summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-03-20Remove unused variable `sndNxtList`.Ting-Yu Wang
PiperOrigin-RevId: 302110328
2020-03-19Whitelist utimensat(2).Dean Deng
utimensat is used by hostfs for setting timestamps on imported fds. Previously, this would crash the sandbox since utimensat was not allowed. Correct the VFS2 version of hostfs to match the call in VFS1. PiperOrigin-RevId: 301970121
2020-03-19Remove the "frozen" bit from dirents.Zach Koopmans
Frozen was to lock down changes to the host filesystem for hostFS. Now that hostFS is gone, it can be removed. PiperOrigin-RevId: 301907923
2020-03-19Remove redundant dep in BUILDJay Zhuang
PiperOrigin-RevId: 301859066
2020-03-19Change SocketOperations.readMu to an RWMutex.Bhasker Hariharan
Also get rid of the readViewHasData as it's not required anymore. Updates #231, #357 PiperOrigin-RevId: 301837227
2020-03-19Address comments on workMu removal change.Bhasker Hariharan
Updates #231, #357 PiperOrigin-RevId: 301833669
2020-03-19Remove workMu from tcpip.Endpoint.Bhasker Hariharan
workMu is removed and e.mu is now a mutex that supports TryLock. The packet processing path tries to lock the mutex and if its locked it will just queue the packet and move on. The endpoint.UnlockUser() will process any backlog of packets before unlocking the socket. This simplifies the locking inside tcp endpoints a lot. Further the endpoint.LockUser() implements spinning as long as the lock is not held by another syscall goroutine. This ensures low latency as not spinning leads to the task thread being put to sleep if the lock is held by the packet dispatch path. This is suboptimal as the lower layer rarely holds the lock for long so implementing spinning here helps. If the lock is held by another task goroutine then we just proceed to call LockUser() and the task could be put to sleep. The protocol goroutines themselves just call e.mu.Lock() and block if the lock is currently not available. Updates #231, #357 PiperOrigin-RevId: 301808349
2020-03-18Port imported TTY fds to vfs2.Dean Deng
Refactor fs/host.TTYFileOperations so that the relevant functionality can be shared with VFS2 (fsimpl/host.ttyFD). Incorporate host.defaultFileFD into the default host.fileDescription. This way, there is no need for a separate default_file.go. As in vfs1, the TTY file implementation can be built on top of this default and override operations as necessary (PRead/Read/PWrite/Write, Release, Ioctl). Note that these changes still need to be plumbed into runsc, which refers to imported TTYs in control/proc.go:ExecAsync. Updates #1672. PiperOrigin-RevId: 301718157
2020-03-18Deflake third_party/gvisor/pkg/gate/gate_testAndrei Vagin
TestConcurrentAll executes 1000 goroutines which never sleep, so they are not preempted by Go's runtime. In Go 1.14, async preemption has been added, but the added runtime.Gosched() call will do nothing wrong in this case too. PiperOrigin-RevId: 301705712
2020-03-18Merge pull request #2061 from lubinszARM:pr_restart_syscallgVisor bot
PiperOrigin-RevId: 301700868
2020-03-18Store segment transmit count.Ian Gudger
This will aid in segment reordering detection. Updates #691 PiperOrigin-RevId: 301692638
2020-03-18Fix FDTable.NewFDVFS2Fabricio Voznika
It was looking at VFS1 table to determine where to allocate the next FD from. Updates #1035 PiperOrigin-RevId: 301678858
2020-03-18Automated rollback of changelist 301501607Bhasker Hariharan
PiperOrigin-RevId: 301578043
2020-03-17Wrap rand.Reader in a bufio.Reader.Bhasker Hariharan
rand.Read() results in a syscall to the host on every call instead we can wrap it with a bufio.Reader to buffer and reduce number of syscalls. This is especially important for TCP where every newly created endpoint reads random data to initialize the timestamp offsets for the endpoint. Updates #231 PiperOrigin-RevId: 301501607
2020-03-17Remove HostFS from Sentry.Zach Koopmans
PiperOrigin-RevId: 301402181
2020-03-17Packetimpact in Go with c++ stubEyal Soha
