| Age | Commit message (Collapse) | Author |
|---|
|
It's safe to call SetAttr and Allocate on fsgofer because the
file path is not used to open the file, if needed.
Fixes #3654
PiperOrigin-RevId: 407149393
|
|
Reported-by: syzbot+f9ecb181a4b3abdde9b9@syzkaller.appspotmail.com
Reported-by: syzbot+8c5cb9d7a044a91a513b@syzkaller.appspotmail.com
PiperOrigin-RevId: 406951359
|
|
Bug: https://fxbug.dev/81592
PiperOrigin-RevId: 405710156
|
|
As documented in FilesystemType.GetFilesystem, a reference should be taken on
the returned dentry and filesystem by GetFilesystem implementation. mqfs did
not do that.
Additionally cleanup and clarify ref counting of dentry, filesystem and mount
in mqfs.
Reported-by: syzbot+a2c54bfb6e1525228e5f@syzkaller.appspotmail.com
Reported-by: syzbot+ccd305cdab11cfebbfff@syzkaller.appspotmail.com
PiperOrigin-RevId: 405700565
|
|
PiperOrigin-RevId: 405674425
|
|
VFS1 discards the value of f_namelen returned by the filesystem and returns
NAME_MAX unconditionally instead, so it doesn't run into this. Also set
f_frsize for completeness.
PiperOrigin-RevId: 405579707
|
|
As caught by syzkaller, we were leaking non-permission bits while passing the
user generated mode. DynamicBytesFile panics in this case.
Reported-by: syzbot+5abe52d47d56a5a98c89@syzkaller.appspotmail.com
PiperOrigin-RevId: 405481392
|
|
Wait when a child process will start to measure a blocking time more precise.
PiperOrigin-RevId: 405478376
|
|
"cri.runtimeoptions.v1" moved to "runtimeoptions.v1" and containerd
configuration format version 2 is required.
Updates #6449
PiperOrigin-RevId: 405474653
|
|
PiperOrigin-RevId: 404901660
|
|
This change enables VFS2 by default. VFS2 is much faster than the previous
implementation and it's also more compatible. VFS1 is no longer supported and
will be deleted from the code.
Use `--vfs2=false` if you need to disable it. Make sure to report a bug if you
have the need to disable VFS2 or something is not working for you.
Closes #1035
PiperOrigin-RevId: 404898135
|
|
PiperOrigin-RevId: 404382475
|
|
The in-progress Go 1.18's testing.corpusEntry changed definition slightly in
https://golang.org/cl/354632. Update our definition to the new version.
PiperOrigin-RevId: 404040853
|
|
tcpip.Error does not implement error and thus cannot be used with %w.
This was flagged by nogo.
PiperOrigin-RevId: 403458480
|
|
gVisor was previously reporting the lower of cgroup limit or 2GB as total
memory. This may cause applications to make bad decisions based on amount
of memory available to them when more than 2GB is required.
This change makes the lower of cgroup limit or the host total memory to be
reported inside the sandbox. This also is more inline with docker which always
reports host total memory. Note that reporting cgroup limit is strictly better
than host total memory when there is a limit set.
Fixes #5608
PiperOrigin-RevId: 403241608
|
|
PiperOrigin-RevId: 403241314
|
|
PiperOrigin-RevId: 402995191
|
|
We don't want the read to block and want to test that epoll_wait returns only
when there is data available in rfd to be read.
PiperOrigin-RevId: 402631091
|
|
Prior to cl/318010298, //pkg/state couldn't handle pointers to struct fields,
which meant that it couldn't handle intrusive linked lists, which meant that it
couldn't handle waiter.Queue, which meant that it couldn't handle epoll. As a
result, VFS1 unregisters all epoll waiters before saving and re-registers them
after loading, and waitable VFS1 file implementations tag their waiter.Queues
state:"nosave" (causing them to be skipped by the save/restore machinery) or
state:"zerovalue" (causing them to only be checked for zero-value-equality on
save).
VFS2 required cl/318010298 to support save/restore (due to the Impl inheritance
pattern used by vfs.FileDescription, vfs.Dentry, etc.); correspondingly, VFS2
epoll assumes that waiter.Queues *will be* saved and loaded correctly, and VFS2
file implementations do not tag waiter.Queues.
Some waiter.Queues, e.g. pipe.Pipe.Queue and kernel.Task.signalQueue, are used
by both VFS1 and VFS2 (the latter via signalfd); as a result of the above,
tagging these Queues state:"nosave" or state:"zerovalue" breaks VFS2 epoll.
Remove VFS1 epoll unregistration before saving (bringing it in line with VFS2),
and remove these tags from all waiter.Queues.
Also clean up after the epoll test added by cl/402323053, which implied this
issue (by instantiating DisableSave in the new test) without reporting it.
PiperOrigin-RevId: 402596216
|
|
Updates #1584, #3556.
PiperOrigin-RevId: 402354066
|
|
PiperOrigin-RevId: 402323053
|
|
Go1.18 is changing the signature of testing.MainStart. To ensure compatibility,
we wrap MainStart and different implementations for versions before/after
Go1.18.
