summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-10-02Merge release-20200921.0-102-g4f462b0ed (automated)gVisor bot
2020-10-02Convert uses of the binary package in kernel to go-marshal.Rahat Mahmood
PiperOrigin-RevId: 335077195
2020-10-02Merge release-20200921.0-99-g02cff90ad (automated)gVisor bot
2020-10-02Merge pull request #4035 from lubinszARM:pr_misc_01gVisor bot
PiperOrigin-RevId: 335051794
2020-10-01Add a verity test for modified parent Merkle fileChong Cai
When a child's root hash or its Merkle path is modified in its parent's Merkle tree file, opening the file should fail, provided the directory is verity enabled. The test for this behavior is added. PiperOrigin-RevId: 334963690
2020-10-01Merge release-20200921.0-96-gcb41f6703 (automated)gVisor bot
2020-09-30Merge pull request #3824 from btw616:fix/issue-3823gVisor bot
PiperOrigin-RevId: 334721453
2020-09-30Merge release-20200921.0-93-g6f8d64f42 (automated)gVisor bot
2020-09-30ip6tables: redirect supportKevin Krakauer
Adds support for the IPv6-compatible redirect target. Redirection is a limited form of DNAT, where the destination is always the localhost. Updates #3549. PiperOrigin-RevId: 334698344
2020-09-30Implement ioctl with measure in verity fsChong Cai
PiperOrigin-RevId: 334682753
2020-09-30Internal change.Chong Cai
PiperOrigin-RevId: 334678513
2020-09-30Merge release-20200921.0-89-g9751044a9 (automated)gVisor bot
2020-09-30Merge pull request #2256 from laijs:kptigVisor bot
PiperOrigin-RevId: 334674481
2020-09-30[go-marshal] Port ext codebase to use go marshal.Ayush Ranjan
PiperOrigin-RevId: 334656292
2020-09-30Merge release-20200921.0-80-gb49a17fc3 (automated)gVisor bot
2020-09-30Make all Target.Action implementation pointer receiversKevin Krakauer
PiperOrigin-RevId: 334652998
2020-09-30Add verity fs testsChong Cai
The tests confirms that when a file is opened in verity, the corresponding Merkle trees are generated. Also a normal read succeeds on verity enabled files, but fails if either the verity file or the Merkle tree file is modified. PiperOrigin-RevId: 334640331
2020-09-30Merge release-20200921.0-77-g0aae51c6e (automated)gVisor bot
2020-09-29iptables: remove unused min/max NAT range fieldsKevin Krakauer
PiperOrigin-RevId: 334531794
2020-09-30Merge release-20200921.0-74-g387501219 (automated)gVisor bot
2020-09-29Replace remaining uses of reflection-based marshalling.Rahat Mahmood
- Rewrite arch.Stack.{Push,Pop}. For the most part, stack now implements marshal.CopyContext and can be used as the target of marshal operations. Stack.Push had some extra logic for automatically null-terminating slices. This was only used for two specific types of slices, and is now handled explicitly. - Delete usermem.CopyObject{In,Out}. - Replace most remaining uses of the encoding/binary package with go-marshal. Most of these were using the binary package to compute the size of a struct, which go-marshal can directly replace. ~3 uses of the binary package remain. These aren't reasonably replaceable by go-marshal: for example one use is to construct the syscall trampoline for systrap. - Fill out remaining convenience wrappers in the primitive package. PiperOrigin-RevId: 334502375
2020-09-29Merge release-20200921.0-72-g6ae83404a (automated)gVisor bot
2020-09-29Don't allow broadcast/multicast source addressGhanan Gowripalan
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and multicast addresses are not allowed. Currently checks for these are done at the transport layer, but since it is explicitly forbidden at the IP layers, check for them there. This change also removes the UDP.InvalidSourceAddress stat since there is no longer a need for it. Test: ip_test.TestSourceAddressValidation PiperOrigin-RevId: 334490971
2020-09-29Merge release-20200921.0-71-g4a428b13b (automated)gVisor bot
2020-09-29Add /proc/[pid]/cwdFabricio Voznika
PiperOrigin-RevId: 334478850
2020-09-29Merge release-20200921.0-70-g7fbb45e8e (automated)gVisor bot
2020-09-29iptables: refactor to make targets extendableKevin Krakauer
