summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2021-07-02Merge release-20210628.0-22-gfcf0ff2fc (automated)gVisor bot
2021-07-02Merge pull request #6258 from liornm:fix-iptables-input-interfacegVisor bot
PiperOrigin-RevId: 382788878
2021-07-02Merge release-20210628.0-20-ga51a4b872 (automated)gVisor bot
2021-07-02Discover more specific routes as per RFC 4191Ghanan Gowripalan
More-specific route discovery allows hosts to pick a more appropriate router for off-link destinations. Fixes #6172. PiperOrigin-RevId: 382779880
2021-07-01Merge release-20210628.0-19-g16b751b6c (automated)gVisor bot
2021-07-01Mix checklocks and atomic analyzers.Adin Scannell
This change makes the checklocks analyzer considerable more powerful, adding: * The ability to traverse complex structures, e.g. to have multiple nested fields as part of the annotation. * The ability to resolve simple anonymous functions and closures, and perform lock analysis across these invocations. This does not apply to closures that are passed elsewhere, since it is not possible to know the context in which they might be invoked. * The ability to annotate return values in addition to receivers and other parameters, with the same complex structures noted above. * Ignoring locking semantics for "fresh" objects, i.e. objects that are allocated in the local frame (typically a new-style function). * Sanity checking of locking state across block transitions and returns, to ensure that no unexpected locks are held. Note that initially, most of these findings are excluded by a comprehensive nogo.yaml. The findings that are included are fundamental lock violations. The changes here should be relatively low risk, minor refactorings to either include necessary annotations to simplify the code structure (in general removing closures in favor of methods) so that the analyzer can be easily track the lock state. This change additional includes two changes to nogo itself: * Sanity checking of all types to ensure that the binary and ast-derived types have a consistent objectpath, to prevent the bug above from occurring silently (and causing much confusion). This also requires a trick in order to ensure that serialized facts are consumable downstream. This can be removed with https://go-review.googlesource.com/c/tools/+/331789 merged. * A minor refactoring to isolation the objdump settings in its own package. This was originally used to implement the sanity check above, but this information is now being passed another way. The minor refactor is preserved however, since it cleans up the code slightly and is minimal risk. PiperOrigin-RevId: 382613300
2021-07-01Merge release-20210628.0-18-g570ca5718 (automated)gVisor bot
2021-07-01Fix bug with TCP bind w/ SO_REUSEADDR.Bhasker Hariharan
In gVisor today its possible that when trying to bind a TCP socket w/ SO_REUSEADDR specified and requesting the kernel pick a port by setting port to zero can result in a previously bound port being returned. This behaviour is incorrect as the user is clearly requesting a free port. The behaviour is fine when the user explicity specifies a port. This change now checks if the user specified a port when making a port reservation for a TCP port and only returns unbound ports even if SO_REUSEADDR was specified. Fixes #6209 PiperOrigin-RevId: 382607638
2021-07-01Merge release-20210628.0-17-g3d4a8824f (automated)gVisor bot
2021-07-01Strace: handle null pathsFabricio Voznika
PiperOrigin-RevId: 382603592
2021-07-01Merge release-20210628.0-16-g590b8d3e9 (automated)gVisor bot
2021-07-01[syserror] Update several syserror errors to linuxerr equivalents.Zach Koopmans
Update/remove most syserror errors to linuxerr equivalents. For list of removed errors, see //pkg/syserror/syserror.go. PiperOrigin-RevId: 382574582
2021-07-01Merge release-20210628.0-15-g07ffecef8 (automated)gVisor bot
2021-06-30Implement fmt.Stringer for NDPRoutePreferenceGhanan Gowripalan
PiperOrigin-RevId: 382427879
2021-06-30Merge release-20210628.0-14-g6ef268409 (automated)gVisor bot
2021-06-30[syserror] Update syserror to linuxerr for EACCES, EBADF, and EPERM.Zach Koopmans
Update all instances of the above errors to the faster linuxerr implementation. With the temporary linuxerr.Equals(), no logical changes are made. PiperOrigin-RevId: 382306655
2021-06-30Merge release-20210628.0-13-g66a79461a (automated)gVisor bot
2021-06-29Support parsing NDP Route Information optionGhanan Gowripalan
This change prepares for a later change which supports the NDP Route Information option to discover more-specific routes, as per RFC 4191. Updates #6172. PiperOrigin-RevId: 382225812
2021-06-30Merge release-20210628.0-12-g3e5a6981d (automated)gVisor bot
2021-06-29Merge pull request #6085 from liornm:fix-tun-no_pigVisor bot
PiperOrigin-RevId: 382202462
2021-06-30Merge release-20210628.0-10-g57095bd3b (automated)gVisor bot
2021-06-29Sort children map before hashChong Cai