PiperOrigin-RevId: 401362668
|
|
Linux prevents setting `IP_MULTICAST_IF` to a device when
`SO_BINDTODEVICE` is set to another device. gVsior allows this.
PiperOrigin-RevId: 401267471
|
|
gVisor is a strong host, preventing packets from being sent from a
device using the another device's address as the source. Linux is a weak
host which allows this.
Updates #6686.
PiperOrigin-RevId: 401260128
|
|
PiperOrigin-RevId: 401251635
|
|
- Inline `IfAddrHelper` into its sole user
- Implement pretty-printing `sockaddr_ll`
- Make test class members private, add const accessors
- Log all interface addresses on SetUp for b/137899561
Simplify some things while I'm here.
PiperOrigin-RevId: 401112402
|
|
PiperOrigin-RevId: 400952164
|
|
Before checking if there is space in the accept queue, the listener
should verify that the cookie is valid. If it is not, instead of
silently dropping the packet, reply with an RST.
Fixes #6683
PiperOrigin-RevId: 400807346
|
|
Updates #6683
PiperOrigin-RevId: 400745768
|
|
PiperOrigin-RevId: 400258924
|
|
This obsoletes the need for the pendingMu and pending, since they are redundant
with acceptMu and pendingAccepted.
Fixes #6671.
PiperOrigin-RevId: 400162391
|
|
Enhance the backlog test to exercise the syn queue.
Updates #6671.
PiperOrigin-RevId: 400094530
|
|
This prevents an iptables failure from deadlocking the test.
PiperOrigin-RevId: 399822238
|
|
Support mq_open and mq_unlink, and enable syscall tests.
Updates #136
|
|
|
|
PiperOrigin-RevId: 398849334
|
|
Some /proc files are static in gVisor, but can be updated in native
linux. To test the values of these files, move them to a separate test
and run it using "container" tag to avoid faulty comparisons in native.
Since a separate IPC namespace is used, update shm comparisons to check
the actual value, not an interval.
|
|
An ICMP endpoint's write path can use the datagram-based endpoint.
Updates #6565.
Test: Datagram-based generic socket + ICMP/ping syscall tests.
PiperOrigin-RevId: 398539844
|
|
Fixes #6495
PiperOrigin-RevId: 398121921
|
|
Before this change, when a new connection was created after receiving
an ACK that matched a SYN-cookie, it was always delivered asynchronously
to the accept queue. There was a chance that the listening endpoint
would process a SYN from another client before the delivery happened,
and the listening endpoint would not know yet that the queue was about
to be full, once the delivery happened.
Now, when an ACK matching a SYN-cookie is received, the new endpoint is
created and moved to the accept queue synchronously, while holding the
accept lock.
Fixes #6545
PiperOrigin-RevId: 398107254
|
|
Updates #6621
PiperOrigin-RevId: 397898852
|
|
Once a packet socket is bound to a network protocol, it cannot be
unbound from that protocol; the network protocol binding may only be
updated to a different network protocol.
To comply with Linux.
PiperOrigin-RevId: 397810878
|
|
PiperOrigin-RevId: 397631833
|
|
...to change the network protocol a packet socket may receive packets
from.
This CL is a portion of an originally larger CL that was split with
https://github.com/google/gvisor/commit/a8ad692fd36cbaf7f5a6b9af39d601053dbee338
being the dependent CL. That CL (accidentally) included the change in
the endpoint's `afterLoad` method to take the required lock when
accessing the endpoint's netProto field. That change should have been in
this CL.
The CL that made the change mentioned in the commit message is
cl/396946187.
PiperOrigin-RevId: 397412582
|
|
...even protocols the stack is unaware of.
While I am here, annotate checklocks on stack.packetEndpointList.
PiperOrigin-RevId: 397226754
|
|
...so that a later change can add a new packet_socket syscall test
target that holds raw/dgram packet socket generic common tests. The
current packet_socket syscall test target holds tests specific to
dgram packet sockets.
While I am here, remove the defines for the packet_socket_raw_test
target as no code is guarded with `__linux__` in the target's sources.
PiperOrigin-RevId: 397217761
|
|
In the general case, files may have offsets between MaxInt64 and MaxUint64; in
Linux pgoff is consistently represented by an unsigned long, and in gVisor the
offset types in memmap.MappableRange are uint64. However, regular file mmap is
constrained to int64 offsets (on 64-bit systems) by
mm/mmap.c:file_mmap_size_max() => MAX_LFS_FILESIZE == LLONG_MAX.
As a related fix, check for chunkStart overflow in fsutil.HostFileMapper; chunk
offsets are uint64s, but as noted above some file types may use uint64 offsets
beyond MaxInt64.
Reported-by: syzbot+71342a1585aed97ed9f7@syzkaller.appspotmail.com
PiperOrigin-RevId: 397136751
|
|
...to match Linux behaviour.
Fixes #5711.
PiperOrigin-RevId: 397132671
|
|
Replaced the current AddAddressWithOptions method with
AddAddressWithProperties which passes all address properties in
a single AddressProperties type. More properties that need to be
configured in the future are expected, so adding a type makes adding
them easier.
PiperOrigin-RevId: 396930729
|
|
Updates #136
|
