summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2021-09-20[lisa] Plumb lisafs through runsc.Ayush Ranjan
lisafs is only supported in VFS2. Added a runsc flag which enables lisafs. When the flag is enabled, the gofer process and the client communicate using lisafs protocol instead of 9P. Added a filesystem option in fsimpl/gofer which indicates if lisafs is being used. That will be used to gate lisafs on the gofer client. Note that this change does not make the gofer client use lisafs just yet. Updates #5465 PiperOrigin-RevId: 397917844
2021-09-20Internal change.gVisor bot
PiperOrigin-RevId: 397813331
2021-09-19Support IPV6_RECVPKTINFO on UDP socketsGhanan Gowripalan
PiperOrigin-RevId: 397631833
2021-09-17Allow rebinding packet socket protocolGhanan Gowripalan
...to change the network protocol a packet socket may receive packets from. This CL is a portion of an originally larger CL that was split with https://github.com/google/gvisor/commit/a8ad692fd36cbaf7f5a6b9af39d601053dbee338 being the dependent CL. That CL (accidentally) included the change in the endpoint's `afterLoad` method to take the required lock when accessing the endpoint's netProto field. That change should have been in this CL. The CL that made the change mentioned in the commit message is cl/396946187. PiperOrigin-RevId: 397412582
2021-09-16Limit most file mmaps to the range of an int64.Jamie Liu
In the general case, files may have offsets between MaxInt64 and MaxUint64; in Linux pgoff is consistently represented by an unsigned long, and in gVisor the offset types in memmap.MappableRange are uint64. However, regular file mmap is constrained to int64 offsets (on 64-bit systems) by mm/mmap.c:file_mmap_size_max() => MAX_LFS_FILESIZE == LLONG_MAX. As a related fix, check for chunkStart overflow in fsutil.HostFileMapper; chunk offsets are uint64s, but as noted above some file types may use uint64 offsets beyond MaxInt64. Reported-by: syzbot+71342a1585aed97ed9f7@syzkaller.appspotmail.com PiperOrigin-RevId: 397136751
2021-09-16Merge pull request #6579 from prattmic:runsc_do_profilegVisor bot
PiperOrigin-RevId: 397114051
2021-09-16runsc: add global profile collection flagsMichael Pratt
Add global flags -profile-{block,cpu,heap,mutex} and -trace which enable collection of the specified profile for the entire duration of a container execution. This provides a way to definitively start profiling before that application starts, rather than attempting to race with an out-of-band `runsc debug`. Note that only the main boot process is profiled. This exposed a bug in Task.traceExecEvent: a crash when tracing and -race are enabled. traceExecEvent is called off of the task goroutine, but uses the Task as a context, which is a violation of the Task contract. Switching to the AsyncContext fixes the issue. Fixes #220
2021-09-15Pass address properties in a single structTony Gong
Replaced the current AddAddressWithOptions method with AddAddressWithProperties which passes all address properties in a single AddressProperties type. More properties that need to be configured in the future are expected, so adding a type makes adding them easier. PiperOrigin-RevId: 396930729
2021-09-15[bind] Return EINVAL for under sized addressGhanan Gowripalan
...and EAFNOSUPPORT for unexpected address family. To comply with Linux. Updates #6021, #6575. PiperOrigin-RevId: 396893590
2021-09-14Fix race on msgrcv(MSG_COPY).Rahat Mahmood
Previously, we weren't making a copy when a sysv message queue was receiving a message with the MSG_COPY flag. This flag indicates the message being received should be left in the queue and a copy of the message should be returned to userspace. Without the copy, a racing process can modify the original message while it's being marshalled to user memory. Reported-by: syzbot+cb15e644698b20ff4e17@syzkaller.appspotmail.com PiperOrigin-RevId: 396712856
2021-09-10Typo fix.Etienne Perot
PiperOrigin-RevId: 396042572
2021-09-09Remove linux-compat loopback hacks from packet endpointGhanan Gowripalan
Previously, gVisor did not represent loopback devices as an ethernet device as Linux does. To maintain Linux API compatibility for packet sockets, a workaround was used to add an ethernet header if a link header was not already present in the packet buffer delivered to a packet endpoint. However, this workaround is a bug for non-ethernet based interfaces; not all links use an ethernet header (e.g. pure L3/TUN interfaces). As of 3b4bb947517d0d9010120aaa1c3989fd6abf278e, gVisor represents loopback devices as an ethernet-based device so this workaround can now be removed. BUG: https://fxbug.dev/81592 Updates #6530, #6531. PiperOrigin-RevId: 395819151
