summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-11-13Merge release-20201030.0-74-g1a972411b (automated)gVisor bot
2020-11-12Move packet handling to NetworkEndpointGhanan Gowripalan
The NIC should not hold network-layer state or logic - network packet handling/forwarding should be performed at the network layer instead of the NIC. Fixes #4688 PiperOrigin-RevId: 342166985
2020-11-13Merge release-20201030.0-73-gae7ab0a33 (automated)gVisor bot
2020-11-12Filter dentries with non-zero refs in VFS2 gofer/overlay checks.Jamie Liu
PiperOrigin-RevId: 342161204
2020-11-12Refactor merkletree testsChong Cai
Separate the test cases from TestVerify so that the test names reflect the test case better. PiperOrigin-RevId: 342152754
2020-11-12Merge release-20201030.0-70-gac62743e3 (automated)gVisor bot
2020-11-11Read fsimpl/tmpfs timestamps atomically.Jamie Liu
PiperOrigin-RevId: 341982672
2020-11-11Add documentation for reference counting.Dean Deng
Fixes #1486. PiperOrigin-RevId: 341966640
2020-11-11Merge release-20201030.0-68-g9c4102896 (automated)gVisor bot
2020-11-11Teach netstack how to add options to IPv4 packetsJulian Elischer
Most packets don't have options but they are an integral part of the standard. Teaching the ipv4 code how to handle them will simplify future testing and use. Because Options are so rare it is worth making sure that the extra work is kept out of the fast path as much as possible. Prior to this change, all usages of the IHL field of the IPv4Fields/Encode system set it to the same constant value except in a couple of tests for bad values. From this change IHL will not be a constant as it will depend on the size of any Options. Since ipv4.Encode() now handles the options it becomes a possible source of errors to let the callers set this value, so remove it entirely and calculate the value from the size of the Options if present (or not) therefore guaranteeing a correct value. Fixes #4709 RELNOTES: n/a PiperOrigin-RevId: 341864765
2020-11-10Add logging to internal gvisor when checking for kcov.Dean Deng
May help with debugging https://syzkaller.appspot.com/bug?id=0d717bd7028dceeb4b38f09aab2841c398b41d81 PiperOrigin-RevId: 341640485
2020-11-09Merge release-20201030.0-60-g199fcd0fe (automated)gVisor bot
2020-11-09Skip `EventHUp` notify in `FIN_WAIT2` on a socket close.Mithun Iyer
This Notify was added as part of cl/279106406; but notifying `EventHUp` in `FIN_WAIT2` is incorrect, as we want to only notify later on `TIME_WAIT` or a reset. However, we do need to notify any blocked waiters of an activity on the endpoint with `EventIn`|`EventOut`. PiperOrigin-RevId: 341490913
2020-11-09Merge release-20201030.0-59-g2fcca60a7 (automated)gVisor bot
2020-11-09net: connect to the ipv4 localhost returns ENETUNREACH if the address isn't setAndrei Vagin
cl/340002915 modified the code to return EADDRNOTAVAIL if connect is called for a localhost address which isn't set. But actually, Linux returns EADDRNOTAVAIL for ipv6 addresses and ENETUNREACH for ipv4 addresses. Updates #4735 PiperOrigin-RevId: 341479129
2020-11-09Merge release-20201030.0-57-gcbca5b2ed (automated)gVisor bot
2020-11-09Print a debug message if /sys/kernel/debug/kcov is availableAndrei Vagin
This will help to debug: https://syzkaller.appspot.com/bug?id=0d717bd7028dceeb4b38f09aab2841c398b41d81 PiperOrigin-RevId: 341458715
2020-11-09Merge release-20201030.0-56-gd4e0b829e (automated)gVisor bot
2020-11-09Merge pull request #4683 from lemin9538:lemin_fpsmid_fixgVisor bot
PiperOrigin-RevId: 341445910
2020-11-09Merge release-20201030.0-53-g0fb5353e4 (automated)gVisor bot
2020-11-09Initialize references with a value of 1.Dean Deng
This lets us avoid treating a value of 0 as one reference. All references using the refsvfs2 template must call InitRefs() before the reference is incremented/decremented, or else a panic will occur. Therefore, it should be pretty easy to identify missing InitRef calls during testing. Updates #1486. PiperOrigin-RevId: 341411151
2020-11-07Merge release-20201030.0-52-g78cce3a46 (automated)gVisor bot
2020-11-06Allow VFS2 gofer.dentries to have separate read and write FDs.Jamie Liu
This is necessary to allow writes to files opened with O_WRONLY to go through host FDs. PiperOrigin-RevId: 341174509
2020-11-07Merge release-20201030.0-48-gfe9442d32 (automated)gVisor bot
2020-11-06[vfs] Return EEXIST when file already exists and rp.MustBeDir() is true.Ayush Ranjan
This is consistent with what Linux does. This was causing a PHP runtime test failure. Fixed it for VFS2. PiperOrigin-RevId: 341155209
2020-11-07Merge release-20201030.0-47-g3ac00fe9c (automated)gVisor bot
2020-11-06Implement command GETNCNT for semctl.Jing Chen
PiperOrigin-RevId: 341154192
2020-11-07Merge release-20201030.0-46-g5288e1941 (automated)gVisor bot
2020-11-06Trim link headers from buffer clone when sniffingGhanan Gowripalan
PiperOrigin-RevId: 341135083
2020-11-06Merge release-20201030.0-44-g9e82747d6 (automated)gVisor bot
2020-11-06Return early in walkSACK if segment has no SACK blocks.Bhasker Hariharan
This avoids a needless allocation. Updates #231 PiperOrigin-RevId: 341113160
2020-11-06Merge release-20201030.0-43-g949dc1d09 (automated)gVisor bot
2020-11-06[vfs] overlayfs: Do not unlink non-existing whiteout during file creation.Ayush Ranjan
