| Age | Commit message (Collapse) | Author |
|---|
|
This creates new user and network namespaces for all tests in
`:socket_inet_loopback_isolated_test_linux`.
PiperOrigin-RevId: 381374120
|
|
Compare
if (!thread_group_leader(tracee))
tracee = rcu_dereference(tracee->group_leader);
in security/yama/yama_lsm.c:ptracer_exception_found().
PiperOrigin-RevId: 381074242
|
|
This allows these tests, which can cause flakiness when run in the same network
namespace as the other `socket_inet_loopback` tests, to run as separate tests
in their own environment. It also means that all of the shards of those tests
can be more isolated from each other as well.
PiperOrigin-RevId: 380930198
|
|
Updates #5711
Updates #6021
Updates #6022
PiperOrigin-RevId: 377582446
|
|
PiperOrigin-RevId: 376001603
|
|
PiperOrigin-RevId: 375823719
|
|
Not all the tests build yet, but many of them do now.
PiperOrigin-RevId: 375209824
|
|
https://github.com/llvm/llvm-project/commit/6c3129549374c0e81e28fd0a21e96f8087b63a78
adds "mustprogress" to loops, which causes empty, side-effect free loops to be
optimized away. These loops are intentionally infinite for purposes of testing,
so add asm statements that prevent them from being removed.
PiperOrigin-RevId: 375188453
|
|
Fixes #5974
Updates #161
PiperOrigin-RevId: 375024740
|
|
https://github.com/llvm/llvm-project/commit/6c3129549374c0e81e28fd0a21e96f8087b63a78 adds "mustprogress" to loops, which causes empty, side-effect free loops to be optimized away. These loops are intentionally infinite for purposes of testing, so add asm statements that prevent them from being removed.
PiperOrigin-RevId: 374546142
|
|
PiperOrigin-RevId: 374517895
|
|
PiperOrigin-RevId: 373854462
|
|
Previously, registration was racy because we were publishing
hierarchies in the registry without fully initializing the underlying
filesystem. This led to concurrent mount(2)s discovering the partially
intialized filesystems and dropping the final refs on them which cause
them to be freed prematurely.
Reported-by: syzbot+13f54e77bdf59f0171f0@syzkaller.appspotmail.com
Reported-by: syzbot+2c7f0a9127ac6a84f17e@syzkaller.appspotmail.com
PiperOrigin-RevId: 373824552
|
|
The test Truncate set ControllingTTY without releasing
it on VFS2. This leads test ReleaseTTYSignals and ReleaseTTY
fail when setting ControllingTTY.
Skip the test on VFS1 and native, as setting Controlling TTY
when open replica only happens on VFS2.
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
PiperOrigin-RevId: 372022596
|
|
The data written was larger than the write buffer, and nobody was reading the
other end.
PiperOrigin-RevId: 371436084
|
|
PiperOrigin-RevId: 369967629
|
|
PiperOrigin-RevId: 369505182
|
|
PiperOrigin-RevId: 366907152
|
|
Allow user mounting a verity fs on an existing mount by specifying mount
flags root_hash and lower_path.
PiperOrigin-RevId: 366843846
|
|
A skeleton implementation of cgroupfs. It supports trivial cpu and
memory controllers with no support for hierarchies.
PiperOrigin-RevId: 366561126
|
|
PiperOrigin-RevId: 366344222
|
|
PiperOrigin-RevId: 366292533
|
|
syserror allows packages to register translators for errors. These
translators should be called prior to checking if the error is valid,
otherwise it may not account for possible errors that can be returned
from different packages, e.g. safecopy.BusError => syserror.EFAULT.
Second attempt, it passes tests now :-)
PiperOrigin-RevId: 363714508
|
|
PiperOrigin-RevId: 363276495
|
|
Terminating tasks from other tests can mess up with the task
list of the current test. Tests were changed to look for added/removed
tasks, ignoring other tasks that may exist while the test is running.
PiperOrigin-RevId: 363084261
|
|
Speeds up the socket stress tests by a couple orders of magnitude.
PiperOrigin-RevId: 361721050
|
|
io.Reader.ReadFull returns the number of bytes copied and an error if fewer
bytes were read.
PiperOrigin-RevId: 360247614
|
|
Restrict ptrace(2) according to the default configurations of the YAMA security
module (mode 1), which is a common default among various Linux distributions.
