summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2021-01-19Merge release-20210112.0-46-g48ea2c34d (automated)gVisor bot
2021-01-19platform/ptrace: workaround a kernel ptrace issue on ARM64Andrei Vagin
On ARM64, when ptrace stops on a system call, it uses the x7 register to indicate whether the stop has been signalled from syscall entry or syscall exit. This means that we can't get a value of this register and we can't change it. More details are in the comment for tracehook_report_syscall in arch/arm64/kernel/ptrace.c. This happens only if we stop on a system call, so let's queue a signal, resume a stub thread and catch it on a signal handling. Fixes: #5238 PiperOrigin-RevId: 352668695
2021-01-16Merge release-20210112.0-37-g12d979083 (automated)gVisor bot
2021-01-15Remove count argument from tcpip.Endpoint.ReadTamir Duberstein
The same intent can be specified via the io.Writer. PiperOrigin-RevId: 352098747
2021-01-15Merge release-20210112.0-25-ge57ebcd37 (automated)gVisor bot
2021-01-14Simplify the pipe implementation.Jamie Liu
- Remove the pipe package's dependence on the buffer package, which becomes unused as a result. The buffer package is currently intended to serve two use cases, pipes and temporary buffers, and does neither optimally as a result; this change facilitates retooling the buffer package to better serve the latter. - Pass callbacks taking safemem.BlockSeq to the internal pipe I/O methods, which makes most callbacks trivial. - Fix VFS1's splice() and tee() to immediately return if a pipe returns a partial write. PiperOrigin-RevId: 351911375
2021-01-14Add stats for ARPArthur Sfez
Fixes #4963 Startblock: has LGTM from sbalana and then add reviewer ghanan PiperOrigin-RevId: 351886320
2021-01-14Check for existence before permissionsFabricio Voznika
Return EEXIST when overwritting a file as long as the caller has exec permission on the parent directory, even if the caller doesn't have write permission. Also reordered the mount write check, which happens before permission is checked. Closes #5164 PiperOrigin-RevId: 351868123
2021-01-14Merge release-20201216.0-105-g25b5ec713 (automated)gVisor bot
2021-01-13Do not resolve remote link address at transport layerGhanan Gowripalan
Link address resolution is performed at the link layer (if required) so we can defer it from the transport layer. When link resolution is required, packets will be queued and sent once link resolution completes. If link resolution fails, the transport layer will receive a control message indicating that the stack failed to route the packet. tcpip.Endpoint.Write no longer returns a channel now that writes do not wait for link resolution at the transport layer. tcpip.ErrNoLinkAddress is no longer used so it is removed. Removed calls to stack.Route.ResolveWith from the transport layer so that link resolution is performed when a route is created in response to an incoming packet (e.g. to complete TCP handshakes or send a RST). Tests: - integration_test.TestForwarding - integration_test.TestTCPLinkResolutionFailure Fixes #4458 RELNOTES: n/a PiperOrigin-RevId: 351684158
2021-01-13Merge pull request #4792 from lubinszARM:pr_kvm_testgVisor bot
PiperOrigin-RevId: 351638451
2021-01-13Merge release-20201216.0-94-ge74aa25e2 (automated)gVisor bot
2021-01-12Remove useless cached stateTamir Duberstein
Simplify some logic while I'm here. PiperOrigin-RevId: 351491593
2021-01-12Merge release-20201216.0-87-g4e03e8754 (automated)gVisor bot
2021-01-12Fix simple mistakes identified by goreportcard.Adin Scannell
These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971
2021-01-12Merge release-20201216.0-86-ga20da7082 (automated)gVisor bot
2021-01-11Fix Go branch for arm64.Adin Scannell
This requires several changes: * Templates must preserve relevant tags. * Pagetables templates are split into two targets, each preserving tags. * The binary VDSO is similarly split into two targets, with some juggling. * The top level tools/go_branch.sh now does a crossbuild of ARM64 as well, and checks and merges the results of the two branches together. Fixes #5178 PiperOrigin-RevId: 351304330
2021-01-12Merge release-20201216.0-85-ge06c2b126 (automated)gVisor bot
2021-01-11Merge release-20201216.0-82-g4c4de6644 (automated)gVisor bot