2021-09-07Stub some memory control files.Rahat Mahmood
PiperOrigin-RevId: 395338926
2021-09-03Add //pkg/sentry/seccheck.Jamie Liu
This defines common infrastructure for dynamically-configured security checks, including an example usage in the clone(2) path. PiperOrigin-RevId: 394797270
2021-09-02unix: avoid taking two endpoint locksAndrei Vagin
If we want to take two endpoint locks, we need to be sure that we always take them in the same order. Accept() locks the listening endpoint to work with acceptedChan and then it calls GetLocalAddress that locks an accepted endpoint. Actually, we can release the listening endpoint lock before calling GetLocalAddress. Reported-by: syzbot+f52bd603f51a4ae91054@syzkaller.appspotmail.com PiperOrigin-RevId: 394553823
2021-09-01Support sending with packet socketsGhanan Gowripalan
...through the loopback interface, only. This change only supports sending on packet sockets through the loopback interface as the loopback interface is the only interface used in packet socket syscall tests - the other link endpoints are not excercised with the existing test infrastructure. Support for sending on packet sockets through the other interfaces will be added as needed. BUG: https://fxbug.dev/81592 PiperOrigin-RevId: 394368899
2021-09-01Extract network datagram endpoint common facilitiesGhanan Gowripalan
...from the UDP endpoint. Datagram-based transport endpoints (e.g. UDP, RAW IP) can share a lot of their write path due to the datagram-based nature of these endpoints. Extract the common facilities from UDP so they can be shared with other transport endpoints (in a later change). Test: UDP syscall tests. PiperOrigin-RevId: 394347774
2021-09-01Don't use reflection in fpu.alignedBytes.Jamie Liu
reflect.ValueOf takes an interface{}, so when passed a slice the compiler emits a call to runtime.convTslice to heap-allocate a copy of the slice header. PiperOrigin-RevId: 394310052
2021-09-01Cache vdso.so's __kernel_rt_sigreturn location.Jamie Liu
PiperOrigin-RevId: 394300607
2021-09-01Propagate vfs.MkdirOptions.ForSyntheticMountpoint to overlay copy-up.Jamie Liu
PiperOrigin-RevId: 394296687
2021-09-01unix: handle a case when a buffer is overflowedAndrei Vagin
Reported-by: syzbot+1aab6800bd14829609b8@syzkaller.appspotmail.com PiperOrigin-RevId: 394279838
2021-08-30Narrow COW-break on thread stacks.Jamie Liu
PiperOrigin-RevId: 393841270
2021-08-30Use specialFileFD handles in specialFileFD.Stat().Jamie Liu
PiperOrigin-RevId: 393831108
2021-08-27Fix lock order violations: mm.mappingMu > Task.mu.Nicolas Lacasse
Document this ordering in mm/mm.go. PiperOrigin-RevId: 393413203
2021-08-25Remove quotedev deviceChong Cai
PiperOrigin-RevId: 392982220
2021-08-24Merge pull request #6438 from gystemd:tcsetpgrp_SIGTTOUgVisor bot
PiperOrigin-RevId: 392774712
2021-08-23Merge pull request #6491 from avagin:kvm-mem-slot-overlapgVisor bot
PiperOrigin-RevId: 392554743
2021-08-21platform/kvm: set physical slots without overlappingAndrei Vagin
Right now, the first slot starts with an address of a memory region and its size is faultBlockSize, but the second slot starts with (physicalStart + faultBlockSize) & faultBlockMask. It means they will overlap if a start address of a memory region are not aligned to faultBlockSize. The kernel doesn't allow to add overlapped regions, but we ignore the EEXIST error. Signed-off-by: Andrei Vagin <avagin@google.com>
2021-08-20Allow gofer.specialFileFDs to be mmapped with a host FD.Jamie Liu
PiperOrigin-RevId: 392102898
2021-08-20Fix lock ordering violation introduced in cl/347704347.Nicolas Lacasse
We cannot hold mm.aioManager.mu while calling MUnmap, because MUnmap attempts to aquire mm.mappingMu. This violates the lock order as documented in mm/mm.go. PiperOrigin-RevId: 392102472
2021-08-20Remove experimental warning in the VFS2 README.Jamie Liu
PiperOrigin-RevId: 392078690
2021-08-19Cache verity dentriesChong Cai
Add an LRU cache to cache verity dentries when ref count drop to 0. This way we don't need to hash and verify the previous opened files or directories each time. PiperOrigin-RevId: 391880157
