP.Nayana Bidari
/proc/sys/net/ipv4/tcp_recovery is used to enable RACK loss recovery in TCP. PiperOrigin-RevId: 325157807
2020-08-05Correctly decrement link counts in tmpfs rename operations.Dean Deng
When a directory is replaced by a rename operation, its link count should reach zero. We were missing the link from `dir/.` PiperOrigin-RevId: 325141730
2020-08-05Release extra memfd reference.Dean Deng
PiperOrigin-RevId: 325122849
2020-08-05Stop profiling when the sentry exitsFabricio Voznika
Also removes `--profile-goroutine` because it's equivalent to `debug --stacks`. PiperOrigin-RevId: 325061502
2020-08-05Add missing case in tmpfs.inode.direntType.Dean Deng
This was discovered by syzkaller. PiperOrigin-RevId: 325025193
2020-08-04Handle EOF in vfs2 sendfile.Dean Deng
Discovered by syzkaller. PiperOrigin-RevId: 324938438
2020-08-04Inline gofer.regularFileFD.pwriteLockedFabricio Voznika
Go compiler barely inlines anything, so inline by hand pwriteLocked since it's called from a single place. PiperOrigin-RevId: 324937734
2020-08-04Automated rollback of changelist 324906582Dean Deng
PiperOrigin-RevId: 324931854
2020-08-04Add reference counting utility to VFS2.Dean Deng
The utility has several differences from the VFS1 equivalent: - There are no weak references, which have a significant overhead - In order to print useful debug messages with the type of the reference- counted object, we use a generic Refs object with the owner type as a template parameter. In vfs1, this was accomplished by storing a type name and caller stack directly in the ref count (as in vfs1), which increases the struct size by 6x. (Note that the caller stack was needed because fs types like Dirent were shared by all fs implementations; in vfs2, each impl has its own data structures, so this is no longer necessary.) As an example, the utility is added to tmpfs.inode. Updates #1486. PiperOrigin-RevId: 324906582
2020-08-04Internal change.gVisor bot
PiperOrigin-RevId: 324826968
2020-08-03Add callbacks to support lazy loading/restoring thread statesAndrei Vagin
PiperOrigin-RevId: 324748508
2020-08-03[vfs2] Implement /sys/devices/system/cpu/cpuX.Ayush Ranjan
Fixes #3364 PiperOrigin-RevId: 324724614
2020-08-03Internal change.gVisor bot
PiperOrigin-RevId: 324695672
2020-08-03Remove old TODO.Dean Deng
Fixes #2920. PiperOrigin-RevId: 324695118
2020-08-03Plumbing context.Context to DecRef() and Release().Nayana Bidari
context is passed to DecRef() and Release() which is needed for SO_LINGER implementation. PiperOrigin-RevId: 324672584
2020-08-03Add inotify events for fallocate and tests for fallocate/sendfile.Dean Deng
Updates #1479, #2923. PiperOrigin-RevId: 324658826
2020-07-31Merge pull request #3300 from lubinszARM:pr_fpsimd_usrgVisor bot
PiperOrigin-RevId: 324309862
2020-07-31Merge pull request #3348 from kevinGC:so-orig-dstgVisor bot
PiperOrigin-RevId: 324279280
2020-07-31Internal change.gVisor bot
PiperOrigin-RevId: 324259991
2020-07-31iptables: support SO_ORIGINAL_DSTKevin Krakauer
Envoy (#170) uses this to get the original destination of redirected packets.
2020-07-31Clean up vfs2 fallocate.Dean Deng
Move to setstat.go and add a FileDescription wrapper method. PiperOrigin-RevId: 324165277
2020-07-30Merge pull request #3448 from lubinszARM:pr_tls_testsgVisor bot
PiperOrigin-RevId: 324127810
2020-07-30Merge pull request #3028 from lubinszARM:pr_kvm_hello1gVisor bot
PiperOrigin-RevId: 324125938
2020-07-30Merge pull request #3179 from jinmouil:fuse_initgVisor bot
PiperOrigin-RevId: 324100220
2020-07-30Fix SETOWN_EX return value.Dean Deng
Return on success should be 0, not size of the struct copied out. PiperOrigin-RevId: 324029193
2020-07-30add usr-tls test cases for Arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-29Add FUSE_INITJinmou Li
This change allows the sentry to send FUSE_INIT request and process the reply. It adds the corresponding structs, employs the fuse device to send and read the message, and stores the results of negotiation in corresponding places (inside connection struct). It adds a CallAsync() function to the FUSE connection interface: - like Call(), but it's for requests that do not expect immediate response (init, release, interrupt etc.) - will block if the connection hasn't initialized, which is the same for Call()
2020-07-29Force registration for EPOLLHUP, not EPOLLRDHUP, in vfs2's epoll.Jamie Liu
Compare Linux's fs/eventpoll.c:do_epoll_ctl(). I don't know where EPOLLRDHUP came from. PiperOrigin-RevId: 323874419
2020-07-29load/store user fpsimd on Arm64Bin Lu
full context switch: add fpsimd load/store support to container application. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-28Redirect TODO to GitHub issuesFabricio Voznika
PiperOrigin-RevId: 323715260
2020-07-27Fix strace for epoll event arrays.Jamie Liu
PiperOrigin-RevId: 323491461
2020-07-27Merge pull request #3201 from lubinszARM:pr_sys64_2gVisor bot
PiperOrigin-RevId: 323456118
2020-07-27Merge pull request #3299 from lubinszARM:pr_asidgVisor bot