We can reuse information about whether a whiteout exists on a given file path from stepLocked when creating a file at that path. This helps save an Unlink call to the upper filesystem if the whiteout does NOT exist (common case). Plumbs this information from lookupLocked() -> getChildLocked() -> stepLocked(). This also helped save a Lookup in RenameAt(). Fixes #1199 PiperOrigin-RevId: 341105351
2020-11-06Merge release-20201030.0-42-gbcd883f09 (automated)gVisor bot
2020-11-06Avoid extra DecRef on kernfs root for "kept" dentries.Dean Deng
The root dentry was not created through Inode.Lookup, so we should not release a reference even if inode.Keep() is true. PiperOrigin-RevId: 341103220
2020-11-06Merge release-20201030.0-41-g53eeb06ef (automated)gVisor bot
2020-11-06Fix infinite loop when splicing to pipes/eventfds.Nicolas Lacasse
Writes to pipes of size < PIPE_BUF are guaranteed to be atomic, so writes larger than that will return EAGAIN if the pipe has capacity < PIPE_BUF. Writes to eventfds will return EAGAIN if the write would cause the eventfd value to go over the max. In both such cases, calling Ready() on the FD will return true (because it is possible to write), but specific kinds of writes will in fact return EAGAIN. This CL fixes an infinite loop in splice and sendfile (VFS1 and VFS2) by forcing skipping the readiness check for the outfile in send, splice, and tee. PiperOrigin-RevId: 341102260
2020-11-06Merge release-20201030.0-40-g955e09dfb (automated)gVisor bot
2020-11-06Do not send to the zero portGhanan Gowripalan
Port 0 is not meant to identify any remote port so attempting to send a packet to it should return an error. PiperOrigin-RevId: 341009528
2020-11-06Merge release-20201030.0-39-g29683f359 (automated)gVisor bot
2020-11-06Cap iovec array length in //pkg/sentry/hostfd.Jamie Liu
PiperOrigin-RevId: 341001328
2020-11-06Merge release-20201030.0-38-g06e33cd73 (automated)gVisor bot
2020-11-05Cache addressEndpoint.addr.Subnet() to avoid allocations.Bhasker Hariharan
This change adds a Subnet() method to AddressableEndpoint so that we can avoid repeated calls to AddressableEndpoint.AddressWithPrefix().Subnet(). Updates #231 PiperOrigin-RevId: 340969877
2020-11-06Merge release-20201030.0-36-g62b0e845b (automated)gVisor bot
2020-11-05Return failure when `runsc events` queries a stopped containerFabricio Voznika
This was causing gvisor-containerd-shim to crash because the command suceeded, but there was no stat present. PiperOrigin-RevId: 340964921
2020-11-06Merge release-20201030.0-34-g8c0701462 (automated)gVisor bot
2020-11-05Use stack.Route exclusively for writing packetsGhanan Gowripalan
* Remove stack.Route from incoming packet path. There is no need to pass around a stack.Route during the incoming path of a packet. Instead, pass around the packet's link/network layer information in the packet buffer since all layers may need this information. * Support address bound and outgoing packet NIC in routes. When forwarding is enabled, the source address of a packet may be bound to a different interface than the outgoing interface. This change updates stack.Route to hold both NICs so that one can be used to write packets while the other is used to check if the route's bound address is valid. Note, we need to hold the address's interface so we can check if the address is a spoofed address. * Introduce the concept of a local route. Local routes are routes where the packet never needs to leave the stack; the destination is stack-local. We can now route between interfaces within a stack if the packet never needs to leave the stack, even when forwarding is disabled. * Always obtain a route from the stack before sending a packet. If a packet needs to be sent in response to an incoming packet, a route must be obtained from the stack to ensure the stack is configured to send packets to the packet's source from the packet's destination. * Enable spoofing if a stack may send packets from unowned addresses. This change required changes to some netgophers since previously, promiscuous mode was enough to let the netstack respond to all incoming packets regardless of the packet's destination address. Now that a stack.Route is not held for each incoming packet, finding a route may fail with local addresses we don't own but accepted packets for while in promiscuous mode. Since we also want to be able to send from any address (in response the received promiscuous mode packets), we need to enable spoofing. * Skip transport layer checksum checks for locally generated packets. If a packet is locally generated, the stack can safely assume that no errors were introduced while being locally routed since the packet is never sent out the wire. Some bugs fixed: - transport layer checksum was never calculated after NAT. - handleLocal didn't handle routing across interfaces. - stack didn't support forwarding across interfaces. - always consult the routing table before creating an endpoint. Updates #4688 Fixes #3906 PiperOrigin-RevId: 340943442
2020-11-05Merge release-20201030.0-29-g771e9ce8e (automated)gVisor bot
2020-11-04Unlock tcp endpoint mutex before blocking forever.Dean Deng
This was occasionally causing tests to get stuck due to races with the save process, during which the same mutex is acquired. PiperOrigin-RevId: 340789616
2020-11-04Include file size in Merkle hashChong Cai
The file size can now also be verified. Also, since we are zero-padding the last block of the data, we cannot differentiate the cases between zero-padded block from the blocks that are ends with zeroes. With the size included this can be addressed, as those cases would have different file size. PiperOrigin-RevId: 340695510