summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-11-17tmpfs: make sure that a dentry will not be destroyed before the open() callAndrei Vagin
If we don't hold a reference, the dentry can be destroyed by another thread. Reported-by: syzbot+f2132e50060c41f6d41f@syzkaller.appspotmail.com PiperOrigin-RevId: 342951940
2020-11-17Add consistent precondition formatting for verityChong Cai
Also add the lock order for verity fs, and add a lock to protect dentry hash. PiperOrigin-RevId: 342946537
2020-11-17Merge pull request #4836 from lubinszARM:pr_exception_el0_el1gVisor bot
PiperOrigin-RevId: 342943430
2020-11-17Fix SO_ERROR behavior for TCP in gVisor.Bhasker Hariharan
Fixes the behaviour of SO_ERROR for tcp sockets where in linux it returns sk->sk_err and if sk->sk_err is 0 then it returns sk->sk_soft_err. In gVisor TCP we endpoint.HardError is the equivalent of sk->sk_err and endpoint.LastError holds soft errors. This change brings this into alignment with Linux such that both hard/soft errors are cleared when retrieved using getsockopt(.. SO_ERROR) is called on a socket. Fixes #3812 PiperOrigin-RevId: 342868552
2020-11-17arm64 kvm: add the processing functions for all el0/el1 exceptionsRobin Luk
I added 2 unified processing functions for all exceptions of el/el0 Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
2020-11-16Reset watchdog timer between sendfile() iterations.Jamie Liu
As part of this, change Task.interrupted() to not drain Task.interruptChan, and do so explicitly using new function Task.unsetInterrupted() instead. PiperOrigin-RevId: 342768365
2020-11-16Allow RLIMIT_RSS to be setFabricio Voznika
Closes #4746 PiperOrigin-RevId: 342747165
2020-11-16Remove ARP address workaroundGhanan Gowripalan
- Make AddressableEndpoint optional for NetworkEndpoint. Not all NetworkEndpoints need to support addressing (e.g. ARP), so AddressableEndpoint should only be implemented for protocols that support addressing such as IPv4 and IPv6. With this change, tcpip.ErrNotSupported will be returned by the stack when attempting to modify addresses on a network endpoint that does not support addressing. Now that packets are fully handled at the network layer, and (with this change) addresses are optional for network endpoints, we no longer need the workaround for ARP where a fake ARP address was added to each NIC that performs ARP so that packets would be delivered to the ARP layer. PiperOrigin-RevId: 342722547
2020-11-13Log task goroutine IDs in the sentry watchdog.Jamie Liu
PiperOrigin-RevId: 342373580
2020-11-13Check for misuse of kernel.Task as context.Context.Jamie Liu
Checks in Task.block() and Task.Value() are conditional on race detection being enabled, since these functions are relatively hot. Checks in Task.SleepStart() and Task.UninterruptibleSleepStart() are enabled unconditionally, since these functions are not thought to lie on any critical paths, and misuse of these functions is required for b/168241471 to manifest. PiperOrigin-RevId: 342342175
2020-11-13Have fuse.DeviceFD hold reference on fuse.filesystem.Jamie Liu
This is actually just b/168751672 again; cl/332394146 was incorrectly reverted by cl/341411151. Document the reference holder to reduce the likelihood that this happens again. Also document a few other bugs observed in the process. PiperOrigin-RevId: 342339144
2020-11-13fs/tmpfs: change regularFile.size atomicallyAndrei Vagin
PiperOrigin-RevId: 342221309
2020-11-13fs/tmpfs: use atomic operations to access inode.modeAndrei Vagin
PiperOrigin-RevId: 342214859
2020-11-12Refactor SOL_SOCKET optionsNayana Bidari
Store all the socket level options in a struct and call {Get/Set}SockOpt on this struct. This will avoid implementing socket level options on all endpoints. This CL contains implementing one socket level option for tcp and udp endpoints. PiperOrigin-RevId: 342203981
2020-11-12Fix misuses of kernel.Task as context.Context.Jamie Liu
