summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-11-24Merge release-20201109.0-105-g986683124 (automated)gVisor bot
2020-11-23Don't evict gofer.dentries with inotify watches before saving.Jamie Liu
PiperOrigin-RevId: 343959348
2020-11-20Refactor verity test for readabilityChong Cai
1. Add getD/getDentry methods to avoid long casting line in each test 2. Factor all calls to vfs.OpenAt/UnlinkAt/RenameAt on lower filesystem to their own method (for both lower file and lower Merkle file) so the tests are more readable 3. Add descriptive test names for delete/remove tests PiperOrigin-RevId: 343540202
2020-11-20Merge release-20201109.0-94-g9c553f2d4 (automated)gVisor bot
2020-11-19Remove racy stringification of socket fds from /proc/net/*.Rahat Mahmood
PiperOrigin-RevId: 343398191
2020-11-20Merge release-20201109.0-93-gd35a25cc8 (automated)gVisor bot
2020-11-19Add a helpful message in stuck task logs.Dean Deng
This also makes the formatting nicer; the caller will add ":\n" to the end of the message. PiperOrigin-RevId: 343397099
2020-11-19Merge release-20201109.0-89-g3454d5721 (automated)gVisor bot
2020-11-19Require sync.Mutex to lock and unlock from the same goroutineMichael Pratt
We would like to track locks ordering to detect ordering violations. Detecting violations is much simpler if mutexes must be unlocked by the same goroutine that locked them. Thus, as a first step to tracking lock ordering, add this lock/unlock requirement to gVisor's sync.Mutex. This is more strict than the Go standard library's sync.Mutex, but initial testing indicates only a single lock that is used across goroutines. The new sync.CrossGoroutineMutex relaxes the requirement (but will not provide lock order checking). Due to the additional overhead, enforcement is only enabled with the "checklocks" build tag. Build with this tag using: bazel build --define=gotags=checklocks ... From my spot-checking, this has no changed inlining properties when disabled. Updates #4804 PiperOrigin-RevId: 343370200
2020-11-19Merge release-20201109.0-85-g74bc6e56c (automated)gVisor bot
2020-11-18[vfs] kernfs: Do not panic if destroyed dentry is cached.Ayush Ranjan
If a kernfs user does not cache dentries, then cacheLocked will destroy the dentry. The current DecRef implementation will be racy in this case as the following can happen: - Goroutine 1 calls DecRef and decreases ref count from 1 to 0. - Goroutine 2 acquires d.fs.mu for reading and calls IncRef and increasing the ref count from 0 to 1. - Goroutine 2 releases d.fs.mu and calls DecRef again decreasing ref count from 1 to 0. - Goroutine 1 now acquires d.fs.mu and calls cacheLocked which destroys the dentry. - Goroutine 2 now acquires d.fs.mu and calls cacheLocked to find that the dentry is already destroyed! Earlier we would panic in this case, we could instead just return instead of adding complexity to handle this race. This is similar to what the gofer client does. We do not want to lock d.fs.mu in the case that the filesystem caches dentries (common case as procfs and sysfs do this) to prevent congestion due to lock contention. PiperOrigin-RevId: 343229496
2020-11-19Merge release-20201109.0-84-ge5650d124 (automated)gVisor bot
2020-11-18[netstack] Move SO_KEEPALIVE and SO_ACCEPTCONN option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343217712
2020-11-19Merge release-20201109.0-81-g3a16b829c (automated)gVisor bot
2020-11-18Port filesystem metrics to VFS2.Jamie Liu
PiperOrigin-RevId: 343196927
2020-11-18Merge release-20201109.0-79-gdf37babd5 (automated)gVisor bot
2020-11-18[netstack] Move SO_REUSEPORT and SO_REUSEADDR option to SocketOptions.Ayush Ranjan
This changes also introduces: - `SocketOptionsHandler` interface which can be implemented by endpoints to handle endpoint specific behavior on SetSockOpt. This is analogous to what Linux does. - `DefaultSocketOptionsHandler` which is a default implementation of the above. This is embedded in all endpoints so that we don't have to uselessly implement empty functions. Endpoints with specific behavior can override the embedded method by manually defining its own implementation. PiperOrigin-RevId: 343158301
2020-11-18Merge release-20201109.0-77-g3e73c519a (automated)gVisor bot
2020-11-18[netstack] Move SO_NO_CHECK option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343146856
2020-11-18Merge release-20201109.0-74-gc978ab047 (automated)gVisor bot
2020-11-18Merge pull request #4791 from lubinszARM:pr_pt_uppergVisor bot
PiperOrigin-RevId: 343130667
2020-11-18Merge release-20201109.0-72-gd6e788a8d (automated)gVisor bot
2020-11-18Add a few syslog messages.Etienne Perot
PiperOrigin-RevId: 343123278
2020-11-18Merge release-20201109.0-71-gfc342fb43 (automated)gVisor bot
2020-11-18[netstack] Move SO_PASSCRED option to SocketOptions.Ayush Ranjan
