summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-01-31iptables: enable TCP matching with "-m tcp".Kevin Krakauer
A couple other things that changed: - There's a proper extension registration system for matchers. Anyone adding another matcher can use tcp_matcher.go or udp_matcher.go as a template. - All logging and use of syserr.Error in the netfilter package happens at the highest possible level (public functions). Lower-level functions just return normal, descriptive golang errors.
2020-01-31Internal change.gVisor bot
PiperOrigin-RevId: 292587459
2020-01-30Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-30Merge pull request #1288 from lubinszARM:pr_ring0_6gVisor bot
PiperOrigin-RevId: 292369598
2020-01-30Enforce splice offset limitsMichael Pratt
Splice must not allow negative offsets. Writes also must not allow offset + size to overflow int64. Reads are similarly broken, but not just in splice (b/148095030). Reported-by: syzbot+0e1ff0b95fb2859b4190@syzkaller.appspotmail.com PiperOrigin-RevId: 292361208
2020-01-29Add support for TCP_DEFER_ACCEPT.Bhasker Hariharan
PiperOrigin-RevId: 292233574
2020-01-29Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-29Add plumbing for file locks in VFS2.Dean Deng
Updates #1480 PiperOrigin-RevId: 292180192
2020-01-29sentry: rename SetRSEQInterruptedIP to SetOldRSeqInterruptedIP for arm64Andrei Vagin
For amd64, this has been done on cl/288342928. PiperOrigin-RevId: 292170856
2020-01-29Add //pkg/sentry/devices/memdev.Jamie Liu
PiperOrigin-RevId: 292165063
2020-01-29supporting sError in guest kernel on Arm64Bin Lu
For test case 'TestBounce', we use KVM_SET_VCPU_EVENTS to trigger sError to leave guest. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-01-28Prevent arbitrary size allocation when sending UDS messages.Dean Deng
Currently, Send() will copy data into a new byte slice without regard to the original size. Size checks should be performed before the allocation takes place. Note that for the sake of performance, we avoid putting the buffer allocation into the critical section. As a result, the size checks need to be performed again within Enqueue() in case the limit has changed. PiperOrigin-RevId: 292058147
2020-01-28Add support for WritableSource in DynamicBytesFileDescriptionImplFabricio Voznika
WritableSource is a convenience interface used for files that can be written to, e.g. /proc/net/ipv4/tpc_sack. It reads max of 4KB and only from offset 0 which should cover most cases. It can be extended as neeed. Updates #1195 PiperOrigin-RevId: 292056924
2020-01-28Changes missing in last submitFabricio Voznika
Updates #1487 Updates #1623 PiperOrigin-RevId: 292040835
2020-01-28Add vfs.FileDescription to FD tableFabricio Voznika
FD table now holds both VFS1 and VFS2 types and uses the correct one based on what's set. Parts of this CL are just initial changes (e.g. sys_read.go, runsc/main.go) to serve as a template for the remaining changes. Updates #1487 Updates #1623 PiperOrigin-RevId: 292023223
2020-01-28Add //pkg/sentry/fsimpl/devtmpfs.Jamie Liu
PiperOrigin-RevId: 292021389
2020-01-28fs/splice: don't report partial errors for special filesAndrei Vagin
Special files can have additional requirements for granularity. For example, read from eventfd returns EINVAL if a size is less 8 bytes. Reported-by: syzbot+3905f5493bec08eb7b02@syzkaller.appspotmail.com PiperOrigin-RevId: 292002926
2020-01-28Add VFS2 support for epoll.Jamie Liu
PiperOrigin-RevId: 291997879
2020-01-28netlink: add support for RTM_F_LOOKUP_TABLEJianfeng Tan
Test command: $ ip route get 1.1.1.1 Fixes: #1099 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/1121 from tanjianfeng:fix-1099 e6919f3d4ede5aa51a48b3d2be0d7a4b482dd53d PiperOrigin-RevId: 291990716
2020-01-28Implement an anon_inode equivalent for VFS2.Jamie Liu
PiperOrigin-RevId: 291986033
2020-01-28Check sigsetsize in rt_sigactionMichael Pratt
This isn't in the libc wrapper, but it is in the syscall itself. Discovered by @xiaobo55x in #1625. PiperOrigin-RevId: 291973931
2020-01-27Address GH comments.Kevin Krakauer
2020-01-27Merge pull request #1561 from zhangningdlut:chris_ttygVisor bot
