Age | Commit message (Collapse) | Author |
|
When a child's root hash or its Merkle path is modified in its parent's
Merkle tree file, opening the file should fail, provided the directory
is verity enabled. The test for this behavior is added.
PiperOrigin-RevId: 334963690
|
|
PiperOrigin-RevId: 334721453
|
|
Adds support for the IPv6-compatible redirect target. Redirection is a limited
form of DNAT, where the destination is always the localhost.
Updates #3549.
PiperOrigin-RevId: 334698344
|
|
PiperOrigin-RevId: 334682753
|
|
PiperOrigin-RevId: 334678513
|
|
PiperOrigin-RevId: 334674481
|
|
PiperOrigin-RevId: 334656292
|
|
PiperOrigin-RevId: 334652998
|
|
The tests confirms that when a file is opened in verity, the
corresponding Merkle trees are generated. Also a normal read succeeds on
verity enabled files, but fails if either the verity file or the Merkle
tree file is modified.
PiperOrigin-RevId: 334640331
|
|
PiperOrigin-RevId: 334531794
|
|
- Rewrite arch.Stack.{Push,Pop}. For the most part, stack now
implements marshal.CopyContext and can be used as the target of
marshal operations. Stack.Push had some extra logic for
automatically null-terminating slices. This was only used for two
specific types of slices, and is now handled explicitly.
- Delete usermem.CopyObject{In,Out}.
- Replace most remaining uses of the encoding/binary package with
go-marshal. Most of these were using the binary package to compute
the size of a struct, which go-marshal can directly replace. ~3 uses
of the binary package remain. These aren't reasonably replaceable by
go-marshal: for example one use is to construct the syscall
trampoline for systrap.
- Fill out remaining convenience wrappers in the primitive package.
PiperOrigin-RevId: 334502375
|
|
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and
multicast addresses are not allowed. Currently checks for these are
done at the transport layer, but since it is explicitly forbidden at
the IP layers, check for them there.
This change also removes the UDP.InvalidSourceAddress stat since there
is no longer a need for it.
Test: ip_test.TestSourceAddressValidation
PiperOrigin-RevId: 334490971
|
|
PiperOrigin-RevId: 334478850
|
|
Like matchers, targets should use a module-like register/lookup system. This
replaces the brittle switch statements we had before.
The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it
much easier to add IPv6 redirect in the next change.
Updates #3549.
PiperOrigin-RevId: 334469418
|
|
PiperOrigin-RevId: 334428344
|
|
PiperOrigin-RevId: 334263322
|
|
Fixes #1479, #317.
PiperOrigin-RevId: 334258052
|
|
Do not release dirMu between checking whether to create a child and actually
inserting it.
Also fixes a bug in fusefs which was causing it to deadlock under the new
lock ordering. We do not need to call kernfs.Dentry.InsertChild from newEntry
because it will always be called at the kernfs filesystem layer.
Updates #1193.
PiperOrigin-RevId: 334049264
|
|
Previously, we did not check the kcov mode when performing task work. As a
result, disabling kcov did not do anything.
Also avoid expensive atomic RMW when consuming coverage data. We don't need the
swap if the value is already zero (which is most of the time), and it is ok if
there are slight inconsistencies due to a race between coverage data generation
(incrementing the value) and consumption (reading a nonzero value and writing
zero).
PiperOrigin-RevId: 334049207
|
|
The FD should hold a reference on the dentry they were opened on which in turn
holds a reference on the inode it points to.
PiperOrigin-RevId: 333589223
|
|
Update signatures for:
- All methods in inodeDirectory
- deferDecRef() and Filesystem.droppedDentries
- newSyntheticDirectory()
- `slot`s used in OrderedChildren and subsequent methods like
replaceChildLocked() and checkExistingLocked()
- stepExistingLocked(), walkParentDirLocked(), checkCreateLocked()
Updates #1193
PiperOrigin-RevId: 333558866
|
|
Updates #1663
PiperOrigin-RevId: 333539293
|
|
It is called from the kernfs code (OpenAt and revalidateChildLocked()).
For RemoveChildLocked, it is opposed. We need to call it from fuse.RmDir and
fuse.Unlink.
PiperOrigin-RevId: 333453218
|
|
VFS2 socket record is not removed from the system-wide
socket table when the socket is released, which will lead
to a memory leak. This patch fixes this issue.
Fixes: #3874
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
|
|
SocketEntry can be confusing with the template types as the 'Entry'
is usually used as a suffix for list element types, e.g. socketEntry
in the same package. Suggested by Dean (@dean-deng).
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
|
|
PiperOrigin-RevId: 333447255
|
|
There were some instances where we were not enabling leak checking.
PiperOrigin-RevId: 333418571
|
|
PiperOrigin-RevId: 333412836
|
|
PiperOrigin-RevId: 333404727
|
|
Use HandleIOErrorVFS2 instead of custom error handling.
PiperOrigin-RevId: 333227581
|
|
Update signatures for:
- walkExistingLocked
- checkDeleteLocked
- Inode.Open
Updates #1193
PiperOrigin-RevId: 333163381
|
|
Originally, we avoided partial writes in case it caused us to write a partial
packet to a socket-backed specialFileFD. However, this check causes splicing
from a pipe to specialFileFD to fail if we hit EOF on the pipe.
PiperOrigin-RevId: 333016216
|
|
Updates #1193.
PiperOrigin-RevId: 332939026
|
|
PiperOrigin-RevId: 332760843
|
|
PiperOrigin-RevId: 332548335
|
|
Updates #1199
PiperOrigin-RevId: 332539197
|
|
This is more consistent with Linux (see comment on MM.NewSharedAnonMappable()).
We don't do the same thing on VFS1 for reasons documented by the updated
comment.
PiperOrigin-RevId: 332514849
|
|
|
|
PiperOrigin-RevId: 332486383
|
|
PiperOrigin-RevId: 332486111
|
|
Linux defines this struct as:
struct sched_param {
int priority;
}
... in include/linux/sched.h.
PiperOrigin-RevId: 332473133
|
|
This fixes a use-after-free in fuse.DeviceFD.Release.
PiperOrigin-RevId: 332394146
|
|
`ip6tables -t filter` is now usable. NAT support will come in a future CL.
#3549
PiperOrigin-RevId: 332381801
|
|
SO_LINGER is a socket level option and should be stored on all endpoints even
though it is used to linger only for TCP endpoints.
PiperOrigin-RevId: 332369252
|
|
This constant is used to represent int32 stored in file xattrs. The
integers are stored as strings there, so the real size should be the
string size (number of digits) instead of an int size (4 bytes).
PiperOrigin-RevId: 332353217
|
|
PiperOrigin-RevId: 332340342
|
|
This change includes overlay, special regular gofer files, and hostfs.
Fixes #3589.
PiperOrigin-RevId: 332330860
|
|
PiperOrigin-RevId: 332328860
|
|
This is required to make tcpdump work. tcpdump falls back to not using things
like PACKET_RX_RING if setsockopt returns ENOPROTOOPT. This used to be the case
before https://github.com/google/gvisor/commit/6f8fb7e0db2790ff1f5ba835780c03fe245e437f.
Fixes #3981
PiperOrigin-RevId: 332326517
|
|
|