summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2019-07-17sys_time: Wrap comments to 80 columnsAdrien Leravat
2019-07-17Take copyMu in RevalidateMichael Pratt
copyMu is required to read child.overlay.upper. PiperOrigin-RevId: 258662209
2019-07-17Separate O_DSYNC and O_SYNC.Jamie Liu
PiperOrigin-RevId: 258657913
2019-07-17ext: disklayout: extents support.Ayush Ranjan
PiperOrigin-RevId: 258657776
2019-07-17ext: Filesystem init implementation.Ayush Ranjan
PiperOrigin-RevId: 258645957
2019-07-17Merge pull request #355 from zhuangel:mastergVisor bot
PiperOrigin-RevId: 258643966
2019-07-17Fix race in FDTable.GetFDs().Bhasker Hariharan
PiperOrigin-RevId: 258635459
2019-07-17Add AF_UNIX, SOCK_RAW sockets, which exist for some reason.Kevin Krakauer
tcpdump creates these. PiperOrigin-RevId: 258611829
2019-07-17Merge pull request #533 from kevinGC:stub-dev-ttygVisor bot
PiperOrigin-RevId: 258607547
2019-07-17Properly invalidate cache in rename and removeMichael Pratt
We were invalidating the wrong overlayEntry in rename and missing invalidation in rename and remove if lower exists. PiperOrigin-RevId: 258604685
2019-07-16Merge pull request #474 from zhuangel:proctasksgVisor bot
PiperOrigin-RevId: 258479216
2019-07-15Support /proc/net/devJianfeng Tan
This proc file reports the stats of interfaces. We could use ifconfig command to check the result. Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Change-Id: Ia7c1e637f5c76c30791ffda68ee61e861b6ef827 COPYBARA_INTEGRATE_REVIEW=https://gvisor-review.googlesource.com/c/gvisor/+/18282/ PiperOrigin-RevId: 258303936
2019-07-15kvm: wake up all waiter of vCPU.stateAndrei Vagin
Now we call FUTEX_WAKE with ^uintptr(0) of waiters, but in this case only one waiter will be waked up. If we want to wake up all of them, the number of waiters has to be set to math.MaxInt32. PiperOrigin-RevId: 258285286
2019-07-12Add IPPROTO_RAW, which allows raw sockets to write IP headers.Kevin Krakauer
iptables also relies on IPPROTO_RAW in a way. It opens such a socket to manipulate the kernel's tables, but it doesn't actually use any of the functionality. Blegh. PiperOrigin-RevId: 257903078
2019-07-12Stub out support for TCP_MAXSEG.Bhasker Hariharan
Adds support to set/get the TCP_MAXSEG value but does not really change the segment sizes emitted by netstack or alter the MSS advertised by the endpoint. This is currently being added only to unblock iperf3 on gVisor. Plumbing this correctly requires a bit more work which will come in separate CLs. PiperOrigin-RevId: 257859112
2019-07-12Merge pull request #282 from zhangningdlut:chris_test_procgVisor bot
PiperOrigin-RevId: 257855479
2019-07-12Don't emit an event for extended attribute syscalls.Nicolas Lacasse
These are filesystem-specific, and filesystems are allowed to return ENOTSUP if they are not supported. PiperOrigin-RevId: 257813477
2019-07-11Fix license year and remove Read.Kevin
2019-07-11Add a stub for /dev/tty.Kevin
Actual implementation to follow, but this will satisfy applications that want it to just exist.
2019-07-11Added tiny ext4 image.Ayush Ranjan
The image is of size 64Kb which supports 64 1k blocks and 16 inodes. This is the smallest size mkfs.ext4 works with. Added README.md documenting how this was created and included all files on the device under assets. PiperOrigin-RevId: 257712672
2019-07-11ext: boilerplate code.Ayush Ranjan
Renamed ext4 to ext since we are targeting ext(2/3/4). Removed fs.go since we are targeting VFS2. Added ext.go with filesystem struct. PiperOrigin-RevId: 257689775
2019-07-09tss: block userspace access to all I/O ports.Liu Hua
A userspace process (CPL=3) can access an i/o port if the bit corresponding to the port is set to 0 in the I/O permission bitmap. Configure the I/O permission bitmap address beyond the last valid byte in the TSS so access to all i/o ports is blocked. Signed-off-by: Liu Hua <sdu.liu@huawei.com> Change-Id: I3df76980c3735491db768f7210e71703f86bb989 PiperOrigin-RevId: 257336518
2019-07-09ext4: disklayout: Directory Entry implementation.Ayush Ranjan
PiperOrigin-RevId: 257314911
2019-07-09build: add nogo for static validationAdin Scannell
PiperOrigin-RevId: 257297820
2019-07-09Cleanup straggling syscall dependencies.Adin Scannell
PiperOrigin-RevId: 257293198
2019-07-08Don't mask errors in createAt loop.Nicolas Lacasse
The error set in the loop in createAt was being masked by other errors declared with ":=". This allowed an ErrResolveViaReadlink error to escape, which can cause a sentry panic. Added test case which repros without the fix. PiperOrigin-RevId: 257061767
2019-07-08Don't try to execute a file that is not regular.Nicolas Lacasse
PiperOrigin-RevId: 257037608
2019-07-08ext4: disklayout: inode impl.Ayush Ranjan
PiperOrigin-RevId: 257010414
2019-07-03Avoid importing platforms from many source filesAndrei Vagin
PiperOrigin-RevId: 256494243
2019-07-03Fix syscall doc for getresgidIan Lewis
PiperOrigin-RevId: 256481284
2019-07-03futex: compare keys for equality when doing a FUTEX_UNLOCK_PI.Neel Natu
PiperOrigin-RevId: 256453827