This change also makes the following fixes: - Make SocketOptions use atomic operations instead of having to acquire/drop locks upon each get/set option. - Make documentation more consistent. - Remove tcpip.SocketOptions from socketOpsCommon because it already exists in transport.Endpoint. - Refactors get/set socket options tests to be easily extendable. PiperOrigin-RevId: 343103780
2020-11-18Merge release-20201109.0-66-gee6dd8cb9 (automated)gVisor bot
2020-11-17Merge pull request #4840 from lubinszARM:pr_fpsimd_1gVisor bot
PiperOrigin-RevId: 343000335
2020-11-18Merge release-20201109.0-64-g05223889b (automated)gVisor bot
2020-11-17fs/fuse: don't dereference fuse.DeviceFD.fs if it is nilAndrei Vagin
PiperOrigin-RevId: 342992936
2020-11-17Merge release-20201109.0-62-g10ba578c0 (automated)gVisor bot
2020-11-17tmpfs: make sure that a dentry will not be destroyed before the open() callAndrei Vagin
If we don't hold a reference, the dentry can be destroyed by another thread. Reported-by: syzbot+f2132e50060c41f6d41f@syzkaller.appspotmail.com PiperOrigin-RevId: 342951940
2020-11-17Add consistent precondition formatting for verityChong Cai
Also add the lock order for verity fs, and add a lock to protect dentry hash. PiperOrigin-RevId: 342946537
2020-11-17Merge release-20201109.0-58-gc1e1e7a9a (automated)gVisor bot
2020-11-17Merge pull request #4836 from lubinszARM:pr_exception_el0_el1gVisor bot
PiperOrigin-RevId: 342943430
2020-11-17Merge release-20201109.0-55-gfb9a649f3 (automated)gVisor bot
2020-11-17Fix SO_ERROR behavior for TCP in gVisor.Bhasker Hariharan
Fixes the behaviour of SO_ERROR for tcp sockets where in linux it returns sk->sk_err and if sk->sk_err is 0 then it returns sk->sk_soft_err. In gVisor TCP we endpoint.HardError is the equivalent of sk->sk_err and endpoint.LastError holds soft errors. This change brings this into alignment with Linux such that both hard/soft errors are cleared when retrieved using getsockopt(.. SO_ERROR) is called on a socket. Fixes #3812 PiperOrigin-RevId: 342868552
2020-11-17arm64 kvm: optimize all fpsimd related codeRobin Luk
Optimize and bug fix all fpsimd related code. Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
2020-11-17arm64 kvm: add the processing functions for all el0/el1 exceptionsRobin Luk
I added 2 unified processing functions for all exceptions of el/el0 Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
2020-11-17Merge release-20201109.0-53-g267560d15 (automated)gVisor bot
2020-11-16Reset watchdog timer between sendfile() iterations.Jamie Liu
As part of this, change Task.interrupted() to not drain Task.interruptChan, and do so explicitly using new function Task.unsetInterrupted() instead. PiperOrigin-RevId: 342768365
2020-11-17Merge release-20201109.0-52-gd48610795 (automated)gVisor bot
2020-11-16Allow RLIMIT_RSS to be setFabricio Voznika
Closes #4746 PiperOrigin-RevId: 342747165
2020-11-16Merge release-20201109.0-51-gcc5cfce4c (automated)gVisor bot
2020-11-16Remove ARP address workaroundGhanan Gowripalan
- Make AddressableEndpoint optional for NetworkEndpoint. Not all NetworkEndpoints need to support addressing (e.g. ARP), so AddressableEndpoint should only be implemented for protocols that support addressing such as IPv4 and IPv6. With this change, tcpip.ErrNotSupported will be returned by the stack when attempting to modify addresses on a network endpoint that does not support addressing. Now that packets are fully handled at the network layer, and (with this change) addresses are optional for network endpoints, we no longer need the workaround for ARP where a fake ARP address was added to each NIC that performs ARP so that packets would be delivered to the ARP layer. PiperOrigin-RevId: 342722547
2020-11-14Merge release-20201030.0-96-g182c12601 (automated)gVisor bot
2020-11-13Log task goroutine IDs in the sentry watchdog.Jamie Liu
PiperOrigin-RevId: 342373580
2020-11-13Merge release-20201030.0-94-ga1cb52447 (automated)gVisor bot
2020-11-13Check for misuse of kernel.Task as context.Context.Jamie Liu
Checks in Task.block() and Task.Value() are conditional on race detection being enabled, since these functions are relatively hot. Checks in Task.SleepStart() and Task.UninterruptibleSleepStart() are enabled unconditionally, since these functions are not thought to lie on any critical paths, and misuse of these functions is required for b/168241471 to manifest. PiperOrigin-RevId: 342342175
2020-11-13Merge release-20201030.0-93-g89517eca4 (automated)gVisor bot
2020-11-13Have fuse.DeviceFD hold reference on fuse.filesystem.Jamie Liu
This is actually just b/168751672 again; cl/332394146 was incorrectly reverted by cl/341411151. Document the reference holder to reduce the likelihood that this happens again. Also document a few other bugs observed in the process. PiperOrigin-RevId: 342339144