kernel.Task can only be used as context.Context by that Task's task goroutine. This is violated in at least two places: - In any case where one thread accesses the /proc/[tid] of any other thread, passing the kernel.Task for [tid] as the context.Context is incorrect. - Task.rebuildTraceContext() may be called by Kernel.RebuildTraceContexts() outside the scope of any task goroutine. Fix these (as well as a data race on Task.traceContext discovered during the course of finding the latter). PiperOrigin-RevId: 342174404
2020-11-12Add children names into verity hashChong Cai
children names map can be used to verify whether a child is expected during walking, so that we can detect unexpected modifications that deleted/renamed both the target file and the corresponding merkle tree file. PiperOrigin-RevId: 342170715
2020-11-12Rename kernel.TaskContext to kernel.TaskImage.Jamie Liu
This reduces confusion with context.Context (which is also relevant to kernel.Tasks) and is consistent with existing function kernel.LoadTaskImage(). PiperOrigin-RevId: 342167298
2020-11-12Filter dentries with non-zero refs in VFS2 gofer/overlay checks.Jamie Liu
PiperOrigin-RevId: 342161204
2020-11-11Read fsimpl/tmpfs timestamps atomically.Jamie Liu
PiperOrigin-RevId: 341982672
2020-11-09Print a debug message if /sys/kernel/debug/kcov is availableAndrei Vagin
This will help to debug: https://syzkaller.appspot.com/bug?id=0d717bd7028dceeb4b38f09aab2841c398b41d81 PiperOrigin-RevId: 341458715
2020-11-09Merge pull request #4683 from lemin9538:lemin_fpsmid_fixgVisor bot
PiperOrigin-RevId: 341445910
2020-11-09Initialize references with a value of 1.Dean Deng
This lets us avoid treating a value of 0 as one reference. All references using the refsvfs2 template must call InitRefs() before the reference is incremented/decremented, or else a panic will occur. Therefore, it should be pretty easy to identify missing InitRef calls during testing. Updates #1486. PiperOrigin-RevId: 341411151
2020-11-06Allow VFS2 gofer.dentries to have separate read and write FDs.Jamie Liu
This is necessary to allow writes to files opened with O_WRONLY to go through host FDs. PiperOrigin-RevId: 341174509
2020-11-06[vfs] Return EEXIST when file already exists and rp.MustBeDir() is true.Ayush Ranjan
This is consistent with what Linux does. This was causing a PHP runtime test failure. Fixed it for VFS2. PiperOrigin-RevId: 341155209
2020-11-06Implement command GETNCNT for semctl.Jing Chen
PiperOrigin-RevId: 341154192
2020-11-06[vfs] overlayfs: Do not unlink non-existing whiteout during file creation.Ayush Ranjan
We can reuse information about whether a whiteout exists on a given file path from stepLocked when creating a file at that path. This helps save an Unlink call to the upper filesystem if the whiteout does NOT exist (common case). Plumbs this information from lookupLocked() -> getChildLocked() -> stepLocked(). This also helped save a Lookup in RenameAt(). Fixes #1199 PiperOrigin-RevId: 341105351
2020-11-06Avoid extra DecRef on kernfs root for "kept" dentries.Dean Deng
The root dentry was not created through Inode.Lookup, so we should not release a reference even if inode.Keep() is true. PiperOrigin-RevId: 341103220
2020-11-06Fix infinite loop when splicing to pipes/eventfds.Nicolas Lacasse
Writes to pipes of size < PIPE_BUF are guaranteed to be atomic, so writes larger than that will return EAGAIN if the pipe has capacity < PIPE_BUF. Writes to eventfds will return EAGAIN if the write would cause the eventfd value to go over the max. In both such cases, calling Ready() on the FD will return true (because it is possible to write), but specific kinds of writes will in fact return EAGAIN. This CL fixes an infinite loop in splice and sendfile (VFS1 and VFS2) by forcing skipping the readiness check for the outfile in send, splice, and tee. PiperOrigin-RevId: 341102260
2020-11-06Cap iovec array length in //pkg/sentry/hostfd.Jamie Liu
PiperOrigin-RevId: 341001328
2020-11-03Fix more nogo testsTing-Yu Wang
PiperOrigin-RevId: 340536306
2020-11-03[vfs2] Do not drop inotify waiters across S/R.Dean Deng
