summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-01-18Include the cgroup name in the superblock options in /proc/self/mountinfo.Nicolas Lacasse
Java 11 parses /proc/self/mountinfo for cgroup information. Java 11.0.4 uses the mount path to determine what cgroups existed, but Java 11.0.5 reads the cgroup names from the superblock options. This CL adds the cgroup name to the superblock options if the filesystem type is "cgroup". Since gVisor doesn't actually support cgroups yet, we just infer the cgroup name from the path. PiperOrigin-RevId: 290434323
2020-01-17Filter out received packets with a local source IP address.Eyal Soha
CERT Advisory CA-96.21 III. Solution advises that devices drop packets which could not have correctly arrived on the wire, such as receiving a packet where the source IP address is owned by the device that sent it. Fixes #1507 PiperOrigin-RevId: 290378240
2020-01-17Fix data race in MountNamespace.resolve.Nicolas Lacasse
We must hold fs.renameMu to access Dirent.parent. PiperOrigin-RevId: 290340804
2020-01-17Convert EventMask to uint64Andrei Vagin
It is used for signalfd where the maximum signal is 64. PiperOrigin-RevId: 290331008
2020-01-17Remove addPermanentAddressLockedTamir Duberstein
It was possible to use this function incorrectly, and its separation wasn't buying us anything. PiperOrigin-RevId: 290311100
2020-01-17Fix data race in tty.queue.readableSize.Nicolas Lacasse
We were setting queue.readable without holding the lock. PiperOrigin-RevId: 290306922
2020-01-17Add /proc/[pid]/cgroups fileFabricio Voznika
Updates #1195 PiperOrigin-RevId: 290298266
2020-01-17Add /proc/net/* filesFabricio Voznika
Updates #1195 PiperOrigin-RevId: 290285420
2020-01-17Enable stat syscall support on arm64.Haibo Xu
x86 and arm64 use a different stat struct in Linux kernel, so the stat() syscall implementation has to handle the file stat data separately. Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: If3986e915a667362257a54e7fbbcc1fe18951015 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/1493 from xiaobo55x:stat f15a216d9297eb9a96d2c483d396a9919145d7fa PiperOrigin-RevId: 290274287
2020-01-17Add explanation for implementation of BSD full file locks.Dean Deng
PiperOrigin-RevId: 290272560
2020-01-16Remove unused rpcinet.Adin Scannell
PiperOrigin-RevId: 290198756
2020-01-16Implement setxattr for overlays.Dean Deng
PiperOrigin-RevId: 290186303
2020-01-16Bump p9 version, adding corresponding checks to client_file.go.Dean Deng
PiperOrigin-RevId: 290145451
2020-01-16Add IfChange/ThenChange reminders in fs/procFabricio Voznika
There is a lot of code duplication for VFSv2 and this serves as remind to keep the copies in sync. Updates #1195 PiperOrigin-RevId: 290139234
2020-01-16Implement tmpfs.SetStat with a size argument.Nicolas Lacasse
This is similar to 'Truncate' in vfs1. Updates https://github.com/google/gvisor/issues/1197 PiperOrigin-RevId: 290139140
2020-01-16Add more files to /proc/[pid]/*Fabricio Voznika
Files not implemented require VFSv2 plumbing into the kernel. Also, cgroup is not implemented yet. Updates #1195 PiperOrigin-RevId: 290129176
2020-01-16Plumb getting/setting xattrs through InodeOperations and 9p gofer interfaces.Dean Deng
There was a very bare get/setxattr in the InodeOperations interface. Add context.Context to both, size to getxattr, and flags to setxattr. Note that extended attributes are passed around as strings in this implementation, so size is automatically encoded into the value. Size is added in getxattr so that implementations can return ERANGE if a value is larger than can fit in the user-allocated buffer. This prevents us from unnecessarily passing around an arbitrarily large xattr when the user buffer is actually too small. Don't use the existing xattrwalk and xattrcreate messages and define our own, mainly for the sake of simplicity. Extended attributes will be implemented in future commits. PiperOrigin-RevId: 290121300
2020-01-16Add remaining /proc/* and /proc/sys/* filesFabricio Voznika
Except for one under /proc/sys/net/ipv4/tcp_sack. /proc/pid/* is still incomplete. Updates #1195 PiperOrigin-RevId: 290120438
2020-01-16Merge pull request #1272 from lubinszARM:pr_ring0_2gVisor bot
PiperOrigin-RevId: 290113719
2020-01-16Enable clone syscall support on arm64.Haibo Xu