PiperOrigin-RevId: 301382690
2020-03-16fdtable: don't try to zap fdtable entry if close is called for non-existing fdAndrei Vagin
FDTable.setAll is used to zap entries, but it grows the table up to a specified fd. Reported-by: syzbot+9e281b0750d2d4caa190@syzkaller.appspotmail.com PiperOrigin-RevId: 301280000
2020-03-16Enforce file size rlimits in VFS2Fabricio Voznika
Updates #1035 PiperOrigin-RevId: 301255357
2020-03-16Add calls to vfs.CheckSetStat to fsimplsFabricio Voznika
Only gofer filesystem was calling vfs.CheckSetStat for vfs.FilesystemImpl.SetStatAt and vfs.FileDescriptionImpl.SetStat. Updates #1193, #1672, #1197 PiperOrigin-RevId: 301226522
2020-03-16Enable ARP resolution in TAP devices.Ting-Yu Wang
PiperOrigin-RevId: 301208471
2020-03-16Merge pull request #1943 from kevinGC:ipt-filter-ipgVisor bot
PiperOrigin-RevId: 301197007
2020-03-16Prevent vnetHdr from escaping in WritePacket.Bhasker Hariharan
PiperOrigin-RevId: 301157950
2020-03-14Disallow kernfs.Inode.SetStat for readonly inodesFabricio Voznika
Updates #1195, #1193 PiperOrigin-RevId: 300950993
2020-03-14Plumb VFS2 imported fds into virtual filesystem.Dean Deng
- When setting up the virtual filesystem, mount a host.filesystem to contain all files that need to be imported. - Make read/preadv syscalls to the host in cases where preadv2 may not be supported yet (likewise for writing). - Make save/restore functions in kernel/kernel.go return early if vfs2 is enabled. PiperOrigin-RevId: 300922353
2020-03-13Add remaining procfs filesFabricio Voznika
Closes #1195 PiperOrigin-RevId: 300867055
2020-03-13Panic if file in FDTable has been destroyedFabricio Voznika
This will give more information about the file to identify where possibly the extra DecRef() would be. PiperOrigin-RevId: 300855874
2020-03-13Fix infinite loop in semaphore.sem.wakeWaiters().Jamie Liu
PiperOrigin-RevId: 300845134
2020-03-13Fix typoMichael Pratt
PiperOrigin-RevId: 300832988
2020-03-13Refactor SLAAC address state into SLAAC prefix stateGhanan Gowripalan
Previously, SLAAC related state was stored on a per-address basis. This was sufficient for the simple case of a single SLAAC address per prefix, but future CLs will introduce temporary addresses which will result in multiple SLAAC addresses for a prefix. This refactor allows storing multiple addresses for a prefix in a single SLAAC prefix state. No behaviour changes - existing tests continue to pass. PiperOrigin-RevId: 300832812
2020-03-13Fix oom_score_adj.Jamie Liu
- Make oomScoreAdj a ThreadGroup field (Linux: signal_struct::oom_score_adj). - Avoid deadlock caused by Task.OOMScoreAdj()/SetOOMScoreAdj() locking Task.mu and TaskSet.mu in the wrong order (via Task.ExitState()). PiperOrigin-RevId: 300814698
2020-03-13Disable a NIC before removing itGhanan Gowripalan
When a NIC is removed, attempt to disable the NIC first to cleanup dynamic state and stop ongoing periodic tasks (e.g. IPv6 router solicitations, DAD) so that a removed NIC does not attempt to send packets. Tests: - stack_test.TestRemoveUnknownNIC - stack_test.TestRemoveNIC - stack_test.TestDADStop - stack_test.TestCleanupNDPState - stack_test.TestRouteWithDownNIC - stack_test.TestStopStartSolicitingRouters PiperOrigin-RevId: 300805857
2020-03-13Avoid unnecessary work in transportDemuxer.deliverPacket().Jamie Liu
- Don't allocate []*endpointsByNic in transportDemuxer.deliverPacket() unless actually needed for UDP broadcast/multicast. - Don't allocate []*endpointsByNic via transportDemuxer.findEndpointLocked() => transportDemuxer.findAllEndpointsLocked(). - Skip unnecessary map lookups in transportDemuxer.findEndpointLocked() => transportDemuxer.findAllEndpointsLocked() (now iterEndpointsLocked). For most deliverable packets other than UDP broadcast/multicast packets, this saves two slice allocations and three map lookups per packet. PiperOrigin-RevId: 300804135
2020-03-13Fix lock recursion in kernel.ProcessGroup.SendSignal().Jamie Liu
PiperOrigin-RevId: 300803515
2020-03-13Implement access/faccessat for VFS2.Dean Deng
