Age | Commit message (Collapse) | Author |
|
In UDP endpoint.Write() sendUDP is called with e.mu Rlocked. But if this happens
to send a datagram over loopback which ends up generating an ICMP response of
say ErrNoPortReachable, the handling of the response in HandleControlPacket also
acquires e.mu using RLock. This is mostly fine unless there is a competing
caller trying to acquire e.mu in exclusive mode using Lock(). This will deadlock
as a caller waiting in Lock() disallows an new RLocks() to ensure it can
actually acquire the Lock.
This is documented here https://golang.org/pkg/sync/#RWMutex.
This change releases the endpoint mutex before calling sendUDP to resolve the
possibility of the deadlock.
Reported-by: syzbot+537989797548c66e8ee3@syzkaller.appspotmail.com
Reported-by: syzbot+eb0b73b4ab486f7673ba@syzkaller.appspotmail.com
PiperOrigin-RevId: 342894148
|
|
Fixes the behaviour of SO_ERROR for tcp sockets where in linux it returns
sk->sk_err and if sk->sk_err is 0 then it returns sk->sk_soft_err. In gVisor TCP
we endpoint.HardError is the equivalent of sk->sk_err and endpoint.LastError
holds soft errors. This change brings this into alignment with Linux such that
both hard/soft errors are cleared when retrieved using getsockopt(.. SO_ERROR)
is called on a socket.
Fixes #3812
PiperOrigin-RevId: 342868552
|
|
As part of this, change Task.interrupted() to not drain Task.interruptChan, and
do so explicitly using new function Task.unsetInterrupted() instead.
PiperOrigin-RevId: 342768365
|
|
- Make AddressableEndpoint optional for NetworkEndpoint.
Not all NetworkEndpoints need to support addressing (e.g. ARP), so
AddressableEndpoint should only be implemented for protocols that
support addressing such as IPv4 and IPv6.
With this change, tcpip.ErrNotSupported will be returned by the stack
when attempting to modify addresses on a network endpoint that does
not support addressing.
Now that packets are fully handled at the network layer, and (with this
change) addresses are optional for network endpoints, we no longer need
the workaround for ARP where a fake ARP address was added to each NIC
that performs ARP so that packets would be delivered to the ARP layer.
PiperOrigin-RevId: 342722547
|
|
Updates #4427
PiperOrigin-RevId: 342703931
|
|
PiperOrigin-RevId: 342366891
|
|
PiperOrigin-RevId: 342314586
|
|
Increase the wait time for the thread to be blocked on read/write
syscall.
PiperOrigin-RevId: 342204627
|
|
Store all the socket level options in a struct and call {Get/Set}SockOpt on
this struct. This will avoid implementing socket level options on all
endpoints. This CL contains implementing one socket level option for tcp and
udp endpoints.
PiperOrigin-RevId: 342203981
|
|
RELNOTES: n/a
PiperOrigin-RevId: 342176296
|
|
Most packets don't have options but they are an integral part of the
standard. Teaching the ipv4 code how to handle them will simplify future
testing and use. Because Options are so rare it is worth making sure
that the extra work is kept out of the fast path as much as possible.
Prior to this change, all usages of the IHL field of the IPv4Fields/Encode
system set it to the same constant value except in a couple of tests
for bad values. From this change IHL will not be a constant as it will
depend on the size of any Options. Since ipv4.Encode() now handles the
options it becomes a possible source of errors to let the callers set
this value, so remove it entirely and calculate the value from the size
of the Options if present (or not) therefore guaranteeing a correct value.
Fixes #4709
RELNOTES: n/a
PiperOrigin-RevId: 341864765
|
|
PiperOrigin-RevId: 341757694
|
|
PiperOrigin-RevId: 341732791
|
|
PiperOrigin-RevId: 341660511
|
|
Teach ICMP.Parser/ToBytes to handle some non echo ICMP packets.
Teach IPv4.Parser that fragments only have a payload, not an upper layer.
Fix IPv4 and IPv6 reassembly tests to handle the change.
Fixes #4758
PiperOrigin-RevId: 341549665
|
|
This Notify was added as part of cl/279106406; but notifying `EventHUp`
in `FIN_WAIT2` is incorrect, as we want to only notify later on
`TIME_WAIT` or a reset. However, we do need to notify any blocked
waiters of an activity on the endpoint with `EventIn`|`EventOut`.
PiperOrigin-RevId: 341490913
|
|
cl/340002915 modified the code to return EADDRNOTAVAIL if connect
is called for a localhost address which isn't set.
But actually, Linux returns EADDRNOTAVAIL for ipv6 addresses and ENETUNREACH
for ipv4 addresses.
Updates #4735
PiperOrigin-RevId: 341479129
|
|
PiperOrigin-RevId: 341470647
|
|
PiperOrigin-RevId: 341439435
|
|
PiperOrigin-RevId: 341172694
|
|
PiperOrigin-RevId: 341155693
|
|
This is consistent with what Linux does. This was causing a PHP runtime test
failure. Fixed it for VFS2.
PiperOrigin-RevId: 341155209
|
|
PiperOrigin-RevId: 341154192
|
|
Writes to pipes of size < PIPE_BUF are guaranteed to be atomic, so writes
larger than that will return EAGAIN if the pipe has capacity < PIPE_BUF.
