Age | Commit message (Collapse) | Author |
|
Enforce write permission checks in BoundEndpointAt, which corresponds to the
permission checks in Linux (net/unix/af_unix.c:unix_find_other).
Also, create bound socket files with the correct permissions in VFS2.
Fixes #2324.
PiperOrigin-RevId: 308949084
|
|
TempPath's destructor runs at the end of the named pipe creation functions,
deleting the named pipe. If the named pipe is backed by a "non-virtual"
filesystem (!fs.Inode.IsVirtual()), this causes the following save attempt to
fail because there are FDs holding the deleted named pipe open.
PiperOrigin-RevId: 308861999
|
|
Right now, sentry panics in this case:
panic: close of nil channel
goroutine 67 [running]:
pkg/tcpip/transport/tcp/tcp.(*endpoint).listen(0xc0000ce000, 0x9, 0x0)
pkg/tcpip/transport/tcp/endpoint.go:2208 +0x170
pkg/tcpip/transport/tcp/tcp.(*endpoint).Listen(0xc0000ce000, 0x9, 0xc0003a1ad0)
pkg/tcpip/transport/tcp/endpoint.go:2179 +0x50
Fixes #2468
PiperOrigin-RevId: 307896725
|
|
PiperOrigin-RevId: 307638329
|
|
PiperOrigin-RevId: 307453436
|
|
prlimit was erroneously comparing UIDs and GIDs when getting/setting a process'
own limits. From the manpage:
To set or get the resources of a process other than itself, the caller must have
the CAP_SYS_RESOURCE capability, or the real, effective, and saved set user IDs
of the target process must match the real user ID of the caller and the real,
effective, and saved set group IDs of the target process must match the real
group ID of the caller.
PiperOrigin-RevId: 307127266
|
|
PiperOrigin-RevId: 307069884
|
|
Updates #1035
PiperOrigin-RevId: 306968644
|
|
When the listening socket is read shutdown, we need to reset all pending
and incoming connections. Ensure that the endpoint is not cleaned up
from the demuxer and subsequent bind to same port does not go through.
PiperOrigin-RevId: 306958038
|
|
Removed the TODO to use netlink.
PiperOrigin-RevId: 306721468
|
|
Attempt to redeliver TCP segments that are enqueued into a closing
TCP endpoint. This was being done for Established endpoints but not
for those that are listening or performing connection handshake.
Fixes #2417
PiperOrigin-RevId: 306598155
|
|
PiperOrigin-RevId: 306432289
|
|
PiperOrigin-RevId: 306348346
|
|
The work being done in these threads is not asynchronous with respect to
the test; that is, it is equivalent to issue non-blocking `connect`
calls serially, since the work is done asynchronously with respect to
the caller. Futhermore, this test was added to test closing a listener
with completed but not delivered connections, which never required
threading in the first place.
PiperOrigin-RevId: 306339486
|
|
PiperOrigin-RevId: 306306809
|
|
PiperOrigin-RevId: 306306494
|
|
PiperOrigin-RevId: 306303148
|
|
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs
and goferfs.
Note that because of the slightly different order of checks between VFS2 and
Linux, one of the xattr tests needs to be relaxed slightly.
Fixes #2363.
PiperOrigin-RevId: 305985121
|
|
It was added in cl/201419897 to deflake
socket_ip_tcp_loopback_non_blocking_test_gvisor.
It seems we don't need this hack, because the origin issue isn't
reproducible without this hack.
PiperOrigin-RevId: 305871748
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I5bb8fa7d580d173b1438d6465e1adb442216c8fa
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I033692bcf4f8139df29e369a12b150d10fccbe32
|
|
Block and drain requests in io_destroy(2).
Note the reason to create read-only mapping.
PiperOrigin-RevId: 305786312
|
|
PiperOrigin-RevId: 305782490
|
|
PiperOrigin-RevId: 305749697
|
|
The Linux does the same.
Reported-by: syzbot+e81716e8956e92e9d56b@syzkaller.appspotmail.com
PiperOrigin-RevId: 305625439
|
|
PiperOrigin-RevId: 305604557
|
|
PiperOrigin-RevId: 305592245
|
|
Determine system time from within the sentry rather than relying on the remote
filesystem to prevent inconsistencies.
Resolve related TODOs; the time discrepancies in question don't exist anymore.
PiperOrigin-RevId: 305557099
|
|
PiperOrigin-RevId: 305546584
|
|
Updates #164
PiperOrigin-RevId: 305544029
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
SO_REUSEPORT is not properly restored:
https://github.com/google/gvisor/issues/873
PiperOrigin-RevId: 305422775
|
|
PiperOrigin-RevId: 305328184
|
|
gofer operations accumulate dentries touched in a slice to call
checkCachingLocked on them when the operation is over. In case
the same dentry is touched multiple times during the operation,
checkCachingLocked, and consequently destroyLocked, may be called
more than once for the same dentry.
Updates #1198
PiperOrigin-RevId: 305276819
|
|
Running the test 1000x almost always produces 1+ test failures where
the sample count is slightly more than 60.
PiperOrigin-RevId: 305051754
|
|
PiperOrigin-RevId: 304684417
|
|
PiperOrigin-RevId: 304659346
|
|
PiperOrigin-RevId: 304641990
|
|
PiperOrigin-RevId: 304508083
|
|
The test is flaky in cooperative S/R mode because TCP timers are not restored
across a S/R. This can cause the TCPLinger2 timer to not fire. This change
disables S/R before setting the TCP_LINGER2 timeout.
PiperOrigin-RevId: 304430536
|
|
A socket mount where anonymous sockets will reside is added to the
VirtualFilesystem. Socketfs is built on top of kernfs.
Updates #1476, #1478, #1484, #1485.
PiperOrigin-RevId: 304095251
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: If30154a2d73e98f211cfe589853b232019b9e130
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I8008c0375fc7e23225a21026f359e78e691729e5
|
|
PiperOrigin-RevId: 303158421
|
|
PiperOrigin-RevId: 302987344
|
|
The only test failing now requires socket which is not
available in VFS2 yet.
Updates #1198
PiperOrigin-RevId: 302976572
|
|
In cl/302130790, we started using a temp directory which is provided by bazel.
By default, a test process has enough permissions to open it, but there is not
any guarantee that it still will be able to do this after changing credentials.
PiperOrigin-RevId: 302702337
|
|
Fixes #506
PiperOrigin-RevId: 302540404
|
|
Fixes #2058
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I05750d238a6425d3a47fae15720901f4dd924a32
|
|
PiperOrigin-RevId: 301208471
|