Note that the raw faccessat system call does not actually take a flags argument; according to faccessat(2), the glibc wrapper implements the flags by using fstatat(2). Remove the flag argument that we try to extract from vfs1, which would just be a garbage value. Updates #1965 Fixes #2101 PiperOrigin-RevId: 300796067
2020-03-13Fix "application exiting with {Code:0 Signo:27}" during boot.Ting-Yu Wang
2aa9514a06a5e34894e606d508ac2df53b082c74 skips SIGURG, but later code expects the sigchans array contains consecutive signal numbers. PiperOrigin-RevId: 300793450
2020-03-13Honour the link's MaxHeaderLength when forwardingGhanan Gowripalan
LinkEndpoints may expect/assume that the a tcpip.PacketBuffer's Header has enough capacity for its own headers, as per documentation for LinkEndpoint.MaxHeaderLength. Test: stack_test.TestNICForwarding PiperOrigin-RevId: 300784192
2020-03-13Add support for mount flagsFabricio Voznika
Plumbs MS_NOEXEC and MS_RDONLY. Others are TODO. Updates #1623 #1193 PiperOrigin-RevId: 300764669
2020-03-12Clarify comments about IHL in ipv4.go.Eyal Soha
PiperOrigin-RevId: 300668506
2020-03-12Mark gonet_test as flaky.Zach Koopmans
Mark /pkg/tcpip/adapters/gonet/gonet_test as flaky. PiperOrigin-RevId: 300609529
2020-03-12passed the syscall test case 'alarm' on Arm64 platformBin Lu
This issue was caused by 'restart_syscall'. The value of Register R0 should be stored after finishing sysemu. So that we can restore the value and restart syscall. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-03-11Use a heap in transport demuxerTamir Duberstein
...instead of sorting at various times. Plug a memory leak by setting removed elements to nil. PiperOrigin-RevId: 300471087
2020-03-11Implement heap.Interface on pointer receiverTamir Duberstein
PiperOrigin-RevId: 300467253
2020-03-11Fix race condition (*tcp.endpoint).CloseTamir Duberstein
Atomically close the endpoint. Before this change, it was possible for multiple callers to perform duplicate work. PiperOrigin-RevId: 300462110
2020-03-11Clean-up buffer implementation.Adin Scannell
This also adds substantial test cases. The Read/Write interfaces are dropped as they are not necessary. PiperOrigin-RevId: 300461547
2020-03-11Fix memory leak in danglingEndpoints.Bhasker Hariharan
Endpoints which were being terminated in an ERROR state or were moved to CLOSED by the worker goroutine do not run cleanupLocked() as that should already be run by the worker termination. But when making that change we made the mistake of not removing the endpoint from the danglingEndpoints which is normally done in cleanupLocked(). As a result these endpoints are leaked since a reference is held to them in the danglingEndpoints array forever till Stack is torn down. PiperOrigin-RevId: 300438426
2020-03-11Import "unsafe" in bluepill_arm64_unsafe.goAndrei Vagin
This fixes a compile time error: pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go:45:35: undefined: unsafe PiperOrigin-RevId: 300375687
2020-03-11Merge pull request #1975 from nybidari:iptablesgVisor bot
PiperOrigin-RevId: 300362789
2020-03-11runsc: don't redirect SIGURG which is used by Go's runtime schedulerAndrei Vagin
Go 1.14+ sends SIGURG to Ms to attempt asynchronous preemption of a G. Since it can't guarantee that a SIGURG is only related to preemption, it continues to forward them to signal.Notify (see runtime.sighandler). When runsc is running a container, there are three processes: a parent process and two children (sandbox and gopher). A parent process sets a signal handler for all signals and redirect them to the container init process. This logic should ignore SIGURG signals. We already ignore them in the Sentry, but it will be better to not notify about them when this is possible. PiperOrigin-RevId: 300345286
2020-03-11Automated rollback of changelist 300217972gVisor bot
PiperOrigin-RevId: 300308974
2020-03-11Merge pull request #1832 from xiaobo55x:tls_ptracegVisor bot
PiperOrigin-RevId: 300270894