| Age | Commit message (Collapse) | Author |
|---|
|
/proc/[pid]/mount* omit mounts whose mount point is outside the chroot, which
is checked (indirectly) via __d_path().
PiperOrigin-RevId: 303434226
|
|
Both have analogues in Linux:
* struct file_system_type has a char *name field.
* struct super_block keeps a pointer to the file_system_type.
These fields are necessary to support the `filesystem type` field in
/proc/[pid]/mountinfo.
PiperOrigin-RevId: 303434063
|
|
BoundEndpointAt() is needed to support Unix sockets bound at a
file path, corresponding to BoundEndpoint() in VFS1.
Updates #1476.
PiperOrigin-RevId: 303258251
|
|
Using the host-defined file owner matches VFS1. It is more correct to use the
host-defined mode, since the cached value may become out of date. However,
kernfs.Inode.Mode() does not return an error--other filesystems on kernfs are
in-memory so retrieving mode should not fail. Therefore, if the host syscall
fails, we rely on a cached value instead.
Updates #1672.
PiperOrigin-RevId: 303220864
|
|
PiperOrigin-RevId: 303208407
|
|
Analagous to Linux's mount.mnt_id. This ID is displayed in
/proc/[pid]/mountinfo.
PiperOrigin-RevId: 303185564
|
|
This feature will match UID and GID of the packet creator, for locally
generated packets. This match is only valid in the OUTPUT and POSTROUTING
chains. Forwarded packets do not have any socket associated with them.
Packets from kernel threads do have a socket, but usually no owner.
|
|
PiperOrigin-RevId: 303105826
|
|
Updates #1035
PiperOrigin-RevId: 303021328
|
|
Pushing it down requires all implementation to check for
exec individualy which is not maintanable. Making it part
of GenericCheckPermissions add extra cost to everyone that
calls it. So it's better to keep is in
VirtualFilesystem.OpenAt.
Updates #1193
PiperOrigin-RevId: 302982993
|
|
The only test failing now requires socket which is not
available in VFS2 yet.
Updates #1198
PiperOrigin-RevId: 302976572
|
|
Makes less error prone to find file type.
Updates #1197
PiperOrigin-RevId: 302974244
|
|
PiperOrigin-RevId: 302891559
|
|
This is a precursor to be being able to build an intrusive list
of PacketBuffers for use in queuing disciplines being implemented.
Updates #2214
PiperOrigin-RevId: 302677662
|
|
Fixes #506
PiperOrigin-RevId: 302540404
|
|
PiperOrigin-RevId: 302539171
|
|
PiperOrigin-RevId: 302518924
|
|
utimensat is used by hostfs for setting timestamps on imported fds. Previously,
this would crash the sandbox since utimensat was not allowed.
Correct the VFS2 version of hostfs to match the call in VFS1.
PiperOrigin-RevId: 301970121
|
|
Frozen was to lock down changes to the host filesystem
for hostFS. Now that hostFS is gone, it can be removed.
PiperOrigin-RevId: 301907923
|
|
Also get rid of the readViewHasData as it's not required anymore.
Updates #231, #357
PiperOrigin-RevId: 301837227
|
|
workMu is removed and e.mu is now a mutex that supports TryLock. The packet
processing path tries to lock the mutex and if its locked it will just queue the
packet and move on. The endpoint.UnlockUser() will process any backlog of
packets before unlocking the socket.
This simplifies the locking inside tcp endpoints a lot. Further the
endpoint.LockUser() implements spinning as long as the lock is not held by
another syscall goroutine. This ensures low latency as not spinning leads to the
task thread being put to sleep if the lock is held by the packet dispatch
path. This is suboptimal as the lower layer rarely holds the lock for long so
implementing spinning here helps.
If the lock is held by another task goroutine then we just proceed to call
LockUser() and the task could be put to sleep.
The protocol goroutines themselves just call e.mu.Lock() and block if the
lock is currently not available.
Updates #231, #357
PiperOrigin-RevId: 301808349
|
|
Refactor fs/host.TTYFileOperations so that the relevant functionality can be
shared with VFS2 (fsimpl/host.ttyFD).
Incorporate host.defaultFileFD into the default host.fileDescription. This way,
there is no need for a separate default_file.go. As in vfs1, the TTY file
implementation can be built on top of this default and override operations as
necessary (PRead/Read/PWrite/Write, Release, Ioctl).
Note that these changes still need to be plumbed into runsc, which refers to
imported TTYs in control/proc.go:ExecAsync.
Updates #1672.
PiperOrigin-RevId: 301718157
|
|
PiperOrigin-RevId: 301700868
|
|
It was looking at VFS1 table to determine where to
allocate the next FD from.
