summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-11-06Merge release-20201030.0-34-g8c0701462 (automated)gVisor bot
2020-11-05Use stack.Route exclusively for writing packetsGhanan Gowripalan
* Remove stack.Route from incoming packet path. There is no need to pass around a stack.Route during the incoming path of a packet. Instead, pass around the packet's link/network layer information in the packet buffer since all layers may need this information. * Support address bound and outgoing packet NIC in routes. When forwarding is enabled, the source address of a packet may be bound to a different interface than the outgoing interface. This change updates stack.Route to hold both NICs so that one can be used to write packets while the other is used to check if the route's bound address is valid. Note, we need to hold the address's interface so we can check if the address is a spoofed address. * Introduce the concept of a local route. Local routes are routes where the packet never needs to leave the stack; the destination is stack-local. We can now route between interfaces within a stack if the packet never needs to leave the stack, even when forwarding is disabled. * Always obtain a route from the stack before sending a packet. If a packet needs to be sent in response to an incoming packet, a route must be obtained from the stack to ensure the stack is configured to send packets to the packet's source from the packet's destination. * Enable spoofing if a stack may send packets from unowned addresses. This change required changes to some netgophers since previously, promiscuous mode was enough to let the netstack respond to all incoming packets regardless of the packet's destination address. Now that a stack.Route is not held for each incoming packet, finding a route may fail with local addresses we don't own but accepted packets for while in promiscuous mode. Since we also want to be able to send from any address (in response the received promiscuous mode packets), we need to enable spoofing. * Skip transport layer checksum checks for locally generated packets. If a packet is locally generated, the stack can safely assume that no errors were introduced while being locally routed since the packet is never sent out the wire. Some bugs fixed: - transport layer checksum was never calculated after NAT. - handleLocal didn't handle routing across interfaces. - stack didn't support forwarding across interfaces. - always consult the routing table before creating an endpoint. Updates #4688 Fixes #3906 PiperOrigin-RevId: 340943442
2020-11-05Merge release-20201030.0-29-g771e9ce8e (automated)gVisor bot
2020-11-04Unlock tcp endpoint mutex before blocking forever.Dean Deng
This was occasionally causing tests to get stuck due to races with the save process, during which the same mutex is acquired. PiperOrigin-RevId: 340789616
2020-11-04Include file size in Merkle hashChong Cai
The file size can now also be verified. Also, since we are zero-padding the last block of the data, we cannot differentiate the cases between zero-padded block from the blocks that are ends with zeroes. With the size included this can be addressed, as those cases would have different file size. PiperOrigin-RevId: 340695510
2020-11-03Merge release-20201027.0-63-g1cfa8d58f (automated)gVisor bot
2020-11-03Fix more nogo testsTing-Yu Wang
PiperOrigin-RevId: 340536306
2020-11-03Merge release-20201027.0-62-g580bbb749 (automated)gVisor bot
2020-11-03[vfs2] Do not drop inotify waiters across S/R.Dean Deng
The waits-for relationship between an epoll instance and an inotify fd should be restored. This fixes flaky inotify vfs2 tests. PiperOrigin-RevId: 340531367
2020-11-03Merge release-20201027.0-61-g723464ec5 (automated)gVisor bot
2020-11-03Make pipe min/max sizes match linux.Nicolas Lacasse
The default pipe size already matched linux, and is unchanged. Furthermore `atomicIOBytes` is made a proper constant (as it is in Linux). We were plumbing usermem.PageSize everywhere, so this is no functional change. PiperOrigin-RevId: 340497006
2020-11-03Merge release-20201027.0-60-g861c11bfa (automated)gVisor bot
2020-11-03Merge pull request #3617 from laijs:upperhalfgVisor bot
PiperOrigin-RevId: 340484823
2020-11-03Merge release-20201027.0-58-g66d24bb69 (automated)gVisor bot
2020-11-03Release mutex before blocking during TCP handshake route resolution.Dean Deng
Without releasing the mutex, operations on the endpoint following a nonblocking connect will not make progress until connect is complete. PiperOrigin-RevId: 340467654
2020-11-03Merge release-20201027.0-57-g0e96f8065 (automated)gVisor bot
2020-11-03arm64 kvm: inject sError to trigger sigbuslubinszARM
