summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-04-14Merge release-20200323.0-154-g2dd6384 (automated)gVisor bot
2020-04-14Fix cleanup around socketpair() failure to copy out FDs.Jamie Liu
- Use the fs.File, rather than the vfs.FileDescription, in the VFS1 version. - Check for a nil fs.File/vfs.FileDescription before calling DecRef, which is possible if a racing dup2() or dup3() replaces the file descriptor between when it is installed and when it is returned. (This is not possible in Linux because Linux separates allocation of a file descriptor from binding an allocated file descriptor to a struct file, and dup2/dup3 return EBUSY if asked to replace an allocated but unbound file descriptor.) PiperOrigin-RevId: 306517101
2020-04-14Merge release-20200323.0-153-g52b4b19 (automated)gVisor bot
2020-04-14Pass O_LARGEFILE in syscalls/linux/vfs2.openat.Jamie Liu
Needed for PipeTest_Flags: files opened by open() and openat() get O_LARGEFILE (on architectures with 64-bit off_t), but not FDs created by other syscalls such as pipe(). Updates #1035 PiperOrigin-RevId: 306504788
2020-04-14Merge release-20200323.0-146-g71e6ac3 (automated)gVisor bot
2020-04-13Don't allow read/write when offset+size overflows.Nicolas Lacasse
PiperOrigin-RevId: 306348346
2020-04-13Merge release-20200323.0-144-g7e5d67e (automated)gVisor bot
2020-04-13Merge pull request #2168 from xiaobo55x:ptrace_testgVisor bot
PiperOrigin-RevId: 306306809
2020-04-13Merge release-20200323.0-138-ge1959f5 (automated)gVisor bot
2020-04-13Merge pull request #2321 from lubinszARM:pr_nogogVisor bot
PiperOrigin-RevId: 306300032
2020-04-13Merge release-20200323.0-136-g5d885d7 (automated)gVisor bot
2020-04-13Port socket-related syscalls to VFS2.Dean Deng
Note that most kinds of sockets are not yet supported in VFS2 (only Unix sockets are partially supported at the moment), so these syscalls will still generally fail. Enabling them allows us to begin running socket tests for VFS2 as more features are ported over. Updates #1476, #1478, #1484, #1485. PiperOrigin-RevId: 306292294
2020-04-13Merge release-20200323.0-134-g6a4d17a (automated)gVisor bot
2020-04-13Remove obsolete TODOs for b/38173783Jon Budd
The comments in the ticket indicate that this behavior is fine and that the ticket should be closed, so we shouldn't need pointers to the ticket. PiperOrigin-RevId: 306266071
2020-04-13Merge release-20200323.0-133-g445c366 (automated)gVisor bot
2020-04-13Fix VFS2 getdents()/getdents64() alignment.Jamie Liu
PiperOrigin-RevId: 306263615
2020-04-11Merge release-20200323.0-130-gdaf3322 (automated)gVisor bot
2020-04-10Add logging message for noNewPrivileges OCI option.Ian Lewis
noNewPrivileges is ignored if set to false since gVisor assumes that PR_SET_NO_NEW_PRIVS is always enabled. PiperOrigin-RevId: 305991947
2020-04-11Merge release-20200323.0-129-g09ddb5a (automated)gVisor bot
2020-04-10Port extended attributes to VFS2.Dean Deng
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs and goferfs. Note that because of the slightly different order of checks between VFS2 and Linux, one of the xattr tests needs to be relaxed slightly. Fixes #2363. PiperOrigin-RevId: 305985121
2020-04-10Merge release-20200323.0-128-g96f9142 (automated)gVisor bot
2020-04-10Use O_CLOEXEC when dup'ing FDsFabricio Voznika
The sentry doesn't allow execve, but it's a good defense in-depth measure. PiperOrigin-RevId: 305958737
