summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2018-07-19Add AT_UID, AT_EUID, AT_GID, AT_EGID to aux vector.Brian Geffon
With musl libc when these entries are missing from the aux vector it's forcing libc.secure (effectively AT_SECURE). This mode prevents RPATH and LD_LIBRARY_PATH from working. https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n1488 As the first entry is a mask of all the aux fields set: https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n187 PiperOrigin-RevId: 205284684 Change-Id: I04de7bab241043306b4f732306a81d74edfdff26
2018-07-19sentry: save stack in proc net dev.Zhaozhong Ni
PiperOrigin-RevId: 205253858 Change-Id: Iccdc493b66d1b4d39de44afb1184952183b1283f
2018-07-18Moved restore code out of create and made to be called after create.Justine Olshan
Docker expects containers to be created before they are restored. However, gVisor restoring requires specificactions regarding the kernel and the file system. These actions were originally in booting the sandbox. Now setting up the file system is deferred until a call to a call to runsc start. In the restore case, the kernel is destroyed and a new kernel is created in the same process, as we need the same process for Docker. These changes required careful execution of concurrent processes which required the use of a channel. Full docker integration still needs the ability to restore into the same container. PiperOrigin-RevId: 205161441 Change-Id: Ie1d2304ead7e06855319d5dc310678f701bd099f
2018-07-18Fix lock-ordering violation in Create by logging BaseName instead of FullName.Nicolas Lacasse
Dirent.FullName takes the global renameMu, but can be called during Create, which itself takes dirent.mu and dirent.dirMu, which is a lock-order violation: Dirent.Create d.dirMu.Lock d.mu.Lock Inode.Create gofer.inodeOperations.Create gofer.NewFile Dirent.FullName d.renameMu.RLock We only use the FullName here for logging, and in this case we can get by with logging only the BaseName. A `BaseName` method was added to Dirent, which simply returns the name, taking d.parent.mu as required. In the Create pathway, we can't call d.BaseName() because taking d.parent.mu after d.mu violates the lock order. But we already know the base name of the file we just created, so that's OK. In the Open/GetFile pathway, we are free to call d.BaseName() because the other dirent locks are not held. PiperOrigin-RevId: 205112278 Change-Id: Ib45c734081aecc9b225249a65fa8093eb4995f10
2018-07-17Merge FileMem.usage in IncRefMichael Pratt
Per the doc, usage must be kept maximally merged. Beyond that, it is simply a good idea to keep fragmentation in usage to a minimum. The glibc malloc allocator allocates one page at a time, potentially causing lots of fragmentation. However, those pages are likely to have the same number of references, often making it possible to merge ranges. PiperOrigin-RevId: 204960339 Change-Id: I03a050cf771c29a4f05b36eaf75b1a09c9465e14
2018-07-17Add API to decode 'stat.st_rdev' into major and minor numbers.Neel Natu
PiperOrigin-RevId: 204936533 Change-Id: Ib060920077fc914f97c4a0548a176d1368510c7b
2018-07-17netstack: update goroutine save / restore safety comments.Zhaozhong Ni
PiperOrigin-RevId: 204930314 Change-Id: Ifc4c41ed28616cd57fafbf7c92e87141a945c41f
2018-07-16Add CPUID faulting for ptrace and KVM.Adin Scannell
PiperOrigin-RevId: 204858314 Change-Id: I8252bf8de3232a7a27af51076139b585e73276d4
2018-07-16Start allocation and reclaim scans only where they may find a matchMichael Pratt
If usageSet is heavily fragmented, findUnallocatedRange and findReclaimable can spend excessive cycles linearly scanning the set for unallocated/free pages. Improve common cases by beginning the scan only at the first page that could possibly contain an unallocated/free page. This metadata only guarantees that there is no lower unallocated/free page, but a scan may still be required (especially for multi-page allocations). That said, this heuristic can still provide significant performance improvements for certain applications. PiperOrigin-RevId: 204841833 Change-Id: Ic41ad33bf9537ecd673a6f5852ab353bf63ea1e6
2018-07-16Add EventOperations.HostFD()Neel Natu
This method allows an eventfd inside the Sentry to be registered with with the host kernel. Update comment about memory mapping host fds via CachingInodeOperations. PiperOrigin-RevId: 204784859 Change-Id: I55823321e2d84c17ae0f7efaabc6b55b852ae257
