3aa97c893d
Merge pull request #2043 from lubinszARM:pr_clean1
...
PiperOrigin-RevId: 298683502
2020-03-03 13:46:54 -08:00
c15b8515eb
Fix datarace on TransportEndpointInfo.ID and clean up semantics.
...
Ensures that all access to TransportEndpointInfo.ID is either:
* In a function ending in a Locked suffix.
* While holding the appropriate mutex.
This primary affects the checkV4Mapped method on affected endpoints, which has
been renamed to checkV4MappedLocked. Also document the method and change its
argument to be a value instead of a pointer which had caused some awkwardness.
This race was possible in the udp and icmp endpoints between Connect and uses
of TransportEndpointInfo.ID including in both itself and Bind.
The tcp endpoint did not suffer from this bug, but benefited from better
documentation.
Updates #357
PiperOrigin-RevId: 298682913
2020-03-03 13:42:13 -08:00
b3c549d839
Move temp_umask to test/util.
...
PiperOrigin-RevId: 298667595
2020-03-03 12:38:00 -08:00
fc3a09cd3c
code clean: minor changes to compatible with ubuntu18.04
...
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-03-03 17:45:59 +08:00
43abb24657
Fix panic caused by invalid address for Bind in packet sockets.
...
PiperOrigin-RevId: 298476533
2020-03-02 16:31:52 -08:00
d80b6a6e49
Merge pull request #2039 from avagin:update-golang.org-x-sys
...
PiperOrigin-RevId: 298457842
2020-03-02 15:11:33 -08:00
3310175250
Fix data-race when reading/writing e.amss.
...
PiperOrigin-RevId: 298451319
2020-03-02 14:45:03 -08:00
5fadbea3ed
Update golang.org/x/sys
...
It was downgraded by mistake in
e5d9a4010b
2020-03-02 14:40:45 -08:00
8821a7104f
Do not read-lock NIC recursively
...
A deadlock may occur if a write lock on a RWMutex is blocked between
nested read lock attempts as the inner read lock attempt will be
blocked in this scenario.
Example (T1 and T2 are differnt goroutines):
T1: obtain read-lock
T2: attempt write-lock (blocks)
T1: attempt inner/nested read-lock (blocks)
Here we can see that T1 and T2 are deadlocked.
Tests: Existing tests pass.
PiperOrigin-RevId: 298426678
2020-03-02 13:16:10 -08:00
f03e19d575
Merge pull request #1885 from avagin:arm64-pcids
...
PiperOrigin-RevId: 298405064
2020-03-02 11:42:04 -08:00
42fb7d3491
socket: take readMu to access readView
...
DATA RACE in netstack.(*SocketOperations).fetchReadView
Write at 0x00c001dca138 by goroutine 1001:
gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*SocketOperations).fetchReadView()
pkg/sentry/socket/netstack/netstack.go:418 +0x85
gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*SocketOperations).coalescingRead()
pkg/sentry/socket/netstack/netstack.go:2309 +0x67
gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*SocketOperations).nonBlockingRead()
pkg/sentry/socket/netstack/netstack.go:2378 +0x183d
Previous read at 0x00c001dca138 by goroutine 1111:
gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*SocketOperations).Ioctl()
pkg/sentry/socket/netstack/netstack.go:2666 +0x533
gvisor.dev/gvisor/pkg/sentry/syscalls/linux.Ioctl()
Reported-by: syzbot+d4c3885fcc346f08deb6@syzkaller.appspotmail.com
PiperOrigin-RevId: 298387377
2020-03-02 10:33:15 -08:00
62bd3ca8a3
Take write lock when removing xattr
...
PiperOrigin-RevId: 298380654
2020-03-02 10:07:13 -08:00
36b193b1db
Fix syscall test build error on arm64.
...
The error was introduced in the merge of PR #1471 .
Some codes are missing when adding bazel select_arch
command to the test/syscall/linux/BUILD file.
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I8cae3f4ae78c2e14671f3ac6e7361dc2806d9305
2020-03-02 07:35:30 +00:00
99e395e3b1
passed the syscall test case 'clock_getres' on Arm64 platform
...
Test command:
bazel test //test/syscalls:clock_getres_test_runsc_ptrace
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-03-02 10:59:13 +08:00
3d9ddeb339
Merge pull request #1929 from avagin:arm64-cpuid
...
PiperOrigin-RevId: 297982488
2020-02-28 18:47:17 -08:00
ab7ecdd66d
watchdog: print panic error message before other messages
...
This is needed for syzkaller to proper classify issues.
Right now, all watchdog issues are duped to one with the
subject "panic: Sentry detected stuck task(s). See stack
trace and message above for more details".
PiperOrigin-RevId: 297975363
2020-02-28 17:54:36 -08:00
413a9b7fdc
Define CPUIDInstruction for arm64
...
There is no cpuid instruction on arm64, so we need to defined it
just to avoid a compile time error.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
2020-02-28 17:07:01 -08:00
ce4d1e45bb
Run `./tools/go_mod.sh tidy`.
...
These dependencies do not need to be in our go.mod or go.sum files.
PiperOrigin-RevId: 297942163
2020-02-28 15:02:23 -08:00
837cf62551
pcids.go isn't arch-specific
...