The new access checks only permit the tracer to proceed if one of the following
conditions is met:
a) The tracer is already attached to the tracee.
b) The target is a descendant of the tracer.
c) The target has explicitly given permission to the tracer through the
PR_SET_PTRACER prctl.
d) The tracer has CAP_SYS_PTRACE.
See security/yama/yama_lsm.c for more details.
Note that these checks are added to CanTrace, which is checked for
PTRACE_ATTACH as well as some other operations, e.g., checking a process'
memory layout through /proc/[pid]/mem.
Since this patch adds restrictions to ptrace, it may break compatibility for
applications run by non-root users that, for instance, rely on being able to
trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA
restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope
to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER
prctl.
Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com
PiperOrigin-RevId: 359237723
|
|
Reported-by: syzbot+f2489ba0b999a45d1ad1@syzkaller.appspotmail.com
PiperOrigin-RevId: 358866218
|
|
PiperOrigin-RevId: 357015186
|
|
The limits for snd/rcv buffers for unix domain socket is controlled by the
following sysctls on linux
- net.core.rmem_default
- net.core.rmem_max
- net.core.wmem_default
- net.core.wmem_max
Today in gVisor we do not expose these sysctls but we do support setting the
equivalent in netstack via stack.Options() method. But AF_UNIX sockets in gVisor
can be used without netstack, with hostinet or even without any networking stack
at all. Which means ideally these sysctls need to live as globals in gVisor.
But rather than make this a big change for now we hardcode the limits in the
AF_UNIX implementation itself (which in itself is better than where we were
before) where it SO_SNDBUF was hardcoded to 16KiB. Further we bump the initial
limit to a default value of 208 KiB to match linux from the paltry 16 KiB we use
today.
Updates #5132
PiperOrigin-RevId: 356665498
|
|
Reported-by: syzbot+9ffc71246fe72c73fc25@syzkaller.appspotmail.com
PiperOrigin-RevId: 356536113
|
|
Individual test cases must not rely on being executed in a clean environment.
PiperOrigin-RevId: 354730126
|
|
PiperOrigin-RevId: 354615220
|
|
Individual test cases must not rely on being executed in a clean environment.
PiperOrigin-RevId: 354604389
|
|
PiperOrigin-RevId: 354367665
|
|
The test was execve itself into `/bin/true`, so the test was
not actually executing.
PiperOrigin-RevId: 353676855
|
|
Fixes #5113.
PiperOrigin-RevId: 353313374
|
|
On ARM64, when ptrace stops on a system call, it uses the x7 register to
indicate whether the stop has been signalled from syscall entry or syscall
exit. This means that we can't get a value of this register and we can't change
it. More details are in the comment for tracehook_report_syscall in
arch/arm64/kernel/ptrace.c.
This happens only if we stop on a system call, so let's queue a signal, resume
a stub thread and catch it on a signal handling.
Fixes: #5238
PiperOrigin-RevId: 352668695
|
|
io.Writer.Write requires err to be non-nil if n < len(v).
We could allow this but it will be irreversible if users depend on this
behavior.
Ported the test that discovered this.
PiperOrigin-RevId: 352065946
|
|
IPv4 was always supported but UDP never supported joining/leaving IPv6
multicast groups via socket options.
Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP
Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP
Test: integration_test.TestUDPAddRemoveMembershipSocketOption
PiperOrigin-RevId: 350396072
|
|
PiperOrigin-RevId: 349458984
|
|
open() has to return ENXIO in this case.
O_PATH isn't supported by vfs1.
PiperOrigin-RevId: 348820478
|
|
PiperOrigin-RevId: 348720223
|
|
Fixes #5004
PiperOrigin-RevId: 346643745
|
|
PiperOrigin-RevId: 345976554
|
|
These options allow overriding the signal that gets sent to the process when
I/O operations are available on the file descriptor, rather than the default
`SIGIO` signal. Doing so also populates `siginfo` to contain extra information
about which file descriptor caused the event (`si_fd`) and what events happened
on it (`si_band`). The logic around which FD is populated within `si_fd`
matches Linux's, which means it has some weird edge cases where that value may
not actually refer to a file descriptor that is still valid.
This CL also ports extra S/R logic regarding async handler in VFS2.
Without this, async I/O handlers aren't properly re-registered after S/R.
PiperOrigin-RevId: 345436598
|
|
For now, I only added a halt test case for Arm64.
Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
|
|
This test fails because it must include additional UIDs. Omit
the bazel sandbox to ensure that it can function correctly.
PiperOrigin-RevId: 343927190
|
