Age | Commit message (Collapse) | Author |
|
after the SWITCH_TO_APP_PAGETABLE, the ASID is changed
to the application ASID, but there are still some
instruction before ERET, since these instruction is
not use the kernel address space, it may use the application's
TLB, which will cause fault, this patch can make sure that
after SWITCH_TO_APP_PAGETABLE sentry is still use kernel
address space which is mapped as Global.
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
Originally, we avoided partial writes in case it caused us to write a partial
packet to a socket-backed specialFileFD. However, this check causes splicing
from a pipe to specialFileFD to fail if we hit EOF on the pipe.
PiperOrigin-RevId: 333016216
|
|
Updates #1193.
PiperOrigin-RevId: 332939026
|
|
PiperOrigin-RevId: 332760843
|
|
PiperOrigin-RevId: 332548335
|
|
Updates #1199
PiperOrigin-RevId: 332539197
|
|
This is more consistent with Linux (see comment on MM.NewSharedAnonMappable()).
We don't do the same thing on VFS1 for reasons documented by the updated
comment.
PiperOrigin-RevId: 332514849
|
|
|
|
PiperOrigin-RevId: 332486383
|
|
PiperOrigin-RevId: 332486111
|
|
TCP needs to enqueue any send requests arriving when the connection is in
SYN_SENT state. The data should be sent out soon after completion of the
connection handshake.
Fixes #3995
PiperOrigin-RevId: 332482041
|
|
Linux defines this struct as:
struct sched_param {
int priority;
}
... in include/linux/sched.h.
PiperOrigin-RevId: 332473133
|
|
Extract parsing utilities so they can be used by the sniffer.
Fixes #3930
PiperOrigin-RevId: 332401880
|
|
This fixes a use-after-free in fuse.DeviceFD.Release.
PiperOrigin-RevId: 332394146
|
|
IPv6 tests will be added in another CL along with ip6tables.
PiperOrigin-RevId: 332389102
|
|
`ip6tables -t filter` is now usable. NAT support will come in a future CL.
#3549
PiperOrigin-RevId: 332381801
|
|
SO_LINGER is a socket level option and should be stored on all endpoints even
though it is used to linger only for TCP endpoints.
PiperOrigin-RevId: 332369252
|
|
Docker does not have IPv6 port forwarding as tracked by the following issue:
https://github.com/moby/moby/issues/11518
So when running bazel itself inside a docker container, we can not use the host
port bindings to communicate with sockets inside the container. This was causing
integration tests and image tests to fail when run through our Makefile targets.
PiperOrigin-RevId: 332355051
|
|
This constant is used to represent int32 stored in file xattrs. The
integers are stored as strings there, so the real size should be the
string size (number of digits) instead of an int size (4 bytes).
PiperOrigin-RevId: 332353217
|
|
PiperOrigin-RevId: 332340342
|
|
This change includes overlay, special regular gofer files, and hostfs.
Fixes #3589.
PiperOrigin-RevId: 332330860
|
|
PiperOrigin-RevId: 332328860
|
|
This is required to make tcpdump work. tcpdump falls back to not using things
like PACKET_RX_RING if setsockopt returns ENOPROTOOPT. This used to be the case
before https://github.com/google/gvisor/commit/6f8fb7e0db2790ff1f5ba835780c03fe245e437f.
Fixes #3981
PiperOrigin-RevId: 332326517
|
|
|
|
As noticed by @ayushr2, the "implements" comments are not
consistent, e.g.
// IterDirents implements kernfs.inodeDynamicLookup.
// Generate implements vfs.DynamicBytesSource.Generate.
This patch improves this by making the comments like this
consistently include the package name (when the interface
and struct are not in the same package) and method name.
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
|
|
PiperOrigin-RevId: 332122081
|
|
OpenAt() for verity fs is implemented by opening both the target file or
directory and the corresponding Merkle tree file in the underlying file
system. Generally they are only open for read. In allowRuntimeEnable
mode, the Merkle tree file is also open for write.
PiperOrigin-RevId: 332116423
|
|
PiperOrigin-RevId: 332097286
|
|
The lifetime of addreses in a loopback interface's associated subnets
should be bound to their respective permanent addresses.
This change also fixes a race when the stack attempts to get an IPv4
rereferencedNetworkEndpoint for an address in an associated subnet on
a loopback interface. Before this change, the stack would only check
if an IPv4 address is contained in an associated subnet while holding
a read lock but wouldn't do this same check after releasing the read
lock for a write lock to create a temporary address. This may cause
the stack to bind the lifetime of the address to a new (temporary)
endpoint instead of the associated subnet's permanent address.
Test: integration_test.TestLoopbackSubnetLifetimeBoundToAddr
PiperOrigin-RevId: 332094719
|
|
PRead is implemented by read from the underlying file in blocks, and
verify each block. The verified contents are saved into the output
buffer.
PiperOrigin-RevId: 332092267
|
|
Neither POSIX.1 nor Linux defines an upperbound for errno.
PiperOrigin-RevId: 332085017
|
|
PiperOrigin-RevId: 332069743
|
|
fix #3956
|
|
fix #3963
|
|
|
|
|
|
copylocks: directory.go:34:7: Allocate passes lock by value:
fuse/fuse.directoryFD contains fuse/fuse.fileDescription contains
pkg/sentry/vfs/vfs.FileDescription contains pkg/sync/sync.Mutex
|
|
readdir_test.cc:134:24: error: variable length arrays are a C99 feature [-Werror,-Wvla-extension]
char readdir_payload[readdir_payload_size];
|
|
test/fuse/benchmark/read_benchmark.cc:34: Failure
Expected: (fuse_prefix) != (nullptr), actual: NULL vs (nullptr)
external/com_google_benchmark/src/benchmark_runner.cc:120: RunInThread:
Check `st.iterations() >= st.max_iterations' failed. Benchmark returned
before State::KeepRunning() returned false!
--- FAIL: Benchmarks_BM_Read/262144/real_time (0.29s)
runner.go:502: test "Benchmarks.BM_Read/262144/real_time" failed
with error exit status 134, want nil
FAIL
|
|
|
|
|
|
When a broadcast packet is received by the stack, the packet should be
delivered to each endpoint that may be interested in the packet. This
includes all any address and specified broadcast address listeners.
Test: integration_test.TestReuseAddrAndBroadcast
PiperOrigin-RevId: 332060652
|
|
|
|
|
|
|
|
Fixes #3696
|
|
|
|
This change implements Release for the FUSE filesystem
and expected behaviors of the FUSE devices.
It includes several checks for aborted connection
in the path for making a request and a function
to abort all the ongoing FUSE requests in order.
|
|
This commit fixes the potential unexpected errors
of original handling of FUSE_RELEASE responses while
keep the same behavior (ignoring any reply).
|
|
This change adds bookkeeping variables for the
FUSE request. With them, old insecure confusing
code we used to process async requests is replaced
by new clear compiling ones. Future code can take
advantage of them to have better control of each
requests.
|