Like matchers, targets should use a module-like register/lookup system. This replaces the brittle switch statements we had before. The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it much easier to add IPv6 redirect in the next change. Updates #3549. PiperOrigin-RevId: 334469418
2020-09-29Merge release-20200921.0-66-g7d64bc1fd (automated)gVisor bot
2020-09-29Merge pull request #3875 from btw616:fix/issue-3874gVisor bot
PiperOrigin-RevId: 334428344
2020-09-29Merge release-20200921.0-59-g028e045da (automated)gVisor bot
2020-09-28Merge release-20200921.0-57-g237b761f9 (automated)gVisor bot
2020-09-28Merge release-20200921.0-58-gba44298a3 (automated)gVisor bot
2020-09-28Don't leak dentries returned by sockfs.NewDentry().Jamie Liu
PiperOrigin-RevId: 334263322
2020-09-28Merge release-20200921.0-55-ga0e0ba690 (automated)gVisor bot
2020-09-28Support inotify in overlayfs.Dean Deng
Fixes #1479, #317. PiperOrigin-RevId: 334258052
2020-09-27Merge release-20200921.0-54-gfa995da84 (automated)gVisor bot
2020-09-27Fix kernfs race condition.Dean Deng
Do not release dirMu between checking whether to create a child and actually inserting it. Also fixes a bug in fusefs which was causing it to deadlock under the new lock ordering. We do not need to call kernfs.Dentry.InsertChild from newEntry because it will always be called at the kernfs filesystem layer. Updates #1193. PiperOrigin-RevId: 334049264
2020-09-27Merge release-20200921.0-53-g2a60f9229 (automated)gVisor bot
2020-09-27Clean up kcov.Dean Deng
Previously, we did not check the kcov mode when performing task work. As a result, disabling kcov did not do anything. Also avoid expensive atomic RMW when consuming coverage data. We don't need the swap if the value is already zero (which is most of the time), and it is ok if there are slight inconsistencies due to a race between coverage data generation (incrementing the value) and consumption (reading a nonzero value and writing zero). PiperOrigin-RevId: 334049207
2020-09-25arm64: some minor changesBin Lu
This patch adds minor changes for Arm64 platform: 1, add SetRobustList/GetRobustList support for arm64 syscall module. 2, add newfstatat support for arm64 vfs2 syscall module. 3, add tls value in ProtoBuf. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-09-24Merge release-20200914.0-158-g832d91b80 (automated)gVisor bot
2020-09-24[vfs] kernfs: Do not hold reference on the inode when opening FD.Ayush Ranjan
The FD should hold a reference on the dentry they were opened on which in turn holds a reference on the inode it points to. PiperOrigin-RevId: 333589223
2020-09-24Merge release-20200914.0-154-g2a10bc1e4 (automated)gVisor bot
2020-09-24[vfs] [2/2] kernfs: kernfs: Internally use kernfs.Dentry instead of vfs.Dentry.Ayush Ranjan
Update signatures for: - All methods in inodeDirectory - deferDecRef() and Filesystem.droppedDentries - newSyntheticDirectory() - `slot`s used in OrderedChildren and subsequent methods like replaceChildLocked() and checkExistingLocked() - stepExistingLocked(), walkParentDirLocked(), checkCreateLocked() Updates #1193 PiperOrigin-RevId: 333558866
2020-09-24Merge release-20200914.0-152-g0a7075f38 (automated)gVisor bot
2020-09-24Add basic stateify annotations.Adin Scannell
Updates #1663 PiperOrigin-RevId: 333539293
2020-09-24Merge release-20200914.0-147-g3838e83a9 (automated)gVisor bot
2020-09-23fuse: don't call dentry.InsertChildAndrei Vagin
It is called from the kernfs code (OpenAt and revalidateChildLocked()). For RemoveChildLocked, it is opposed. We need to call it from fuse.RmDir and fuse.Unlink. PiperOrigin-RevId: 333453218
2020-09-24Fix socket record leak in VFS2Tiwei Bie
VFS2 socket record is not removed from the system-wide socket table when the socket is released, which will lead to a memory leak. This patch fixes this issue. Fixes: #3874 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2020-09-24Rename kernel.SocketEntry to kernel.SocketRecordTiwei Bie
SocketEntry can be confusing with the template types as the 'Entry' is usually used as a suffix for list element types, e.g. socketEntry in the same package. Suggested by Dean (@dean-deng). Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>