sys_clone has many flavors in Linux, and amd64 chose a different one from x86(different arguments order). Ref kernel/fork.c for more info. Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I6c8cbc685f4a6e786b171715ab68292fc95cbf48 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/1545 from xiaobo55x:clone 156bd2dfbc63ef5291627b0578ddea77997393b2 PiperOrigin-RevId: 290093953
2020-01-15Support upgrading expired/removed IPv6 addresses to permanent SLAAC addressesGhanan Gowripalan
If a previously added IPv6 address (statically or via SLAAC) was removed, it would be left in an expired state waiting to be cleaned up if any references to it were still held. During this time, the same address could be regenerated via SLAAC, which should be allowed. This change supports this scenario. When upgrading an endpoint from temporary or permanentExpired to permanent, respect the new configuration type (static or SLAAC) and deprecated status, along with the new PrimaryEndpointBehavior (which was already supported). Test: stack.TestAutoGenAddrAfterRemoval PiperOrigin-RevId: 289990168
2020-01-15Solicit IPv6 routers when a NIC becomes enabled as a hostGhanan Gowripalan
This change adds support to send NDP Router Solicitation messages when a NIC becomes enabled as a host, as per RFC 4861 section 6.3.7. Note, Router Solicitations will only be sent when the stack has forwarding disabled. Tests: Unittests to make sure that the initial Router Solicitations are sent as configured. The tests also validate the sent Router Solicitations' fields. PiperOrigin-RevId: 289964095
2020-01-15Add timestamps to VFS2 tmpfs, and implement some of SetStat.Nicolas Lacasse
PiperOrigin-RevId: 289962040
2020-01-15Merge pull request #1540 from laijs:fix-PCIDsgVisor bot
PiperOrigin-RevId: 289925133
2020-01-15Bugfix to terminate the protocol loop on StateError.Bhasker Hariharan
The change to introduce worker goroutines can cause the endpoint to transition to StateError and we should terminate the loop rather than let the endpoint transition to a CLOSED state as we do in case the endpoint enters TIME-WAIT/CLOSED. Moving to a closed state would cause the actual error to not be propagated to any read() calls etc. PiperOrigin-RevId: 289923568
2020-01-14enable pkg/sentry/arch to support arm64 basicallylubinszARM
Signed-off-by: Bin Lu <bin.lu@arm.com> Change-Id: I9cce23db4e5caec82ce42b4970fdb7f7e8c08f1d COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/773 from lubinszARM:pr_arch_basic 3fe2fd8e6286766bbe489ef971dce204f924feba PiperOrigin-RevId: 289795569
2020-01-14Changes TCP packet dispatch to use a pool of goroutines.Bhasker Hariharan
All inbound segments for connections in ESTABLISHED state are delivered to the endpoint's queue but for every segment delivered we also queue the endpoint for processing to a selected processor. This ensures that when there are a large number of connections in ESTABLISHED state the inbound packets are all handled by a small number of goroutines and significantly reduces the amount of work the goscheduler has to perform. We let connections in other states follow the current path where the endpoint's goroutine directly handles the segments. Updates #231 PiperOrigin-RevId: 289728325
2020-01-14Implement {g,s}etsockopt(IP_RECVTOS) for UDP socketsTamir Duberstein
PiperOrigin-RevId: 289718534
2020-01-13Do Source Address Selection when choosing an IPv6 source addressGhanan Gowripalan
Do Source Address Selection when choosing an IPv6 source address as per RFC 6724 section 5 rules 1-3: 1) Prefer same address 2) Prefer appropriate scope 3) Avoid deprecated addresses. A later change will update Source Address Selection to follow rules 4-8. Tests: Rule 1 & 2: stack.TestIPv6SourceAddressSelectionScopeAndSameAddress, Rule 3: stack.TestAutoGenAddrTimerDeprecation, stack.TestAutoGenAddrDeprecateFromPI PiperOrigin-RevId: 289559373
2020-01-13Allow dual stack sockets to operate on AF_INETTamir Duberstein
Fixes #1490 Fixes #1495 PiperOrigin-RevId: 289523250
2020-01-13Merge pull request #1528 from kevinGC:iptables-writegVisor bot
PiperOrigin-RevId: 289479774
2020-01-10Automated rollback of changelist 288990597Ghanan Gowripalan
PiperOrigin-RevId: 289169518
2020-01-10Put CancellableTimer tests in the tcpip_test packageGhanan Gowripalan