PiperOrigin-RevId: 291821850
2020-01-27Update package locations.Adin Scannell
Because the abi will depend on the core types for marshalling (usermem, context, safemem, safecopy), these need to be flattened from the sentry directory. These packages contain no sentry-specific details. PiperOrigin-RevId: 291811289
2020-01-27Fix licenses.Adin Scannell
The preferred Copyright holder is "The gVisor Authors". PiperOrigin-RevId: 291786657
2020-01-27Update bug number for supporting extended attribute namespaces.Dean Deng
PiperOrigin-RevId: 291774815
2020-01-27Cleanup for GH review.Kevin Krakauer
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-27Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-24We can now actually write out the udp matcher.Kevin Krakauer
2020-01-24Add support for device special files to VFS2 tmpfs.Jamie Liu
PiperOrigin-RevId: 291471892
2020-01-24Add anonymous device number allocation to VFS2.Jamie Liu
Note that in VFS2, filesystem device numbers are per-vfs.FilesystemImpl rather than global, avoiding the need for a "registry" type to handle save/restore. (This is more consistent with Linux anyway: compare e.g. mm/shmem.c:shmem_mount() => fs/super.c:mount_nodev() => (indirectly) set_anon_super().) PiperOrigin-RevId: 291425193
2020-01-24Ignore external SIGURGMichael Pratt
Go 1.14+ sends SIGURG to Ms to attempt asynchronous preemption of a G. Since it can't guarantee that a SIGURG is only related to preemption, it continues to forward them to signal.Notify (see runtime.sighandler). We should ignore these signals, as applications shouldn't receive them. Note that this means that truly external SIGURG can no longer be sent to the application (as with SIGCHLD). PiperOrigin-RevId: 291415357
2020-01-24Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-23Remove epoll entry from map when dropping it.Nicolas Lacasse
This pattern (delete from map when dropping) is also used in epoll.RemoveEntry, and seems like generally a good idea. PiperOrigin-RevId: 291268208
2020-01-23Merge pull request #1617 from kevinGC:iptables-write-filter-protogVisor bot
PiperOrigin-RevId: 291249314
2020-01-23Check for EINTR from KVM_CREATE_VMMichael Pratt
The kernel may return EINTR from: kvm_create_vm kvm_init_mmu_notifier mmu_notifier_register do_mmu_notifier_register mm_take_all_locks Go 1.14's preemptive scheduling signals make hitting this much more likely. PiperOrigin-RevId: 291212669
2020-01-22De-duplicate common test functionality for VFS2 filesystems.Rahat Mahmood
PiperOrigin-RevId: 291041576
2020-01-22Error marshalling the matcher.Kevin Krakauer
The iptables binary is looking for libxt_.so when it should be looking for libxt_udp.so, so it's having an issue reading the data in xt_match_entry. I think it may be an alignment issue. Trying to fix this is leading to me fighting with the metadata struct, so I'm gonna go kill that.
2020-01-22Move VFS2 handling of FD readability/writability to vfs.FileDescription.Jamie Liu
PiperOrigin-RevId: 291006713
2020-01-21Rename DowngradableRWMutex to RWmutex.Ian Gudger
Also renames TMutex to Mutex. These custom mutexes aren't any worse than the standard library versions (same code), so having both seems redundant. PiperOrigin-RevId: 290873587
2020-01-21Merge pull request #1609 from xiaobo55x:unamegVisor bot
PiperOrigin-RevId: 290849438
2020-01-21Adding serialization.Kevin Krakauer
2020-01-21Merge pull request #1275 from lubinszARM:pr_ring0_5gVisor bot
PiperOrigin-RevId: 290839263
2020-01-21Add a new TCP stat for current open connections.Mithun Iyer
Such a stat accounts for all connections that are currently established and not yet transitioned to close state. Also fix bug in double increment of CurrentEstablished stat. Fixes #1579 PiperOrigin-RevId: 290827365
2020-01-21Implement sysfs.Rahat Mahmood
PiperOrigin-RevId: 290822487
2020-01-21Removed TCP work (saved in ipt-tcp-match).Kevin Krakauer
2020-01-21Add UDP matchers.Kevin Krakauer
2020-01-21Merge pull request #1274 from lubinszARM:pr_ring0_4gVisor bot
PiperOrigin-RevId: 290811598
2020-01-21More little fixes.Kevin Krakauer