Age | Commit message (Collapse) | Author |
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
This is purely moving code, no changes. netfilter.go is cluttered and targets.go
is a good place for this.
#3549
PiperOrigin-RevId: 325879965
|
|
It indicates that the Sentry has changed the state of the thread and
next calls of PullFullState() has to do nothing.
PiperOrigin-RevId: 325567415
|
|
Earlier we were using NLink to decide if /tmp is empty or not. However, NLink
at best tells us about the number of subdirectories (via the ".." entries).
NLink = n + 2 for n subdirectories. But it does not tell us if the directory is
empty. There still might be non-directory files. We could also not rely on
NLink because host overlayfs always returned 1.
VFS1 uses Readdir to decide if the directory is empty. Used a similar approach.
We now use IterDirents to decide if the "/tmp" directory is empty.
Fixes #3369
PiperOrigin-RevId: 325554234
|
|
PiperOrigin-RevId: 325546629
|
|
PiperOrigin-RevId: 325546308
|
|
PiperOrigin-RevId: 325531657
|
|
PiperOrigin-RevId: 325490674
|
|
PiperOrigin-RevId: 325388385
|
|
Updates #1198
PiperOrigin-RevId: 325350818
|
|
PiperOrigin-RevId: 325266487
|
|
/proc/sys/net/ipv4/tcp_recovery is used to enable RACK loss
recovery in TCP.
PiperOrigin-RevId: 325157807
|
|
When a directory is replaced by a rename operation, its link count should
reach zero. We were missing the link from `dir/.`
PiperOrigin-RevId: 325141730
|
|
PiperOrigin-RevId: 325122849
|
|
Also removes `--profile-goroutine` because it's equivalent
to `debug --stacks`.
PiperOrigin-RevId: 325061502
|
|
This was discovered by syzkaller.
PiperOrigin-RevId: 325025193
|
|
Discovered by syzkaller.
PiperOrigin-RevId: 324938438
|
|
Go compiler barely inlines anything, so inline by hand
pwriteLocked since it's called from a single place.
PiperOrigin-RevId: 324937734
|
|
PiperOrigin-RevId: 324931854
|
|
The utility has several differences from the VFS1 equivalent:
- There are no weak references, which have a significant overhead
- In order to print useful debug messages with the type of the reference-
counted object, we use a generic Refs object with the owner type as a
template parameter. In vfs1, this was accomplished by storing a type name
and caller stack directly in the ref count (as in vfs1), which increases the
struct size by 6x. (Note that the caller stack was needed because fs types
like Dirent were shared by all fs implementations; in vfs2, each impl has
its own data structures, so this is no longer necessary.)
As an example, the utility is added to tmpfs.inode.
Updates #1486.
PiperOrigin-RevId: 324906582
|
|
PiperOrigin-RevId: 324826968
|
|
PiperOrigin-RevId: 324748508
|
|
Fixes #3364
PiperOrigin-RevId: 324724614
|
|
PiperOrigin-RevId: 324695672
|
|
Fixes #2920.
PiperOrigin-RevId: 324695118
|
|
context is passed to DecRef() and Release() which is
needed for SO_LINGER implementation.
PiperOrigin-RevId: 324672584
|
|
Updates #1479, #2923.
PiperOrigin-RevId: 324658826
|
|
PiperOrigin-RevId: 324309862
|
|
PiperOrigin-RevId: 324279280
|
|
PiperOrigin-RevId: 324259991
|
|
Envoy (#170) uses this to get the original destination of redirected
packets.
|
|
Move to setstat.go and add a FileDescription wrapper method.
PiperOrigin-RevId: 324165277
|
|
PiperOrigin-RevId: 324127810
|
|
PiperOrigin-RevId: 324125938
|
|
PiperOrigin-RevId: 324100220
|
|
Return on success should be 0, not size of the struct copied out.
PiperOrigin-RevId: 324029193
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
I disabled DAIF(DEBUG, sError, IRQ, FIQ) in guest kernel mode,
and enabled them in guest user mode.
So, I can make sure all DAIF-s come from guest user mode,
and then the case 'TestBounceStress' can passed on Arm64.
Test steps:
1, cd pkg/sentry/platform/kvm
2, bazel test kvm_test --strip=never --test_output=streamed
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
This change allows the sentry to send FUSE_INIT request and process
the reply. It adds the corresponding structs, employs the fuse
device to send and read the message, and stores the results of negotiation
in corresponding places (inside connection struct).
It adds a CallAsync() function to the FUSE connection interface:
- like Call(), but it's for requests that do not expect immediate response (init, release, interrupt etc.)
- will block if the connection hasn't initialized, which is the same for Call()
|
|
Compare Linux's fs/eventpoll.c:do_epoll_ctl(). I don't know where EPOLLRDHUP
came from.
PiperOrigin-RevId: 323874419
|
|
full context switch: add fpsimd load/store support to container
application.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 323715260
|
|
PiperOrigin-RevId: 323491461
|
|
PiperOrigin-RevId: 323456118
|
|
PiperOrigin-RevId: 323455097
|
|
PiperOrigin-RevId: 323443142
|
|
This PR adds the following:
- [x] Marshall-able structs for fuse headers
- [x] Data structures needed in /dev/fuse to communicate with the daemon server
- [x] Implementation of the device interface
- [x] Go unit tests
This change adds the `/dev/fuse` implementation. `Connection` controls the
communication between the server and the sentry. The FUSE server uses
the `FileDescription` interface to interact with the Sentry. The Sentry
implmenetation of fusefs, uses `Connection` and the Connection interface
to interact with the Server. All communication messages are in the form
of `go_marshal` backed structs defined in the ABI package.
This change also adds some go unit tests that test (pretty basically)
the interfaces and should be used as an example of an end to end FUSE
operation.
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/3083 from ridwanmsharif:ridwanmsharif/fuse-device-impl 69aa2ce970004938fe9f918168dfe57636ab856e
PiperOrigin-RevId: 323428180
|
|
The subsequent systrap changes will need to import memmap from
the platform package.
PiperOrigin-RevId: 323409486
|
|
We need to correctly distinguish instruction_abort/data_abort for
mem_abort@Arm64.
So, EC/WNR/FSC in esr_el1 should be checked.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
At present, when doing syscall_kvm test, we need to
enable the function of ESR_ELx_SYS64_ISS_SYS_CNTVCT/ESR_ELx_SYS64_ISS_SYS_CNTFRQ to
successfully pass the test.
I set CNTKCTL_EL1.EL0VCTEN==1/CNTKCTL_EL1.EL0PCTEN==1, so that the related cases can passed.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|