summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-01-16Merge release-20200115.0-5-g420d335 (automated)gVisor bot
2020-01-16Enable clone syscall support on arm64.Haibo Xu
sys_clone has many flavors in Linux, and amd64 chose a different one from x86(different arguments order). Ref kernel/fork.c for more info. Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I6c8cbc685f4a6e786b171715ab68292fc95cbf48 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/1545 from xiaobo55x:clone 156bd2dfbc63ef5291627b0578ddea77997393b2 PiperOrigin-RevId: 290093953
2020-01-15Add timestamps to VFS2 tmpfs, and implement some of SetStat.Nicolas Lacasse
PiperOrigin-RevId: 289962040
2020-01-15Merge release-20191213.0-121-g2ebd214 (automated)gVisor bot
2020-01-15Merge pull request #1540 from laijs:fix-PCIDsgVisor bot
PiperOrigin-RevId: 289925133
2020-01-15Merge release-20191213.0-117-gff78a72 (automated)gVisor bot
2020-01-14enable pkg/sentry/arch to support arm64 basicallylubinszARM
Signed-off-by: Bin Lu <bin.lu@arm.com> Change-Id: I9cce23db4e5caec82ce42b4970fdb7f7e8c08f1d COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/773 from lubinszARM:pr_arch_basic 3fe2fd8e6286766bbe489ef971dce204f924feba PiperOrigin-RevId: 289795569
2020-01-14Merge release-20191213.0-115-g50625ce (automated)gVisor bot
2020-01-14Implement {g,s}etsockopt(IP_RECVTOS) for UDP socketsTamir Duberstein
PiperOrigin-RevId: 289718534
2020-01-13Merge release-20191213.0-113-gdebd213 (automated)gVisor bot
2020-01-13Allow dual stack sockets to operate on AF_INETTamir Duberstein
Fixes #1490 Fixes #1495 PiperOrigin-RevId: 289523250
2020-01-13Only allow INPUT modifications.Kevin Krakauer
2020-01-13Merge branch 'master' into iptables-write-input-dropKevin Krakauer
2020-01-13Merge release-20191213.0-111-gb30cfb1 (automated)gVisor bot
2020-01-13Merge pull request #1528 from kevinGC:iptables-writegVisor bot
PiperOrigin-RevId: 289479774
2020-01-10Merge release-20191213.0-96-g27500d5 (automated)gVisor bot
2020-01-09New sync package.Ian Gudger
* Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387
2020-01-09Merge release-20191213.0-88-gee3158f (automated)gVisor bot
2020-01-09Merge pull request #1423 from xiaobo55x:stracegVisor bot
PiperOrigin-RevId: 288965915
2020-01-09Merge release-20191213.0-86-g8643933 (automated)gVisor bot
2020-01-09Change BindToDeviceOption to store NICIDEyal Soha
This makes it possible to call the sockopt from go even when the NIC has no name. PiperOrigin-RevId: 288955236
2020-01-09Merge release-20191213.0-84-g290908f (automated)gVisor bot
2020-01-09Avoid panic when c.PCIDs is nilLai Jiangshan
When PCID is disabled, there would throw a panic when dropPageTables() access to c.PCID without check. Signed-off-by: Lai Jiangshan <eag0628@gmail.com>
2020-01-08It works! It drops some packets.Kevin Krakauer
2020-01-08Merge branch 'iptables-write' into iptables-write-input-dropKevin Krakauer
2020-01-09Merge release-20191213.0-82-gfbb2c00 (automated)gVisor bot
2020-01-08More GH comments.Kevin Krakauer
2020-01-08Return correct length with MSG_TRUNC for unix sockets.Ian Lewis
This change calls a new Truncate method on the EndpointReader in RecvMsg for both netlink and unix sockets. This allows readers such as sockets to peek at the length of data without actually reading it to a buffer. Fixes #993 #1240 PiperOrigin-RevId: 288800167
2020-01-08Define sizes for extent headers and entries separately to improve clarity.Dean Deng
PiperOrigin-RevId: 288799694
2020-01-09Merge release-20191213.0-80-gb3ae8a6 (automated)gVisor bot
2020-01-08Addressed GH commentsKevin Krakauer
2020-01-08Fix slice bounds out of range panic in parsing socket control message.Ting-Yu Wang
Panic found by syzakller. PiperOrigin-RevId: 288799046
2020-01-08Getting a panic when running tests. For some reason the filter table isKevin Krakauer
ending up with the wrong chains and is indexing -1 into rules.
2020-01-08Merge release-20191213.0-78-gd530df2 (automated)gVisor bot
2020-01-08Introduce tcpip.SockOptBoolTamir Duberstein
...and port V6OnlyOption to it. PiperOrigin-RevId: 288789451
2020-01-08Built dead-simple traversal, but now getting depedency cycle error :'(Kevin Krakauer
2020-01-08Merge release-20191213.0-76-ga271bcc (automated)gVisor bot
2020-01-08Rename tcpip.SockOpt{,Int}Tamir Duberstein
PiperOrigin-RevId: 288772878
2020-01-08First commit -- re-adding DROPKevin Krakauer
2020-01-08Merge release-20191213.0-74-gbb96f52 (automated)gVisor bot
2020-01-08Merge pull request #1273 from lubinszARM:pr_ring_3gVisor bot
PiperOrigin-RevId: 288743614
2020-01-08Comment cleanup.Kevin Krakauer
2020-01-08Minor fixes to comments and loggingKevin Krakauer
2020-01-08Make /proc/[pid] offset start at TGID_OFFSETFabricio Voznika
Updates #1195 PiperOrigin-RevId: 288725745
2020-01-08Write simple ACCEPT rules to the filter table.Kevin Krakauer
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added.
2020-01-08Merge release-20191213.0-69-ga53ac73 (automated)gVisor bot
2020-01-07fs/splice: don't report a partialResult error if there is no data lossAndrei Vagin
PiperOrigin-RevId: 288642552
2020-01-07Merge release-20191213.0-63-g17c1824 (automated)gVisor bot
2020-01-06platform/syscall: use syscall + int3 to execute a system call in a stub processAndrei Vagin
Right now, we need to call ptrace(PTRACE_SYSCALL) and wait() twice to execute one system call in a stub process. With these changes, we will need to call ptrace + wait only once. In addition, this allows to workaround the kernel bug when a stub process doesn't stop on syscall-exit-stop and starts executing the next system call. Reported-by: syzbot+37143cafa8dc3b5008ee@syzkaller.appspotmail.com PiperOrigin-RevId: 288393029
2020-01-06Merge release-20191213.0-62-g51f3ab8 (automated)gVisor bot