PiperOrigin-RevId: 323455097
2020-07-27Merge pull request #2958 from lubinszARM:pr_vfs2_1gVisor bot
PiperOrigin-RevId: 323443142
2020-07-27Add device implementation for /dev/fuseRidwan Sharif
This PR adds the following: - [x] Marshall-able structs for fuse headers - [x] Data structures needed in /dev/fuse to communicate with the daemon server - [x] Implementation of the device interface - [x] Go unit tests This change adds the `/dev/fuse` implementation. `Connection` controls the communication between the server and the sentry. The FUSE server uses the `FileDescription` interface to interact with the Sentry. The Sentry implmenetation of fusefs, uses `Connection` and the Connection interface to interact with the Server. All communication messages are in the form of `go_marshal` backed structs defined in the ABI package. This change also adds some go unit tests that test (pretty basically) the interfaces and should be used as an example of an end to end FUSE operation. COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/3083 from ridwanmsharif:ridwanmsharif/fuse-device-impl 69aa2ce970004938fe9f918168dfe57636ab856e PiperOrigin-RevId: 323428180
2020-07-27Move platform.File in memmapAndrei Vagin
The subsequent systrap changes will need to import memmap from the platform package. PiperOrigin-RevId: 323409486
2020-07-26updated the functions to distinguish IA/DA for Arm64Bin Lu
We need to correctly distinguish instruction_abort/data_abort for mem_abort@Arm64. So, EC/WNR/FSC in esr_el1 should be checked. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-26allow guest user applications read CNTVCT_EL0/CNTFRQ_EL0Bin Lu
At present, when doing syscall_kvm test, we need to enable the function of ESR_ELx_SYS64_ISS_SYS_CNTVCT/ESR_ELx_SYS64_ISS_SYS_CNTFRQ to successfully pass the test. I set CNTKCTL_EL1.EL0VCTEN==1/CNTKCTL_EL1.EL0PCTEN==1, so that the related cases can passed. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-24Enable automated marshalling for netstack.Ayush Ranjan
PiperOrigin-RevId: 322954792
2020-07-23Merge pull request #3142 from tanjianfeng:fix-3141gVisor bot
PiperOrigin-RevId: 322937495
2020-07-23Add permission checks to vfs2 truncate.Dean Deng
- Check write permission on truncate(2). Unlike ftruncate(2), truncate(2) fails if the user does not have write permissions on the file. - For gofers under InteropModeShared, check file type before making a truncate request. We should fail early and avoid making an rpc when possible. Furthermore, depending on the remote host's failure may give us unexpected behavior--if the host converts the truncate request to an ftruncate syscall on an open fd, we will get EINVAL instead of EISDIR. Updates #2923. PiperOrigin-RevId: 322913569
2020-07-23FileDescription is hard to spell.Dean Deng
Fix typos. PiperOrigin-RevId: 322913282
2020-07-23Add AfterFunc to tcpip.ClockSam Balana
Changes the API of tcpip.Clock to also provide a method for scheduling and rescheduling work after a specified duration. This change also implements the AfterFunc method for existing implementations of tcpip.Clock. This is the groundwork required to mock time within tests. All references to CancellableTimer has been replaced with the tcpip.Job interface, allowing for custom implementations of scheduling work. This is a BREAKING CHANGE for clients that implement their own tcpip.Clock or use tcpip.CancellableTimer. Migration plan: 1. Add AfterFunc(d, f) to tcpip.Clock 2. Replace references of tcpip.CancellableTimer with tcpip.Job 3. Replace calls to tcpip.CancellableTimer#StopLocked with tcpip.Job#Cancel 4. Replace calls to tcpip.CancellableTimer#Reset with tcpip.Job#Schedule 5. Replace calls to tcpip.NewCancellableTimer with tcpip.NewJob. PiperOrigin-RevId: 322906897
2020-07-23Implement get/set_robust_list.Nicolas Lacasse
PiperOrigin-RevId: 322904430
2020-07-23Merge pull request #3024 from ridwanmsharif:ridwanmsharif/fuse-stub-implgVisor bot
PiperOrigin-RevId: 322890087
2020-07-23Add task work mechanism.Dean Deng
Like task_work in Linux, this allows us to register callbacks to be executed before returning to userspace. This is needed for kcov support, which requires coverage information to be up-to-date whenever we are in user mode. We will provide coverage data through the kcov interface to enable coverage-directed fuzzing in syzkaller. One difference from Linux is that task work cannot queue work before the transition to userspace that it precedes; queued work will be picked up before the next transition. PiperOrigin-RevId: 322889984
2020-07-23kvm-tls-2:add the preservation of user-TLS in the Arm64 kvm platformlubinszARM
This patch load/save TLS for the container application. Related issue: full context-switch supporting for Arm64 #1238 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/2761 from lubinszARM:pr_tls_2 cb5dbca1c9c3f378002406da7a58887f9b5032b3 PiperOrigin-RevId: 322887044
2020-07-23Use mode supplied by the mount optionsRidwan Sharif