2018-07-13Allow a filesystem to control its visibility in /proc/filesystems.Neel Natu
PiperOrigin-RevId: 204508520 Change-Id: I09e5f8b6e69413370e1a0d39dbb7dc1ee0b6192d
2018-07-13Note that Mount errors do not require translationsMichael Pratt
PiperOrigin-RevId: 204490639 Change-Id: I0fe26306bae9320c6aa4f854fe0ef25eebd93233
2018-07-12Fix aio eventfd lookupMichael Pratt
We're failing to set eventFile in the outer scope. PiperOrigin-RevId: 204392995 Change-Id: Ib9b04f839599ef552d7b5951d08223e2b1d5f6ad
2018-07-12sentry: wait for restore clock instead of panicing in Timekeeper.Zhaozhong Ni
PiperOrigin-RevId: 204372296 Change-Id: If1ed9843b93039806e0c65521f30177dc8036979
2018-07-12sentry: save inet stacks in proc files.Zhaozhong Ni
PiperOrigin-RevId: 204362791 Change-Id: If85ea7442741e299f0d7cddbc3d6b415e285da81
2018-07-12netstack: save tcp endpoint accepted channel directly.Zhaozhong Ni
PiperOrigin-RevId: 204356873 Change-Id: I5e2f885f58678e693aae1a69e8bf8084a685af28
2018-07-12netstack: do not defer panicable logic in tcp main loop.Zhaozhong Ni
PiperOrigin-RevId: 204355026 Change-Id: I1a8229879ea3b58aa861a4eb4456fd7aff99863d
2018-07-12Format documentationMichael Pratt
PiperOrigin-RevId: 204323728 Change-Id: I1ff9aa062ffa12583b2e38ec94c87db7a3711971
2018-07-11Automated rollback of changelist 203157739Bhasker Hariharan
PiperOrigin-RevId: 204196916 Change-Id: If632750fc6368acb835e22cfcee0ae55c8a04d16
2018-07-11Move ptrace constants to abi/linux.Jamie Liu
PiperOrigin-RevId: 204188763 Change-Id: I5596ab7abb3ec9e210a7f57b3fc420e836fa43f3
2018-07-11Add MemoryManager.Pin.Jamie Liu
PiperOrigin-RevId: 204162313 Change-Id: Ib0593dde88ac33e222c12d0dca6733ef1f1035dc
2018-07-10Internal changeMichael Pratt
PiperOrigin-RevId: 204028082 Change-Id: I4251cce10aace43f9b9a80c36204ef66f1b329df
2018-07-10Exit tmpfs.fileInodeOperations.Translate early if required.Start >= EOF.Jamie Liu
Otherwise required and optional can be empty or have negative length. PiperOrigin-RevId: 204007079 Change-Id: I59e472a87a8caac11ffb9a914b8d79bf0cd70995
2018-07-10netstack: only do connected TCP S/R for loopback connections.Zhaozhong Ni
PiperOrigin-RevId: 204006237 Change-Id: Ica8402ab54d9dd7d11cc41c6d74aacef51d140b7
2018-07-10Internal changeMichael Pratt
PiperOrigin-RevId: 203997995 Change-Id: I8974fe74f1582bc9b2622f18a4bc4ab47ff5d622
2018-07-10netstack: tcp socket connected state S/R support.Zhaozhong Ni
PiperOrigin-RevId: 203958972 Change-Id: Ia6fe16547539296d48e2c6731edacdd96bd6e93c
2018-07-09Notify UDP and Ping endpoints on closeIan Gudger
PiperOrigin-RevId: 203883138 Change-Id: I7500c0a70f5d71c3fb37e2477f7fc466fa92fd3e
2018-07-09Fix two race conditions in tcp stack.Brian Geffon
PiperOrigin-RevId: 203880278 Change-Id: I66b790a616de59142859cc12db4781b57ea626d3
2018-07-09Inherit parent in clone(CLONE_THREAD) under TaskSet.mu.Jamie Liu
PiperOrigin-RevId: 203849534 Change-Id: I4d81513bfd32e0b7fc40c8a4c194eba7abc35a83
2018-07-09Switch netstack licenses to Apache 2.0.Nicolas Lacasse
Fixes #27 PiperOrigin-RevId: 203825288 Change-Id: Ie9f3a2b2c1e296b026b024f75c07da1a7e118633
2018-07-09Trim all whitespace between interpreter and argMichael Pratt
Multiple whitespace characters are allowed. This fixes Ubuntu's /usr/sbin/invoke-rc.d, which has trailing whitespace after the interpreter which we were treating as an arg. PiperOrigin-RevId: 203802278 Change-Id: I0a6cdb0af4b139cf8abb22fa70351fe3697a5c6b
2018-07-06Add non-AMD64 support to rawfileIan Gudger
PiperOrigin-RevId: 203499064 Change-Id: I2cd5189638e94ce926f1e82c1264a8d3ece9dfa5
2018-07-03Fix data race on inotify.Watch.mask.Rahat Mahmood
PiperOrigin-RevId: 203180463 Change-Id: Ief50988c1c028f81ec07a26e704d893e86985bf0
2018-07-03Fix runsc VDSO mappingMichael Pratt
80bdf8a4068de3ac4a73b6b61a0cdcfe3e3571af accidentally moved vdso into an inner scope, never assigning the vdso variable passed to the Kernel and thus skipping VDSO mappings. Fix this and remove the ability for loadVDSO to skip VDSO mappings, since tests that do so are gone. PiperOrigin-RevId: 203169135 Change-Id: Ifd8cadcbaf82f959223c501edcc4d83d05327eba
2018-07-03Resend packets back to netstack if destined to itselfFabricio Voznika
Add option to redirect packet back to netstack if it's destined to itself. This fixes the problem where connecting to the local NIC address would not work, e.g.: echo bar | nc -l -p 8080 & echo foo | nc 192.168.0.2 8080 PiperOrigin-RevId: 203157739 Change-Id: I31c9f7c501e3f55007f25e1852c27893a16ac6c4