The unordered map may generate different hash due to its order. The children map needs to be sorted each time before hashing to avoid false verification failure due to the map. Store the sorted children map in verity dentry to avoid sorting it each time verification happens. Also serialize the whole VerityDescriptor struct to hash now that the map is removed from it. PiperOrigin-RevId: 382201560
2021-06-30Merge release-20210628.0-9-g90dbb4b0c (automated)gVisor bot
2021-06-29Add SIOCGIFFLAGS ioctl support to hostinet.Lucas Manning
PiperOrigin-RevId: 382194711
2021-06-29Merge release-20210628.0-8-g54b71221c (automated)gVisor bot
2021-06-29[syserror] Change syserror to linuxerr for E2BIG, EADDRINUSE, and EINVALZach Koopmans
Remove three syserror entries duplicated in linuxerr. Because of the linuxerr.Equals method, this is a mere change of return values from syserror to linuxerr definitions. Done with only these three errnos as CLs removing all grow to a significantly large size. PiperOrigin-RevId: 382173835
2021-06-29Merge release-20210628.0-7-gd205926f2 (automated)gVisor bot
2021-06-29Delete PID files right after they are readFabricio Voznika
The PID files are not used after they are read, so there is no point in keeping them around until the shim is deleted. Updates #6225 PiperOrigin-RevId: 382169916
2021-06-29Merge release-20210622.0-31-g5f2b3728f (automated)gVisor bot
2021-06-29Redirect all calls from `errdefs.ToGRPC` to `utils.ErrToGRPC`Fabricio Voznika
This is to ensure that Go 1.13 error wrapping is correctly translated to gRPC errors before returning from the shim. Updates #6225 PiperOrigin-RevId: 382120441
2021-06-29Fix iptables List entries Input interface fieldliornm
In Linux the list entries command returns the name of the input interface assigned to the iptable rule. iptables -S > -A FORWARD -i docker0 -o docker0 -j ACCEPT Meanwhile, in gVsior this interface name is ignored. iptables -S > -A FORWARD -o docker0 -j ACCEPT
2021-06-29Fix TUN IFF_NO_PI bugliornm
When TUN is created with IFF_NO_PI flag, there will be no Ethernet header and no packet info, therefore, both read and write will fail. This commit fix this bug.
2021-06-29Merge release-20210622.0-30-g5b2afd24a (automated)gVisor bot
2021-06-28Allow VFS2 gofer client to mmap from sentry page cache when forced.Jamie Liu
PiperOrigin-RevId: 381982257
2021-06-28netstack: deflake TestSynRcvdBadSeqNumberKevin Krakauer
There was a race wherein Accept() could fail, then the handshake would complete, and then a waiter would be created to listen for the handshake. In such cases, no notification was ever sent and the test timed out. PiperOrigin-RevId: 381913041
2021-06-25Merge release-20210614.0-34-ge5526f4f2 (automated)gVisor bot
2021-06-25Merge pull request #6222 from avagin:stopgVisor bot
PiperOrigin-RevId: 381561785
2021-06-25Merge release-20210614.0-32-gf00077e8d (automated)gVisor bot
2021-06-25Remove sndQueue as its pointless now.Bhasker Hariharan
sndQueue made sense when the worker goroutine and the syscall context held different locks. Now both lock the endpoint lock before doing anything which means adding to sndQueue is pointless as we move it to writeList immediately after that in endpoint.Write() by calling e.drainSendQueue. PiperOrigin-RevId: 381523177
2021-06-25Merge release-20210614.0-29-g1f113b96e (automated)gVisor bot
2021-06-24Incrementally update checksum when NAT-ingGhanan Gowripalan
...instead of calculating a fresh checksum to avoid re-calcalculating a checksum on unchanged bytes. Fixes #5340. PiperOrigin-RevId: 381403888
2021-06-24Refactor default router state to off-link route stateGhanan Gowripalan
This change prepares for a later change which supports the NDP Route Information option to discover more-specific routes, as per RFC 4191. The newly introduced off-link route state will be used to hold both the state for default routers (which is a default (off-link) route through the router, and more-specific routes (which are routes through some router to some destination subnet more specific than the IPv6 empty subnet). Updates #6172. PiperOrigin-RevId: 381403761
2021-06-25Merge release-20210614.0-27-gccd2d607e (automated)gVisor bot
2021-06-24Internal change.Jamie Liu
PiperOrigin-RevId: 381375705
2021-06-25Merge release-20210614.0-25-g3e46b660b (automated)gVisor bot
2021-06-24Delete sentry metrics /watchdog/{stuck_startup_detected, stuck_tasks_detected}Nayana Bidari
- These metrics are replaced with WeirdnessMetric with fields watchdog_stuck_startup and watchdog_stuck_tasks. PiperOrigin-RevId: 381365617
2021-06-24Merge release-20210614.0-24-g2e6195ffe (automated)gVisor bot
2021-06-24CreateProcessGroup has to check whether a target process stil exists or notAndrei Vagin
A caller of CreateProcessGroup looks up a thread group without locks, so the target process can exit before CreateProcessGroup will be called. Reported-by: syzbot+6abb7c34663dacbd55a8@syzkaller.appspotmail.com PiperOrigin-RevId: 381351069
2021-06-24Merge release-20210614.0-23-gfdf7c4903 (automated)gVisor bot
2021-06-24Merge pull request #6228 from ↵gVisor bot
puppetlabs:fix-shim-pid-leaking-on-stopped-processes PiperOrigin-RevId: 381341920