summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2018-05-30Restore FS on resume.Adin Scannell
Previously, the vCPU FS was always correct because it relied on the reset coming out of the switch. When that doesn't occur, for example, using bluepill directly, the FS value can be incorrect leading to strange corruption. This change is necessary for a subsequent change that enforces guest mode for page table modifications, and it may reduce test flakiness. (The problematic path may occur in tests, but does not occur in the actual platform.) PiperOrigin-RevId: 198648137 Change-Id: I513910a973dd8666c9a1d18cf78990964d6a644d
2018-05-30Change ring0 & page tables arguments to structs.Adin Scannell
This is a refactor of ring0 and ring0/pagetables that changes from individual arguments to opts structures. This should involve no functional changes, but sets the stage for subsequent changes. PiperOrigin-RevId: 198627556 Change-Id: Id4460340f6a73f0c793cd879324398139cd58ae9
2018-05-24rpcinet connect doesn't handle all errnos correctly.Brian Geffon
These were causing non-blocking related errnos to be returned to the sentry when they were created as blocking FDs internally. PiperOrigin-RevId: 197962932 Change-Id: I3f843535ff87ebf4cb5827e9f3d26abfb79461b0
2018-05-22Remove offset check to match with Linux implementation.Fabricio Voznika
PiperOrigin-RevId: 197644246 Change-Id: I63eb0a58889e69fbc4af2af8232f6fa1c399d43f
2018-05-22Change length type, and let fadvise64 return ESPIPE if file is a pipeChanwit Kaewkasi
Kernel before 2.6.16 return EINVAL, but later return ESPIPE for this case. Also change type of "length" from Uint(uint32) to Int64. Because C header uses type "size_t" (unsigned long) or "off_t" (long) for length. And it makes more sense to check length < 0 with Int64 because Uint cannot be negative. Change-Id: Ifd7fea2dcded7577a30760558d0d31f479f074c4 PiperOrigin-RevId: 197616743
2018-05-22sentry: Add simple SIOCGIFFLAGS support (IFF_RUNNING and IFF_PROMIS).Kevin Krakauer
Establishes a way of communicating interface flags between netstack and epsocket. More flags can be added over time. PiperOrigin-RevId: 197616669 Change-Id: I230448c5fb5b7d2e8d69b41a451eb4e1096a0e30
2018-05-21Dramatically improve handling of KVM vCPU pool.Adin Scannell
Especially in situations with small numbers of vCPUs, the existing system resulted in excessive thrashing. Now, execution contexts co-ordinate as smoothly as they can to share a small number of cores. PiperOrigin-RevId: 197483323 Change-Id: I0afc0c5363ea9386994355baf3904bf5fe08c56c
2018-05-18sentry: Get "ip link" working.Kevin Krakauer
In Linux, many UDS ioctls are passed through to the NIC driver. We do the same here, passing ioctl calls to Unix sockets through to epsocket. In Linux you can see this path at net/socket.c:sock_ioctl, which calls sock_do_ioctl, which calls net/core/dev_ioctl.c:dev_ioctl. SIOCGIFNAME is also added. PiperOrigin-RevId: 197167508 Change-Id: I62c326a4792bd0a473e9c9108aafb6a6354f2b64
2018-05-17Cleanup docsMichael Pratt
This brings the proc document more up-to-date. PiperOrigin-RevId: 197070161 Change-Id: Iae2cf9dc44e3e748a33f497bb95bd3c10d0c094a
2018-05-17Fix capability check for sysv semaphores.Rahat Mahmood
Capabilities for sysv sem operations were being checked against the current task's user namespace. They should be checked against the user namespace owning the ipc namespace for the sems instead, per ipc/util.c:ipcperms(). PiperOrigin-RevId: 197063111 Change-Id: Iba29486b316f2e01ee331dda4e48a6ab7960d589
2018-05-17Implement sysv shm.Rahat Mahmood
PiperOrigin-RevId: 197058289 Change-Id: I3946c25028b7e032be4894d61acb48ac0c24d574
2018-05-16Fix another socket Dirent refcount.Christopher Koch
PiperOrigin-RevId: 196893452 Change-Id: I5ea0f851fcabc5eac5859e61f15213323d996337
