| Age | Commit message (Collapse) | Author |
|---|
|
Formerly, when a packet is constructed or parsed, all headers are set by the
client code. This almost always involved prepending to pk.Header buffer or
trimming pk.Data portion. This is known to prone to bugs, due to the complexity
and number of the invariants assumed across netstack to maintain.
In the new PacketHeader API, client will call Push()/Consume() method to
construct/parse an outgoing/incoming packet. All invariants, such as slicing
and trimming, are maintained by the API itself.
NewPacketBuffer() is introduced to create new PacketBuffer. Zero value is no
longer valid.
PacketBuffer now assumes the packet is a concatenation of following portions:
* LinkHeader
* NetworkHeader
* TransportHeader
* Data
Any of them could be empty, or zero-length.
PiperOrigin-RevId: 326507688
|
|
Updates #1486.
PiperOrigin-RevId: 326354750
|
|
Fixes php test ext/standard/tests/file/touch_variation5.phpt on vfs2.
Updates #3516
Also spotted a bug with O_EXCL, where we did not return EEXIST when we tried
to open the root of the filesystem with O_EXCL | O_CREAT.
Added some more tests for open() corner cases.
PiperOrigin-RevId: 326346863
|
|
PiperOrigin-RevId: 326326710
|
|
PiperOrigin-RevId: 326313858
|
|
Fixes #2923
PiperOrigin-RevId: 326296589
|
|
Discovered by reference leak checker on tmpfs.inode.
PiperOrigin-RevId: 326294755
|
|
PiperOrigin-RevId: 326270643
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
FUSE_GETATTR is called when a stat(2), fstat(2), or lstat(2) is issued
from VFS2 layer to a FUSE filesystem.
Fixes #3175
|
|
This is purely moving code, no changes. netfilter.go is cluttered and targets.go
is a good place for this.
#3549
PiperOrigin-RevId: 325879965
|
|
It indicates that the Sentry has changed the state of the thread and
next calls of PullFullState() has to do nothing.
PiperOrigin-RevId: 325567415
|
|
Earlier we were using NLink to decide if /tmp is empty or not. However, NLink
at best tells us about the number of subdirectories (via the ".." entries).
NLink = n + 2 for n subdirectories. But it does not tell us if the directory is
empty. There still might be non-directory files. We could also not rely on
NLink because host overlayfs always returned 1.
VFS1 uses Readdir to decide if the directory is empty. Used a similar approach.
We now use IterDirents to decide if the "/tmp" directory is empty.
Fixes #3369
PiperOrigin-RevId: 325554234
|
|
PiperOrigin-RevId: 325546629
|
|
PiperOrigin-RevId: 325546308
|
|
PiperOrigin-RevId: 325531657
|
|
PiperOrigin-RevId: 325490674
|
|
PiperOrigin-RevId: 325388385
|
|
Updates #1198
PiperOrigin-RevId: 325350818
|
|
PiperOrigin-RevId: 325266487
|
|
/proc/sys/net/ipv4/tcp_recovery is used to enable RACK loss
recovery in TCP.
PiperOrigin-RevId: 325157807
|
|
When a directory is replaced by a rename operation, its link count should
reach zero. We were missing the link from `dir/.`
PiperOrigin-RevId: 325141730
|
|
PiperOrigin-RevId: 325122849
|
|
Also removes `--profile-goroutine` because it's equivalent
to `debug --stacks`.
PiperOrigin-RevId: 325061502
|
|
This was discovered by syzkaller.
PiperOrigin-RevId: 325025193
|
|
Discovered by syzkaller.
PiperOrigin-RevId: 324938438
|
|
Go compiler barely inlines anything, so inline by hand
pwriteLocked since it's called from a single place.
PiperOrigin-RevId: 324937734
|
|
PiperOrigin-RevId: 324931854
|
|
The utility has several differences from the VFS1 equivalent:
- There are no weak references, which have a significant overhead
- In order to print useful debug messages with the type of the reference-
counted object, we use a generic Refs object with the owner type as a
template parameter. In vfs1, this was accomplished by storing a type name
and caller stack directly in the ref count (as in vfs1), which increases the
struct size by 6x. (Note that the caller stack was needed because fs types
like Dirent were shared by all fs implementations; in vfs2, each impl has
its own data structures, so this is no longer necessary.)
As an example, the utility is added to tmpfs.inode.
Updates #1486.
PiperOrigin-RevId: 324906582
|
|
PiperOrigin-RevId: 324826968
|
|
PiperOrigin-RevId: 324748508
|
|
Fixes #3364
PiperOrigin-RevId: 324724614
|
|
PiperOrigin-RevId: 324695672
|
|
Fixes #2920.
PiperOrigin-RevId: 324695118
|
|
context is passed to DecRef() and Release() which is
needed for SO_LINGER implementation.
PiperOrigin-RevId: 324672584
|
|
Updates #1479, #2923.
PiperOrigin-RevId: 324658826
|
|
PiperOrigin-RevId: 324309862
|
|
PiperOrigin-RevId: 324279280
|
|
PiperOrigin-RevId: 324259991
|
|
Envoy (#170) uses this to get the original destination of redirected
packets.
|
|
Move to setstat.go and add a FileDescription wrapper method.
PiperOrigin-RevId: 324165277
|
|
PiperOrigin-RevId: 324127810
|
|
PiperOrigin-RevId: 324125938
|
|
PiperOrigin-RevId: 324100220
|
|
Return on success should be 0, not size of the struct copied out.
PiperOrigin-RevId: 324029193
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
I disabled DAIF(DEBUG, sError, IRQ, FIQ) in guest kernel mode,
and enabled them in guest user mode.
So, I can make sure all DAIF-s come from guest user mode,
and then the case 'TestBounceStress' can passed on Arm64.
Test steps:
1, cd pkg/sentry/platform/kvm
2, bazel test kvm_test --strip=never --test_output=streamed
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
This change allows the sentry to send FUSE_INIT request and process
the reply. It adds the corresponding structs, employs the fuse
device to send and read the message, and stores the results of negotiation
in corresponding places (inside connection struct).
It adds a CallAsync() function to the FUSE connection interface:
- like Call(), but it's for requests that do not expect immediate response (init, release, interrupt etc.)
- will block if the connection hasn't initialized, which is the same for Call()
|
|
Compare Linux's fs/eventpoll.c:do_epoll_ctl(). I don't know where EPOLLRDHUP
came from.
PiperOrigin-RevId: 323874419
|
|
full context switch: add fpsimd load/store support to container
application.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