Writes to eventfds will return EAGAIN if the write would cause the eventfd
value to go over the max.
In both such cases, calling Ready() on the FD will return true (because it is
possible to write), but specific kinds of writes will in fact return EAGAIN.
This CL fixes an infinite loop in splice and sendfile (VFS1 and VFS2) by
forcing skipping the readiness check for the outfile in send, splice, and tee.
PiperOrigin-RevId: 341102260
|
|
Port 0 is not meant to identify any remote port so attempting to send
a packet to it should return an error.
PiperOrigin-RevId: 341009528
|
|
This will allow us to run massive runtime tests live java to run in parallel
across multiple jobs.
PiperOrigin-RevId: 340956246
|
|
When OOM score adjustment needs to be set, all the containers need to be
loaded to find all containers that belong to the sandbox. However, each
load signals the container to ensure it is still alive. OOM score
adjustment is set during creation and deletion of every container, generating
a flood of signals to all containers. The fix removes the signal check
when it's not needed.
There is also a race fetching OOM score adjustment value from the parent when
the sandbox exits at the same time (the time it took to signal containers above
made this window quite large). The fix is to store the original value
in the sandbox state file and use it when the value needs to be restored.
Also add more logging and made the existing ones more consistent to help with
debugging.
PiperOrigin-RevId: 340940799
|
|
PiperOrigin-RevId: 340925131
|
|
- Disable saving in tests that wait for EINTR.
- Do not execute async-signal-unsafe code after fork() (see fork(2)'s manpage,
"After a fork in a multithreaded program ...")
- Check for errors returned by semctl(GETZCNT).
PiperOrigin-RevId: 340901353
|
|
PiperOrigin-RevId: 340763455
|
|
PiperOrigin-RevId: 340389884
|
|
fields order in stat struct is different from
x86 to arm64. Please refer to
x86_64-linux-gnu/bits/stat.h
aarch64-linux-gnu/bits/stat.h
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
The active_closefd has to be shutdown only for write,
otherwise the second poll will always return immediately.
The second poll should not be called from a separate thread.
PiperOrigin-RevId: 340319071
|
|
And in this case, tests will run in separate network namespaces
and will not affect each other.
PiperOrigin-RevId: 340267734
|
|
PiperOrigin-RevId: 340149214
|
|
In the docker container, the ipv6 loopback address is not set,
and connect("::1") has to return ENEADDRNOTAVAIL in this case.
Without this fix, it returns EHOSTUNREACH.
PiperOrigin-RevId: 340002915
|
|
kernel.copyContext{t} cannot be used outside of t's task goroutine, for three
reasons:
- t.CopyScratchBuffer() is task-goroutine-local.
- Calling t.MemoryManager() without running on t's task goroutine or locking
t.mu violates t.MemoryManager()'s preconditions.
- kernel.copyContext passes t as context.Context to MM IO methods, which is
illegal outside of t's task goroutine (cf. kernel.Task.Value()).
Fix this by splitting AsCopyContext() into CopyContext() (which takes an
explicit context.Context and is usable outside of the task goroutine) and
OwnCopyContext() (which uses t as context.Context, but is only usable by t's
task goroutine).
PiperOrigin-RevId: 339933809
|
|
The IPv6 reassembly test was also refactored to be easily extended with
more cases.
PiperOrigin-RevId: 339768605
|
|
PiperOrigin-RevId: 339699771
|
|
This makes handling inbound fragmented packets easier, because a fragmented
packet might not have an actual ICMP header but only a payload. After this
change, the ICMPv4 is the last layer you can get because the payload is
embedded in it.
Note that this makes it consistent with the ICMPv6 implementation.
While I'm here, I've also added the Ident and Sequence fields on the ICMPv4
type. Defaults are still zero.
PiperOrigin-RevId: 339577094
|
|
PiperOrigin-RevId: 339504677
|
|
PiperOrigin-RevId: 339476515
|
|
#4641 fixed the PHP runtime test ext/standard/tests/network/bug20134.phpt.
We should start testing it again.
Also excluded another flaky test. Seems like a test bug.
PiperOrigin-RevId: 339475716
|
|
PiperOrigin-RevId: 339459247
|
|
This change wakes up any waiters when we receive an ICMP port unreachable
control packet on an UDP socket as well as sets waiter.EventErr in
the result returned by Readiness() when e.lastError is not nil.
The latter is required where an epoll()/poll() is done after the error
is already handled since we will never notify again in such cases.
PiperOrigin-RevId: 339370469
|
|
This PR implements /proc/[pid]/mem for `pkg/sentry/fs` (refer to #2716) and `pkg/sentry/fsimpl`.
@majek
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/4060 from lnsp:proc-pid-mem 2caf9021254646f441be618a9bb5528610e44d43
PiperOrigin-RevId: 339369629
|
|
Updates #3921
PiperOrigin-RevId: 339195417
|
|
PiperOrigin-RevId: 339166854
|
|
Control messages collected when peeking into a socket were being leaked.
PiperOrigin-RevId: 339114961
|
|
PiperOrigin-RevId: 338805321
|