The waits-for relationship between an epoll instance and an inotify fd should be restored. This fixes flaky inotify vfs2 tests. PiperOrigin-RevId: 340531367
2020-11-03Make pipe min/max sizes match linux.Nicolas Lacasse
The default pipe size already matched linux, and is unchanged. Furthermore `atomicIOBytes` is made a proper constant (as it is in Linux). We were plumbing usermem.PageSize everywhere, so this is no functional change. PiperOrigin-RevId: 340497006
2020-11-03Merge pull request #3617 from laijs:upperhalfgVisor bot
PiperOrigin-RevId: 340484823
2020-11-03arm64 kvm: inject sError to trigger sigbuslubinszARM
Use an sErr injection to trigger sigbus when we receive EFAULT from the run ioctl. After applying this patch, mmap_test_runsc_kvm will be passed on Arm64. Signed-off-by: Bin Lu <bin.lu@arm.com> COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/4542 from lubinszARM:pr_kvm_mmap_1 f81bd42466d1d60a581e5fb34de18b78878c68c1 PiperOrigin-RevId: 340461239
2020-11-02Implement command GETZCNT for semctl.Jing Chen
PiperOrigin-RevId: 340389884
2020-11-02[vfs2] Refactor kernfs checkCreateLocked.Dean Deng
Don't return the filename, since it can already be determined by the caller. This was causing a panic in RenameAt, which relied on the name to be nonempty even if the error was EEXIST. Reported-by: syzbot+e9f117d000301e42361f@syzkaller.appspotmail.com PiperOrigin-RevId: 340381946
2020-11-02Pass hashing algorithms in verity fs optsChong Cai
PiperOrigin-RevId: 340275942
2020-11-03kvm: share upper halves among all pagtablesLai Jiangshan
Fixes: #509 Signed-off-by: Lai Jiangshan <jiangshan.ljs@antfin.com> Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
2020-11-01Fix returned error when deleting non-existant addressIan Lewis
PiperOrigin-RevId: 340149214
2020-10-30Adjust error handling in kernfs rename.Dean Deng
Read-only directories (e.g. under /sys, /proc) should return EPERM for rename. PiperOrigin-RevId: 339979022
2020-10-30Fix rename error handling for VFS2 kernfs.Dean Deng
The non-errno error was causing panics before. PiperOrigin-RevId: 339969348
2020-10-30Separate kernel.Task.AsCopyContext() into CopyContext() and OwnCopyContext().Jamie Liu
kernel.copyContext{t} cannot be used outside of t's task goroutine, for three reasons: - t.CopyScratchBuffer() is task-goroutine-local. - Calling t.MemoryManager() without running on t's task goroutine or locking t.mu violates t.MemoryManager()'s preconditions. - kernel.copyContext passes t as context.Context to MM IO methods, which is illegal outside of t's task goroutine (cf. kernel.Task.Value()). Fix this by splitting AsCopyContext() into CopyContext() (which takes an explicit context.Context and is usable outside of the task goroutine) and OwnCopyContext() (which uses t as context.Context, but is only usable by t's task goroutine). PiperOrigin-RevId: 339933809
2020-10-30Merge pull request #4564 from zhlhahaha:1981gVisor bot
PiperOrigin-RevId: 339921446
2020-10-29Make RedirectTarget thread safeKevin Krakauer
Fixes #4613. PiperOrigin-RevId: 339746784
2020-10-29Keep magic constants out of netstackKevin Krakauer
PiperOrigin-RevId: 339721152
2020-10-29arm64: fix the fpsmid context save/restore issueMin Le
current when save fpsmid register is using following instruction: # FMOVD Fx, 16*1(R0) this instruction will compiled to: # str Dx, [x0, #16] Dx is 64bit fp register not 128bit, then upper 64bit data will be lossed, this will cause application meet many random crash issue. need use 128bit register Vx or Q0 to save and restore the fpsmid context. Signed-off-by: Min Le <lemin.lm@antgroup.com>
2020-10-28Add leak checking for kernfs.Dentry.Dean Deng
Updates #1486. PiperOrigin-RevId: 339581879
2020-10-28Add logging option to leak checker.Dean Deng
Also refactor the template and CheckedObject interface to make this cleaner. Updates #1486. PiperOrigin-RevId: 339577120
2020-10-28Merge pull request #4630 from lemin9538:lemin_arm64_devgVisor bot
PiperOrigin-RevId: 339540747
2020-10-28Invalidate overlay.dentry.dirents during open() file creation.Jamie Liu
Updates #1199 PiperOrigin-RevId: 339528827