2019-07-03netstack/udp: connect with the AF_UNSPEC address family means disconnectAndrei Vagin
PiperOrigin-RevId: 256433283
2019-07-03Merge pull request #493 from ahmetb:reticulating-splinesgVisor bot
PiperOrigin-RevId: 256319059
2019-07-02Solve BounceToKernel may hang issueYong He
BounceToKernel will make vCPU quit from guest ring3 to guest ring0, but vCPUWaiter is not cleared when we unlock the vCPU, when next time this vCPU enter guest mode ring3, vCPU may enter guest mode with vCPUWaiter bit setted, this will cause the following BounceToKernel to this vCPU hangs at waitUntilNot. Halt may workaroud this issue, because halt process will reset vCPU status into vCPUUser, and notify all waiter for vCPU state change, but if there is no exception or syscall in this period, BounceToKernel will hang at waitUntilNot. PiperOrigin-RevId: 256299660
2019-07-02Remove map from fd_map, change to fd_table.Adin Scannell
This renames FDMap to FDTable and drops the kernel.FD type, which had an entire package to itself and didn't serve much use (it was freely cast between types, and served as more of an annoyance than providing any protection.) Based on BenchmarkFDLookupAndDecRef-12, we can expect 5-10 ns per lookup operation, and 10-15 ns per concurrent lookup operation of savings. This also fixes two tangential usage issues with the FDMap. Namely, non-atomic use of NewFDFrom and associated calls to Remove (that are both racy and fail to drop the reference on the underlying file.) PiperOrigin-RevId: 256285890
2019-07-02Add documentation for remaining syscalls (fixes #197, #186)Ian Lewis
Adds support level documentation for all syscalls. Removes the Undocumented utility function to discourage usage while leaving SupportUndocumented as the default support level for Syscall structs. PiperOrigin-RevId: 256281927
2019-07-02Ext4: DiskLayout: Inode interface.Ayush Ranjan
PiperOrigin-RevId: 256234390
2019-07-02Simplify (and fix) refcounts in createAt.Nicolas Lacasse
fileOpAt holds references on the Dirents passed as arguments to the callback, and drops refs when finished, so we don't need to DecRef those Dirents ourselves However, all Dirents that we get from FindInode/FindLink must be DecRef'd. This CL cleans up the ref-counting logic, and fixes some refcount issues in the process. PiperOrigin-RevId: 256220882
2019-07-02sentry/kernel: add syslog messageAhmet Alp Balkan
It feels like "reticulating splines" is missing from the list of meaningless syslog messages. Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
2019-07-01Fix unix/transport.queue reference leaks.Ian Gudger
Fix two leaks for connectionless Unix sockets: * Double connect: Subsequent connects would leak a reference on the previously connected endpoint. * Close unconnected: Sockets which were not connected at the time of closure would leak a reference on their receiver. PiperOrigin-RevId: 256070451
2019-07-01Check remaining traversal limit when creating a file through a symlink.Nicolas Lacasse
This fixes the case when an app tries to create a file that already exists, and is a symlink to itself. A test was added. PiperOrigin-RevId: 256044811
2019-06-28Add finalizer on AtomicRefCount to check for leaks.Ian Gudger
PiperOrigin-RevId: 255711454
2019-06-28Drop ashmem and binder.Adin Scannell
These are unfortunately unused and unmaintained. They can be brought back in the future if need requires it. PiperOrigin-RevId: 255697132
2019-06-28Remove events from name_to_handle_at and open_by_handle_at.Nicolas Lacasse
These syscalls require filesystem support that gVisor does not provide, and is not planning to implement. Their absense should not trigger an event. PiperOrigin-RevId: 255692871
2019-06-28ext4: disklayout: SuperBlock interface implementations.Ayush Ranjan
PiperOrigin-RevId: 255687771
2019-06-28Automated rollback of changelist 255263686Nicolas Lacasse
PiperOrigin-RevId: 255679453
2019-06-28platform/ptrace: return more detailed errorsAndrei Vagin
Right now, if we can't create a stub process, we will see this error: panic: unable to activate mm: resource temporarily unavailable It would be better to know the root cause of this "resource temporarily unavailable". PiperOrigin-RevId: 255656831
2019-06-28Superblock interface in the disk layout package for ext4.Ayush Ranjan
PiperOrigin-RevId: 255644277
2019-06-28Fix deadloop in proc subtask listYong He
Readdir of /proc/x/task/ will get direntry entries from tasks of specified taskgroup. Now the tasks slice is unsorted, use sort.SearchInts search entry from the slice may cause infinity loops. The fix is sort the slice before search. This issue could be easily reproduced via following steps, revise Readdir in pkg/sentry/fs/proc/task.go, force set taskInts into test slice []int{1, 11, 7, 5, 10, 6, 8, 3, 9, 2, 4}, then run docker image and run ls /proc/1/task, the command will cause infinity loops.
2019-06-27Complete pipe support on overlayfsFabricio Voznika
Get/Set pipe size and ioctl support were missing from overlayfs. It required moving the pipe.Sizer interface to fs so that overlay could get access. Fixes #318 PiperOrigin-RevId: 255511125