Use an sErr injection to trigger sigbus when we receive EFAULT from the run ioctl. After applying this patch, mmap_test_runsc_kvm will be passed on Arm64. Signed-off-by: Bin Lu <bin.lu@arm.com> COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/4542 from lubinszARM:pr_kvm_mmap_1 f81bd42466d1d60a581e5fb34de18b78878c68c1 PiperOrigin-RevId: 340461239
2020-11-03Merge release-20201027.0-56-g1a3f417f4 (automated)gVisor bot
2020-11-02Implement command GETZCNT for semctl.Jing Chen
PiperOrigin-RevId: 340389884
2020-11-03Merge release-20201027.0-55-g1321f837b (automated)gVisor bot
2020-11-02[vfs2] Refactor kernfs checkCreateLocked.Dean Deng
Don't return the filename, since it can already be determined by the caller. This was causing a panic in RenameAt, which relied on the name to be nonempty even if the error was EEXIST. Reported-by: syzbot+e9f117d000301e42361f@syzkaller.appspotmail.com PiperOrigin-RevId: 340381946
2020-11-03Merge release-20201027.0-54-gc22067d3d (automated)gVisor bot
2020-11-02Send NUD probes in a separate gorountineSam Balana
Send NUD probes in another gorountine to free the thread of execution for finishing the state transition. This is necessary to avoid deadlock where sending and processing probes are done in the same call stack, such as loopback and integration tests. Fixes #4701 PiperOrigin-RevId: 340362481
2020-11-03Merge release-20201027.0-53-g51b062f6c (automated)gVisor bot
2020-11-02Skip log.Sprintfs when leak check logging is not enabled.Dean Deng
PiperOrigin-RevId: 340361998
2020-11-02Pass hashing algorithms in verity fs optsChong Cai
PiperOrigin-RevId: 340275942
2020-11-02Merge release-20201027.0-50-g2eb3ee586 (automated)gVisor bot
2020-11-02Automated rollback of changelist 339945377Dean Deng
PiperOrigin-RevId: 340274194
2020-11-03kvm: share upper halves among all pagtablesLai Jiangshan
Fixes: #509 Signed-off-by: Lai Jiangshan <jiangshan.ljs@antfin.com> Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
2020-11-02Merge release-20201019.0-116-g5e606844d (automated)gVisor bot
2020-11-01Fix returned error when deleting non-existant addressIan Lewis
PiperOrigin-RevId: 340149214
2020-10-31Merge release-20201019.0-115-gdf88f223b (automated)gVisor bot
2020-10-31net/tcpip: connect to unset loopback address has to return EADDRNOTAVAILAndrei Vagin
In the docker container, the ipv6 loopback address is not set, and connect("::1") has to return ENEADDRNOTAVAIL in this case. Without this fix, it returns EHOSTUNREACH. PiperOrigin-RevId: 340002915
2020-10-31Merge release-20201019.0-114-g4eb1c87e8 (automated)gVisor bot
2020-10-30Adjust error handling in kernfs rename.Dean Deng
Read-only directories (e.g. under /sys, /proc) should return EPERM for rename. PiperOrigin-RevId: 339979022
2020-10-31Merge release-20201019.0-113-g1f25697cf (automated)gVisor bot
2020-10-30Fix rename error handling for VFS2 kernfs.Dean Deng
The non-errno error was causing panics before. PiperOrigin-RevId: 339969348
2020-10-30Merge release-20201019.0-112-gba05c6845 (automated)gVisor bot
2020-10-30Automated rollback of changelist 339750876Dean Deng
PiperOrigin-RevId: 339945377
2020-10-30Merge release-20201019.0-111-g9ad864628 (automated)gVisor bot
2020-10-30Separate kernel.Task.AsCopyContext() into CopyContext() and OwnCopyContext().Jamie Liu
kernel.copyContext{t} cannot be used outside of t's task goroutine, for three reasons: - t.CopyScratchBuffer() is task-goroutine-local. - Calling t.MemoryManager() without running on t's task goroutine or locking t.mu violates t.MemoryManager()'s preconditions. - kernel.copyContext passes t as context.Context to MM IO methods, which is illegal outside of t's task goroutine (cf. kernel.Task.Value()). Fix this by splitting AsCopyContext() into CopyContext() (which takes an explicit context.Context and is usable outside of the task goroutine) and OwnCopyContext() (which uses t as context.Context, but is only usable by t's task goroutine). PiperOrigin-RevId: 339933809
2020-10-30Merge release-20201019.0-110-gc94bf137d (automated)gVisor bot
2020-10-30Merge pull request #4564 from zhlhahaha:1981gVisor bot
PiperOrigin-RevId: 339921446
2020-10-29Merge release-20201019.0-104-ga86f988a8 (automated)gVisor bot
2020-10-29Automated rollback of changelist 339675182Dean Deng
PiperOrigin-RevId: 339750876
2020-10-29Merge release-20201019.0-103-g181fea0b5 (automated)gVisor bot
2020-10-29Make RedirectTarget thread safeKevin Krakauer
Fixes #4613. PiperOrigin-RevId: 339746784
2020-10-29Merge release-20201019.0-102-gb9f18fe2f (automated)gVisor bot
2020-10-29Fix TCP wildcard bind failure when netstack is v6 onlyTing-Yu Wang
TCP endpoint unconditionly binds to v4 even when the stack only supports v6. PiperOrigin-RevId: 339739392
2020-10-29Merge release-20201019.0-101-g02fe467b4 (automated)gVisor bot