2021-08-19Use MM-mapped I/O instead of buffered copies in gofer.specialFileFD.Jamie Liu
The rationale given for using buffered copies is still valid, but it's unclear whether holding MM locks or allocating buffers is better in practice, and the former is at least consistent with gofer.regularFileFD (and VFS1), making performance easier to reason about. PiperOrigin-RevId: 391877913
2021-08-18Add control configsChong Cai
Also plumber the controls through runsc PiperOrigin-RevId: 391594318
2021-08-17Merge pull request #6262 from sudo-sturbia:msgqueue/syscalls3gVisor bot
PiperOrigin-RevId: 391416650
2021-08-17Added a SIGTTOU block check in SetForegroundProcessGroupgystemd
2021-08-17Implement stub for msgctl(2).Zyad A. Ali
Add support for msgctl and enable tests. Fixes #135
2021-08-17Implement control operations on msgqueue.Zyad A. Ali
For IPCInfo, update value of MSGSEG constant in abi to avoid overflow in MsgInfo.MsgSeg. MSGSEG was originaly simplified in abi, and is unused (by us and within the kernel), so updating it is okay. Updates #135
2021-08-17Implement ipc.Object.Set and use it in ipc mechanisms.Zyad A. Ali
Set provides functionality of {sem,shm,msg}ctl(IPC_SET).
2021-08-16fix sending of SIGTTOU signal in SetForegroundProcessGroupgystemd
Changed sendSignal to sendSignalLocked because tg.pidns.owner.mu and tg.signalHandlers.mu are already locked in SetForegroundProcess Added a control to verify whether the calling process is ignoring SIGTTOU before sending the signal
2021-08-13[syserror] Remove pkg syserror.Zach Koopmans
Removes package syserror and moves still relevant code to either linuxerr or to syserr (to be later removed). Internal errors are converted from random types to *errors.Error types used in linuxerr. Internal errors are in linuxerr/internal.go. PiperOrigin-RevId: 390724202
2021-08-13Add Event controlsChong Cai
Add Event controls and implement "stream" commands. PiperOrigin-RevId: 390691702
2021-08-12Add Usage controlsChong Cai
Add Usage controls and implement "usage/usagefd" commands. PiperOrigin-RevId: 390507423
2021-08-12[syserror] Convert remaining syserror definitions to linuxerr.Zach Koopmans
Convert remaining public errors (e.g. EINTR) from syserror to linuxerr. PiperOrigin-RevId: 390471763
2021-08-12Add support for TCP send buffer auto tuning.Nayana Bidari
Send buffer size in TCP indicates the amount of bytes available for the sender to transmit. This change will allow TCP to update the send buffer size when - TCP enters established state. - ACK is received. The auto tuning is disabled when the send buffer size is set with the SO_SNDBUF option. PiperOrigin-RevId: 390312274
2021-08-11Do not clear merkle files when creating dentryChong Cai
The dentry for each file/directory can be created/destroyed multiple times during sandbox lifetime. We should not clear the Merkle file each time a dentry is created. PiperOrigin-RevId: 390277107
2021-08-11Popluate verity directory children namesChong Cai
We were relying on children adding its name to parent's dentry to populate parent's children list. However, this may not work since the parent dentry could be destroyed if its reference count drops to zero. In that case, a new dentry will be created when enabling the parent and it does not contain the children names info. Therefore we need to populate the child names list again to avoid missing children in the directory. PiperOrigin-RevId: 390270227
2021-08-11Initial cgroupfs support for subcontainersRahat Mahmood
Allow creation and management of subcontainers through cgroupfs directory syscalls. Also add a mechanism to specify a default root container to start new jobs in. This implements the filesystem support for subcontainers, but doesn't implement hierarchical resource accounting or task migration. PiperOrigin-RevId: 390254870
2021-08-10fix missing SIGTTOU signal in SetForegroundProcessGroupgystemd
2021-08-09platform/kvm: fix a race condition in vCPU.unlock()Andrei Vagin
Right now, it contains the code: origState := atomic.LoadUint32(&c.state) atomicbitops.AndUint32(&c.state, ^vCPUUser) The problem here is that vCPU.bounce that is called from another thread can add vCPUWaiter when origState has been read but vCPUUser isn't cleared yet. In this case, vCPU.unlock doesn't notify other threads about changes and c.bounce will be stuck in the futex_wait call. PiperOrigin-RevId: 389697411