2021-01-09Merge release-20201216.0-79-g70de1db82 (automated)gVisor bot
2021-01-08Merge pull request #4933 from lubinszARM:pr_kvm_el0_exceptionsgVisor bot
PiperOrigin-RevId: 350862699
2021-01-08Merge release-20201216.0-72-gbf343394d (automated)gVisor bot
2021-01-07Merge pull request #5207 from avagin:arm64-crossgVisor bot
PiperOrigin-RevId: 350691246
2021-01-07Merge release-20201208.0-127-gb1de1da31 (automated)gVisor bot
2021-01-07netstack: Refactor tcpip.Endpoint.ReadTing-Yu Wang
Read now takes a destination io.Writer, count, options. Keeping the method name Read, in contrast to the Write method. This enables: * direct transfer of views under VV * zero copy It also eliminates the need for sentry to keep a slice of view because userspace had requested a read that is smaller than the view returned, removing the complexity there. Read/Peek/ReadPacket are now consolidated together and some duplicate code is removed. PiperOrigin-RevId: 350636322
2021-01-07Implement the semtimedop syscallAndrei Vagin
Signed-off-by: Andrei Vagin <avagin@gmail.com>
2021-01-06Merge release-20201208.0-117-gabe9d9f67 (automated)gVisor bot
2021-01-06Support add/remove IPv6 multicast group sock optGhanan Gowripalan
IPv4 was always supported but UDP never supported joining/leaving IPv6 multicast groups via socket options. Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP Test: integration_test.TestUDPAddRemoveMembershipSocketOption PiperOrigin-RevId: 350396072
2021-01-06Merge release-20201208.0-116-g0c4118d5b (automated)gVisor bot
2021-01-06Merge pull request #5177 from lubinszARM:pr_kernel_globalgVisor bot
PiperOrigin-RevId: 350375461
2021-01-05Merge release-20201208.0-110-gce7a4440c (automated)gVisor bot
2021-01-05Fix panic when parsing SO_TIMESTAMP cmsgKevin Krakauer
PiperOrigin-RevId: 350223482
2021-01-05Merge release-20201208.0-109-gb06e5bc5b (automated)gVisor bot
2021-01-05Add benchmarks targets to BuildKite.Adin Scannell
This includes minor fix-ups: * Handle SIGTERM in runsc debug, to exit gracefully. * Fix cmd.debug.go opening all profiles as RDONLY. * Fix the test name in fio_test.go, and encode the block size in the test. PiperOrigin-RevId: 350205718
2021-01-05Merge release-20201208.0-103-g2a200811d (automated)gVisor bot
2021-01-05fs/fuse: check that a task has a specified file descriptorAndrei Vagin
Reported-by: syzbot+814105309d2ae8651084@syzkaller.appspotmail.com PiperOrigin-RevId: 350159452
2020-12-31Merge release-20201208.0-102-g807a080d9 (automated)gVisor bot
2020-12-31Add missing error checks for FileDescription.Init.Dean Deng
Syzkaller discovered this bug in pipefs by doing something quite strange: creat(&(0x7f0000002a00)='./file1\x00', 0x0) mount(&(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='devtmpfs\x00', 0x20000d, 0x0) creat(&(0x7f0000000000)='./file1/file0\x00', 0x0) This can be reproduced with: touch mymount mkfifo /dev/mypipe mount -o ro -t devtmpfs devtmpfs mymount echo 123 > mymount/mypipe PiperOrigin-RevId: 349687714
2020-12-30Merge release-20201208.0-98-g0fb5de115 (automated)gVisor bot
2020-12-30Merge release-20201208.0-97-g1b66bad7c (automated)gVisor bot
2020-12-30Merge release-20201208.0-96-ged5850e8e (automated)gVisor bot
2020-12-30Merge release-20201208.0-95-gfc153750e (automated)gVisor bot
2020-12-30Merge release-20201208.0-94-gffa9a715a (automated)gVisor bot
2020-12-30Merge release-20201208.0-93-g3c58405a5 (automated)gVisor bot
2020-12-30Merge release-20201208.0-92-gd302c0570 (automated)gVisor bot
2020-12-30Merge release-20201208.0-91-g85c1c3ed4 (automated)gVisor bot
2020-12-29Make profiling commands synchronous.Adin Scannell
This allows for a model of profiling when you can start collection, and it will terminate when the sandbox terminates. Without this synchronous call, it is effectively impossible to collect length blocking and mutex profiles. PiperOrigin-RevId: 349483418
2020-12-29Merge release-20201208.0-90-g91c05c609 (automated)gVisor bot
2020-12-29arm64 kvm: revert some kpti related codes, and configure upper pagetable as ↵Robin Luk
global In order to improve the performance, some kpti related codes(TCR.A1) have been reverted, and set kernel pagetable as global. Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
2020-12-28Merge release-20201208.0-89-g3ff7324df (automated)gVisor bot