2020-04-10Merge release-20200323.0-122-g1798d6c (automated)gVisor bot
2020-04-10Remove TODO from kernel.StracerFabricio Voznika
The dependency strace=>kernel grew over time. strace also depends on task's FD table and FSContext. It could be fixed with some interfaces the other way, but then we're trading an interface for another, and kernel.Stracer is likely cleaner. Closes #155 PiperOrigin-RevId: 305909678
2020-04-10Merge release-20200323.0-119-g7812661 (automated)gVisor bot
2020-04-09Merge pull request #2253 from amscanne:nogogVisor bot
PiperOrigin-RevId: 305807868
2020-04-10Enable syscall ptrace test on arm64.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I5bb8fa7d580d173b1438d6465e1adb442216c8fa
2020-04-10Merge release-20200323.0-113-gc919534 (automated)gVisor bot
2020-04-09Replace type assertion with TaskFromContext.Ting-Yu Wang
This should fix panic at aio callback. PiperOrigin-RevId: 305798549
2020-04-10Merge release-20200323.0-112-g257225c (automated)gVisor bot
2020-04-09Downgrade VFS1-specific FIXME to a NOTE.Jamie Liu
PiperOrigin-RevId: 305794509
2020-04-09Merge release-20200323.0-110-g9f87502 (automated)gVisor bot
2020-04-09Remove TODOs from Async IOFabricio Voznika
Block and drain requests in io_destroy(2). Note the reason to create read-only mapping. PiperOrigin-RevId: 305786312
2020-04-09Merge release-20200323.0-107-g9a5e5ab (automated)gVisor bot
2020-04-09Merge release-20200323.0-103-g7928aa3 (automated)gVisor bot
2020-04-09Convert int and bool socket options to use GetSockOptInt and GetSockOptBoolAndrei Vagin
PiperOrigin-RevId: 305699233
2020-04-09remove nogo exemption for machine_arm64_unsafe.goBin Lu
Minimize the use of unsafe. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-04-09Merge release-20200323.0-100-ga10389e (automated)gVisor bot
2020-04-08splice: cap splice calls to MAX_RW_COUNTAndrei Vagin
The Linux does the same. Reported-by: syzbot+e81716e8956e92e9d56b@syzkaller.appspotmail.com PiperOrigin-RevId: 305625439
2020-04-09Merge release-20200323.0-98-g0f75f72 (automated)gVisor bot
2020-04-08Don't call platform.AddressSpace.MapFile with no permissions.Jamie Liu
PiperOrigin-RevId: 305598136
2020-04-09Merge release-20200323.0-97-g6dd5a1f (automated)gVisor bot
2020-04-08Clean up TODOsFabricio Voznika
PiperOrigin-RevId: 305592245
2020-04-09Merge release-20200323.0-96-g981a587 (automated)gVisor bot
2020-04-08Remove InodeOperations FIXMEs that will be obsoleted by VFS2.Dean Deng
PiperOrigin-RevId: 305588941
2020-04-08Merge release-20200323.0-95-g357f136 (automated)gVisor bot
2020-04-08Handle utimes correctly for shared gofer filesystems.Dean Deng
Determine system time from within the sentry rather than relying on the remote filesystem to prevent inconsistencies. Resolve related TODOs; the time discrepancies in question don't exist anymore. PiperOrigin-RevId: 305557099
2020-04-08Merge release-20200323.0-93-gd8c0c1d (automated)gVisor bot
2020-04-08Do not hold FileDescription references in VFS2 procfs inodes.Jamie Liu
FileDescription references are side-effectual; for example, holding a reference on the write end of a pipe prevents reads from the read end from returning EOF. This change is consistent with Linux, but not VFS1; while VFS1 also has this bug, it's less visible there since VFS1 procfs disables caching. Updates #1195 PiperOrigin-RevId: 305545099
2020-04-08Enable SubprocessExited and SubprocessZombie for gVisorFabricio Voznika
Updates #164 PiperOrigin-RevId: 305544029