CancellableTimer tests were in a timer_test package but lived within the tcpip directory. This caused issues with go tools. PiperOrigin-RevId: 289166345
2020-01-10goid: new packageIan Gudger
Allows retrieving the goroutine ID for concurrency testing when the race detector is enabled. Updates #1472 PiperOrigin-RevId: 289155308
2020-01-10panic fix in retransmitTimerExpired.Bhasker Hariharan
This is a band-aid fix for now to prevent panics. PiperOrigin-RevId: 289078453
2020-01-09New sync package.Ian Gudger
* Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387
2020-01-09Merge pull request #1523 from majek:fix-1522-silly-window-rxgVisor bot
PiperOrigin-RevId: 289019953
2020-01-09Inform NDPDispatcher when Stack learns about available configurations via DHCPv6Ghanan Gowripalan
Inform the Stack's NDPDispatcher when it receives an NDP Router Advertisement that updates the available configurations via DHCPv6. The Stack makes sure that its NDPDispatcher isn't informed unless the avaiable configurations via DHCPv6 for a NIC is updated. Tests: Test that a Stack's NDPDispatcher is informed when it receives an NDP Router Advertisement that informs it of new configurations available via DHCPv6. PiperOrigin-RevId: 289001283
2020-01-09Separate NDP tests into its own packageGhanan Gowripalan
Internal tools timeout after 60s during tests that are required to pass before changes can be submitted. Separate out NDP tests into its own package to help prevent timeouts when testing. PiperOrigin-RevId: 288990597
2020-01-09Merge pull request #1423 from xiaobo55x:stracegVisor bot
PiperOrigin-RevId: 288965915
2020-01-09Change BindToDeviceOption to store NICIDEyal Soha
This makes it possible to call the sockopt from go even when the NIC has no name. PiperOrigin-RevId: 288955236
2020-01-09Allow clients to store an opaque NICContext with NICsBert Muthalaly
...retrievable later via stack.NICInfo(). Clients of this library can use it to add metadata that should be tracked alongside a NIC, to avoid having to keep a map[tcpip.NICID]metadata mirroring stack.Stack's nic map. PiperOrigin-RevId: 288924900
2020-01-09Avoid panic when c.PCIDs is nilLai Jiangshan
When PCID is disabled, there would throw a panic when dropPageTables() access to c.PCID without check. Signed-off-by: Lai Jiangshan <eag0628@gmail.com>
2020-01-08CancellableTimer to encapsulate the work of safely stopping timersGhanan Gowripalan
Add a new CancellableTimer type to encapsulate the work of safely stopping timers when it fires at the same time some "related work" is being handled. The term "related work" is some work that needs to be done while having obtained some common lock (L). Example: Say we have an invalidation timer that may be extended or cancelled by some event. Creating a normal timer and simply cancelling may not be sufficient as the timer may have already fired when the event handler attemps to cancel it. Even if the timer and event handler obtains L before doing work, once the event handler releases L, the timer will eventually obtain L and do some unwanted work. To prevent the timer from doing unwanted work, it checks if it should early return instead of doing the normal work after obtaining L. When stopping the timer callers must have L locked so the timer can be safely informed that it should early return. Test: Tests that CancellableTimer fires and resets properly. Test to make sure the timer fn is not called after being stopped within the lock L. PiperOrigin-RevId: 288806984
2020-01-08More GH comments.Kevin Krakauer
2020-01-08Return correct length with MSG_TRUNC for unix sockets.Ian Lewis
This change calls a new Truncate method on the EndpointReader in RecvMsg for both netlink and unix sockets. This allows readers such as sockets to peek at the length of data without actually reading it to a buffer. Fixes #993 #1240 PiperOrigin-RevId: 288800167
2020-01-08Define sizes for extent headers and entries separately to improve clarity.Dean Deng
PiperOrigin-RevId: 288799694
2020-01-08Addressed GH commentsKevin Krakauer
2020-01-08Fix slice bounds out of range panic in parsing socket control message.Ting-Yu Wang
Panic found by syzakller. PiperOrigin-RevId: 288799046
2020-01-08Introduce tcpip.SockOptBoolTamir Duberstein
...and port V6OnlyOption to it. PiperOrigin-RevId: 288789451