2018-05-16Verify that when offset address is not null, infile must be seekableChanwit Kaewkasi
Change-Id: Id247399baeac58f6cd774acabd5d1da05e5b5697 PiperOrigin-RevId: 196887768
2018-05-16Refcount socket Dirents correctly.Christopher Koch
This should fix the socket Dirent memory leak. fs.NewFile takes a new reference. It should hold the *only* reference. DecRef that socket Dirent. Before the globalDirentMap was introduced, a mis-refcounted Dirent would be garbage collected when all references to it were gone. For socket Dirents, this meant that they would be garbage collected when the associated fs.Files disappeared. After the globalDirentMap, Dirents *must* be reference-counted correctly to be garbage collected, as Dirents remove themselves from the global map when their refcount goes to -1 (see Dirent.destroy). That removes the last pointer to that Dirent. PiperOrigin-RevId: 196878973 Change-Id: Ic7afcd1de97c7101ccb13be5fc31de0fb50963f0
2018-05-16Release mutex in BidirectionalConnect to avoid deadlock.Brian Geffon
When doing a BidirectionalConnect we don't need to continue holding the ConnectingEndpoint's mutex when creating the NewConnectedEndpoint as it was held during the Connect. Additionally, we're not holding the baseEndpoint mutex while Unregistering an event. PiperOrigin-RevId: 196875557 Change-Id: Ied4ceed89de883121c6cba81bc62aa3a8549b1e9
2018-05-15Fix KVM EFAULT handling.Adin Scannell
PiperOrigin-RevId: 196781718 Change-Id: I889766eed871929cdc247c6b9aa634398adea9c9
2018-05-15Simplify KVM invalidation logic.Adin Scannell
PiperOrigin-RevId: 196780209 Change-Id: I89f39eec914ce54a7c6c4f28e1b6d5ff5a7dd38d
2018-05-15Simplify KVM state handling.Adin Scannell
This also removes the dependency on tmutex. PiperOrigin-RevId: 196764317 Change-Id: I523fb67454318e1a2ca9da3a08e63bfa3c1eeed3
2018-05-15sentry: Replaces saving of inet.Stack with retrieval via context.Kevin Krakauer
Previously, inet.Stack was referenced in 2 structs in sentry/socket that can be saved/restored. If an app is saved and restored on another machine, it may try to use the old stack, which will have been replaced by a new stack on the new machine. PiperOrigin-RevId: 196733985 Change-Id: I6a8cfe73b5d7a90749734677dada635ab3389cb9
2018-05-15Fix problem with sendfile(2) writing less dataFabricio Voznika
When the amount of data read is more than the amount written, sendfile would not adjust 'in file' position and would resume from the wrong location. Closes #33 PiperOrigin-RevId: 196731287 Change-Id: Ia219895dd765016ed9e571fd5b366963c99afb27
2018-05-14Disable INVPCID check; it's not used.Adin Scannell
PiperOrigin-RevId: 196615029 Change-Id: Idfa383a9aee6a9397167a4231ce99d0b0e5b9912
2018-05-14Make KVM system call first check.Adin Scannell
PiperOrigin-RevId: 196613447 Change-Id: Ib76902896798f072c3031b0c5cf7b433718928b7
2018-05-14Simplify KVM host map handling.Adin Scannell
PiperOrigin-RevId: 196611084 Change-Id: I6afa6b01e1dcd2aa9776dfc0f910874cc6b8d72c
2018-05-14Ignore spurious KVM emulation failures.Adin Scannell
PiperOrigin-RevId: 196609789 Change-Id: Ie261eea3b7fa05b6c348ca93e229de26cbd4dc7d
2018-05-11sentry: Adds canonical mode support.Kevin Krakauer
PiperOrigin-RevId: 196331627 Change-Id: Ifef4485f8202c52481af317cedd52d2ef48cea6a
2018-05-11Remove error return from AddressSpace.Release()Michael Pratt
PiperOrigin-RevId: 196291289 Change-Id: Ie3487be029850b0b410b82416750853a6c4a2b00
2018-05-11Implement MAP_32BIT.Jamie Liu
PiperOrigin-RevId: 196281052 Change-Id: Ie620a0f983a1bf2570d0003d4754611879335c1c
2018-05-10Skip atime and mtime update when file is backed by host FDFabricio Voznika
When file is backed by host FD, atime and mtime for the host file and the cached attributes in the Sentry must be close together. In this case, the call to update atime and mtime can be skipped. This is important when host filesystem is using overlay because updating atime and mtime explicitly forces a copy up for every file that is touched. PiperOrigin-RevId: 196176413 Change-Id: I3933ea91637a071ba2ea9db9d8ac7cdba5dc0482