Updates #1035
PiperOrigin-RevId: 301678858
|
|
PiperOrigin-RevId: 301402181
|
|
FDTable.setAll is used to zap entries, but it grows the table up to
a specified fd.
Reported-by: syzbot+9e281b0750d2d4caa190@syzkaller.appspotmail.com
PiperOrigin-RevId: 301280000
|
|
Updates #1035
PiperOrigin-RevId: 301255357
|
|
Only gofer filesystem was calling vfs.CheckSetStat for
vfs.FilesystemImpl.SetStatAt and vfs.FileDescriptionImpl.SetStat.
Updates #1193, #1672, #1197
PiperOrigin-RevId: 301226522
|
|
PiperOrigin-RevId: 301197007
|
|
Updates #1195, #1193
PiperOrigin-RevId: 300950993
|
|
- When setting up the virtual filesystem, mount a host.filesystem to contain
all files that need to be imported.
- Make read/preadv syscalls to the host in cases where preadv2 may not be
supported yet (likewise for writing).
- Make save/restore functions in kernel/kernel.go return early if vfs2 is
enabled.
PiperOrigin-RevId: 300922353
|
|
Closes #1195
PiperOrigin-RevId: 300867055
|
|
This will give more information about the file to
identify where possibly the extra DecRef()
would be.
PiperOrigin-RevId: 300855874
|
|
PiperOrigin-RevId: 300845134
|
|
- Make oomScoreAdj a ThreadGroup field (Linux: signal_struct::oom_score_adj).
- Avoid deadlock caused by Task.OOMScoreAdj()/SetOOMScoreAdj() locking Task.mu
and TaskSet.mu in the wrong order (via Task.ExitState()).
PiperOrigin-RevId: 300814698
|
|
PiperOrigin-RevId: 300803515
|
|
Note that the raw faccessat system call does not actually take a flags argument;
according to faccessat(2), the glibc wrapper implements the flags by using
fstatat(2). Remove the flag argument that we try to extract from vfs1, which
would just be a garbage value.
Updates #1965
Fixes #2101
PiperOrigin-RevId: 300796067
|
|
2aa9514a06a5e34894e606d508ac2df53b082c74 skips SIGURG, but later code expects
the sigchans array contains consecutive signal numbers.
PiperOrigin-RevId: 300793450
|
|
Plumbs MS_NOEXEC and MS_RDONLY. Others are TODO.
Updates #1623 #1193
PiperOrigin-RevId: 300764669
|
|
This issue was caused by 'restart_syscall'.
The value of Register R0 should be stored after finishing sysemu.
So that we can restore the value and restart syscall.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
This fixes a compile time error:
pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go:45:35: undefined: unsafe
PiperOrigin-RevId: 300375687
|
|
PiperOrigin-RevId: 300362789
|
|
Go 1.14+ sends SIGURG to Ms to attempt asynchronous preemption of a G. Since it
can't guarantee that a SIGURG is only related to preemption, it continues to
forward them to signal.Notify (see runtime.sighandler).
When runsc is running a container, there are three processes: a parent process
and two children (sandbox and gopher). A parent process sets a signal handler
for all signals and redirect them to the container init process. This logic
should ignore SIGURG signals. We already ignore them in the Sentry, but it will
be better to not notify about them when this is possible.
PiperOrigin-RevId: 300345286
|
|
PiperOrigin-RevId: 300270894
|
|
Issue #1833
PiperOrigin-RevId: 299998105
|
|
Linux use the task.thread.uw.tp_value field to store the
TLS pointer on arm64 platform, and we use a similar way
in gvisor to store it in the arch/State struct.
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: Ie76b5c6d109bc27ccfd594008a96753806db7764
|
|
PiperOrigin-RevId: 299448307
|
|
In VFS2, imported file descriptors are stored in a kernfs-based filesystem.
Upon calling ImportFD, the host fd can be accessed in two ways:
1. a FileDescription that can be added to the FDTable, and
2. a Dentry in the host.filesystem mount, which we will want to access through
magic symlinks in /proc/[pid]/fd/.
An implementation of the kernfs.Inode interface stores a unique host fd. This
inode can be inserted into file descriptions as well as dentries.
This change also plumbs in three FileDescriptionImpls corresponding to fds for
sockets, TTYs, and other files (only the latter is implemented here).
These implementations will mostly make corresponding syscalls to the host.
Where possible, the logic is ported over from pkg/sentry/fs/host.
Updates #1672
PiperOrigin-RevId: 299417263
|
|
When list elements are removed from a list but not discarded, it becomes
important to invalidate the references they hold to their former
neighbors to prevent memory leaks.
PiperOrigin-RevId: 299412421
|
|
PiperOrigin-RevId: 299405855
|