2018-07-03Handle NUL-only paths in execMichael Pratt
The path in execve(2), interpreter script, and ELF interpreter may all be no more than a NUL-byte. Handle each of those cases. PiperOrigin-RevId: 203155745 Change-Id: I1c8b1b387924b23b2cf942341dfc76c9003da959
2018-07-02Hold d.parent.mu when reading d.nameMichael Pratt
PiperOrigin-RevId: 203041657 Change-Id: I120783d91712818e600505454c9276f8d9877f37
2018-07-02Drop version option from mount commandMichael Pratt
Fun fact: in protocol version negotiation, our 9p version must be written "9P2000.L". In the 'version' mount option, it must be written "9p2000.L". Very consistent! The mount command as given complains about an unknown protocol version. Drop it entirely because Linux defaults to 9p2000.L anyways. PiperOrigin-RevId: 202971961 Change-Id: I5d46c83f03182476033db9c36870c68aeaf30f65
2018-06-29Sets the restore environment for restoring a container.Justine Olshan
Updated how restoring occurs through boot.go with a separate Restore function. This prevents a new process and new mounts from being created. Added tests to ensure the container is restored. Registered checkpoint and restore commands so they can be used. Docker support for these commands is still limited. Working on #80. PiperOrigin-RevId: 202710950 Change-Id: I2b893ceaef6b9442b1ce3743bd112383cb92af0c
2018-06-29Panic in netstack during cleanup where a FIN becomes a RST.Brian Geffon
There is a subtle bug where during cleanup with unread data a FIN can be converted to a RST, at that point the entire connection should be aborted as we're not expecting any ACKs to the RST. PiperOrigin-RevId: 202691271 Change-Id: Idae70800208ca26e07a379bc6b2b8090805d0a22
2018-06-29aio: Return EINVAL if the number of events is negative.Nicolas Lacasse
PiperOrigin-RevId: 202671065 Change-Id: I248b74544d47ddde9cd59d89aa6ccb7dad2b6f89
2018-06-28Hold t.mu while calling t.FSContext().Nicolas Lacasse
PiperOrigin-RevId: 202562686 Change-Id: I0f5be7cc9098e86fa31d016251c127cb91084b05
2018-06-28Check for invalid offset when submitting an AIO read/write request.Nicolas Lacasse
PiperOrigin-RevId: 202528335 Change-Id: Ic32312cf4337bcb40a7155cb2174e5cd89a280f7
2018-06-27Fix semaphore data racesFabricio Voznika
PiperOrigin-RevId: 202371908 Change-Id: I72603b1d321878cae6404987c49e64732b676331
2018-06-27Call mm.CheckIORange() when copying in IOVecs.Nicolas Lacasse
CheckIORange is analagous to Linux's access_ok() method, which is checked when copying in IOVecs in both lib/iov_iter.c:import_single_range() and lib/iov_iter.c:import_iovec() => fs/read_write.c:rw_copy_check_uvector(). gVisor copies in IOVecs via Task.SingleIOSequence() and Task.CopyInIovecs(). We were checking the address range bounds, but not whether the address is valid. To conform with linux, we should also check that the address is valid. For usual preadv/pwritev syscalls, the effect of this change is not noticeable, since we find out that the address is invalid before the syscall completes. For vectorized async-IO operations, however, this change is necessary because Linux returns EFAULT when the operation is submitted, but before it executes. Thus, we must validate the iovecs when copying them in. PiperOrigin-RevId: 202370092 Change-Id: I8759a63ccf7e6b90d90d30f78ab8935a0fcf4936
2018-06-27Ignore MADV_DONTDUMP and MADV_DODUMP.Jamie Liu
PiperOrigin-RevId: 202361912 Change-Id: I1d0ee529073954d467b870872f494cebbf8ea61a
2018-06-26Add KVM, overlay and host network to image testsFabricio Voznika
PiperOrigin-RevId: 202236006 Change-Id: I4ea964a70fc49e8b51c9da27d77301c4eadaae71
2018-06-26Change SIGCHLD to SIGKILL in ptrace stubs.Adin Scannell
If the child stubs are killed by any unmaskable signal (e.g. SIGKILL), then the parent process will similarly be killed, resulting in the death of all other stubs. The effect of this is that if the OOM killer selects and kills a stub, the effect is the same as though the OOM killer selected and killed the sentry. PiperOrigin-RevId: 202219984 Change-Id: I0b638ce7e59e0a0f4d5cde12a7d05242673049d7
2018-06-26Use the correct Context for /proc/[pid]/maps.Jamie Liu
PiperOrigin-RevId: 202180487 Change-Id: I95cce41a4842ab731a4821b387b32008bfbdcb08
2018-06-26Fix data races in Unix socketsIan Gudger
PiperOrigin-RevId: 202175558 Change-Id: I0113cb9a90d7a0cd7964bf43eef67f70c92d9589