2018-05-10Make cachePolicy int to avoid string comparisonFabricio Voznika
PiperOrigin-RevId: 196157086 Change-Id: Ia7f7ffe1bf486b21ef8091e2e8ef9a9faf733dfc
2018-05-09Cache symlinks in addition to files and directories.Nicolas Lacasse
PiperOrigin-RevId: 196051326 Change-Id: I4195b110e9a7d38d1ce1ed9c613971dea1be3bf0
2018-05-09Increment link count in CreateHardlinkFabricio Voznika
Closes #28 PiperOrigin-RevId: 196041391 Change-Id: I5d79f1735b9d72744e8bebc6897002b27df9aa7a
2018-05-08Implement /proc/[pid]/statm.Jamie Liu
PiperOrigin-RevId: 195893391 Change-Id: I645b7042d7f4f9dd54723afde3e5df0986e43160
2018-05-08Capture restore file system corruption errors in exit error.Zhaozhong Ni
PiperOrigin-RevId: 195850822 Change-Id: I4d7bdd8fe129c5ed461b73e1d7458be2cf5680c2
2018-05-08Sentry: always use "best speed" compression for save and remove the option.Zhaozhong Ni
PiperOrigin-RevId: 195835861 Change-Id: Ib696b1b571a6b061725a33c535cd7215fe518b97
2018-05-08Reword misleading log lineIan Gudger
PiperOrigin-RevId: 195834310 Change-Id: I8af748f75ab87ad1cd29c4c8904d07fd729ba6c9
2018-05-08Fix warning: redundant if ...; err != nil check, just return error instead.Ian Gudger
This warning is produced by golint. PiperOrigin-RevId: 195833381 Change-Id: Idd6a7e57e3cfdf00819f2374b19fc113585dc1e1
2018-05-08Fix format string type in testIan Gudger
PiperOrigin-RevId: 195831778 Change-Id: I413dc909cedc18fbf5320a4f75d876f1be133c6c
2018-05-07Fix misspellingsIan Gudger
PiperOrigin-RevId: 195742598 Change-Id: Ibd4a8e4394e268c87700b6d1e50b4b37dfce5182
2018-05-04Remove ineffectual code in sentry ELF loaderIan Gudger
PiperOrigin-RevId: 195517702 Change-Id: Id90309a6365cac06e68e8774aa79dc76ce1b11c7
2018-05-04sentry: Adds the SIOCGIFNETMASK ioctl to epsocket.Kevin Krakauer
PiperOrigin-RevId: 195489319 Change-Id: I0841d41d042c6f91aa8d7f62c127213aa7953eac
2018-05-04Run gofmt -s on everythingIan Gudger
PiperOrigin-RevId: 195469901 Change-Id: I66d5c7a334bbb8b47e40d266a2661291c2d91c7f
2018-05-04sentry: capture CPU usage metadata for save.Zhaozhong Ni
PiperOrigin-RevId: 195466647 Change-Id: Ib5ca815f7b64a4881441e58567adedf344b206f1
2018-05-03Clean up control message strace loggingIan Gudger
PiperOrigin-RevId: 195329972 Change-Id: I42f7d8800e6692c45ffa9683741f8de89f9a69bb
2018-05-03Fix misspellings.Cyrille Hemidy
PiperOrigin-RevId: 195307689 Change-Id: I499f19af49875a43214797d63376f20ae788d2f4
2018-05-03Don't prematurely remove MountSource from parent's children.Christopher Koch
Otherwise, mounts that fail to be unmounted (EBUSY) will be removed from the children list anyway. At this point, this just affects /proc/pid/mounts and /proc/pid/mountinfo. PiperOrigin-RevId: 195267588 Change-Id: I79114483d73b90f9a7d764a7d513b5b2f251182e
2018-05-02Remove detach for exec optionsFabricio Voznika
Detachable exec commands are handled in the client entirely and the detach option is not used anymore. PiperOrigin-RevId: 195181272 Change-Id: I6e82a2876d2c173709c099be59670f71702e5bf0
2018-05-02Use png for the run states diagramZhengyu He
PiperOrigin-RevId: 195071508 Change-Id: I63314bf7529560e4c779ef07cc9399ad8d53f0a2
2018-05-01Add support for ping socketsIan Gudger
PiperOrigin-RevId: 195049322 Change-Id: I09f6dd58cf10a2e50e53d17d2823d540102913c5
2018-05-01Set LMA in EFERMichael Pratt
As of Linux 4.15 (f29810335965ac1f7bcb501ee2af5f039f792416 KVM/x86: Check input paging mode when cs.l is set), KVM validates that LMA is set along with LME. PiperOrigin-RevId: 195047401 Change-Id: I8b43d8f758a85b1f58ccbd747dcacd4056ef3f66
2018-05-01Implement SO_TIMESTAMPIan Gudger
PiperOrigin-RevId: 195047018 Change-Id: I6d99528a00a2125f414e1e51e067205289ec9d3d