Signed-off-by: Andrei Vagin <avagin@gmail.com>
2020-02-28 14:34:13 -08:00
ccecf29f3f
Bump rules_go to 0.22.0 and go toolchain to 1.14.
...
PiperOrigin-RevId: 297915917
2020-02-28 13:26:27 -08:00
df8740b8a7
Mark gettid and getdents as nogotsan
...
PiperOrigin-RevId: 297915815
2020-02-28 13:22:35 -08:00
463f4217d1
Make pipe buffer implementation standard.
...
A follow-up change will convert the networking code to use this standard
pipe implementation.
PiperOrigin-RevId: 297903206
2020-02-28 12:29:23 -08:00
6a3a8be301
Merge pull request #1827 from amscanne:fix_go_mod
...
PiperOrigin-RevId: 297895651
2020-02-28 11:54:41 -08:00
322dbfe06b
Allow to specify a separate log for GO's runtime messages
...
GO's runtime calls the write system call twice to print "panic:"
and "the reason of this panic", so here is a race window when
other threads can print something to the log and we will see
something like this:
panic: log messages from another thread
The reason of the panic.
This confuses the syzkaller blacklist and dedup detection.
It also makes the logs generally difficult to read. e.g.,
data races often have one side of the race, followed by
a large "diagnosis" dump, finally followed by the other
side of the race.
PiperOrigin-RevId: 297887895
2020-02-28 11:24:11 -08:00
6b4d36e325
Hide /dev/net/tun when using hostinet.
...
/dev/net/tun does not currently work with hostinet. This has caused some
program starts failing because it thinks the feature exists.
PiperOrigin-RevId: 297876196
2020-02-28 10:39:12 -08:00
e5d9a4010b
Add ability to execute go.mod in gopath context.
2020-02-28 10:21:17 -08:00
0f8a9e3623
Change dup2 call to dup3
...
We changed syscalls to allow dup3 for ARM64.
Updates #1198
PiperOrigin-RevId: 297870816
2020-02-28 10:15:20 -08:00
af6fab6514
Add nat table support for iptables.
...
- Fix review comments.
2020-02-28 10:00:38 -08:00
dd1ed5c789
skip vsyscall test cases on Arm64
...
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-02-28 14:47:50 +08:00
c96bb4d2eb
Fix apt-get reliability issues.
...
This is frequently causing the core build scripts to fail. The core ubuntu
distribution will perform an auto-update at first start, which may cause the
lock file to be held. All apt-get commands may be done in a loop in order to
retry to avoid this issue. We may want to consider retrying other pieces, but
for now this should avoid the most frequent cause of build flakes.
PiperOrigin-RevId: 297704789
2020-02-27 15:36:13 -08:00
88f7369922
Log oom_score_adj value on error
...
Updates #1873
PiperOrigin-RevId: 297695241
2020-02-27 14:59:38 -08:00
aa9f8abaef
Implement automated marshalling for newtypes on arrays.
...
PiperOrigin-RevId: 297693838
2020-02-27 14:52:26 -08:00
2cccf3d27b
Merge pull request #1346 from google:dependabot/bundler/benchmarks/workloads/ruby/puma-3.12.2
...
PiperOrigin-RevId: 297690302
2020-02-27 14:37:03 -08:00
c6bdc6b05b
Fix a race in TCP endpoint teardown and teardown the stack in tcp_test.
...
Call stack.Close on stacks when we are done with them in tcp_test. This avoids
leaking resources and reduces the test's flakiness when race/gotsan is enabled.
It also provides test coverage for the race also fixed in this change, which
can be reliably triggered with the stack.Close change (and without the other
changes) when race/gotsan is enabled.
The race was possible when calling Abort (via stack.Close) on an endpoint
processing a SYN segment as part of a passive connect.
Updates #1564
PiperOrigin-RevId: 297685432
2020-02-27 14:15:44 -08:00
d9ee81183f
Merge of a369c88c0c
...
PiperOrigin-RevId: 297674924
2020-02-27 13:34:23 -08:00
ff681b1747
Bump puma from 3.12.1 to 3.12.2 in /benchmarks/workloads/ruby
...
Bumps [puma](https://github.com/puma/puma ) from 3.12.1 to 3.12.2.
- [Release notes](https://github.com/puma/puma/releases )
- [Changelog](https://github.com/puma/puma/blob/master/History.md )
- [Commits](https://github.com/puma/puma/compare/v3.12.1...v3.12.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-02-27 20:52:41 +00:00
0eafb7eb27
Bump puma from 3.12.0 to 3.12.2 in /benchmarks/workloads/ruby_template
...
Bumps [puma](https://github.com/puma/puma ) from 3.12.0 to 3.12.2.
<details>
<summary>Release notes</summary>
*Sourced from [puma's releases](https://github.com/puma/puma/releases ).*
> v3.12.1
</details>
<details>
<summary>Changelog</summary>
*Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md ).*
> ## 4.3.1 and 3.12.2 / 2019-12-05
>
> * Security
> * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
>
> ## 4.3.0 / 2019-11-07
>
> * Features
> * Strip whitespace at end of HTTP headers ([#2010 ](https://github-redirect.dependabot.com/puma/puma/issues/2010 ))
> * Optimize HTTP parser for JRuby ([#2012 ](https://github-redirect.dependabot.com/puma/puma/issues/2012 ))
> * Add SSL support for the control app and cli ([#2046 ](https://github-redirect.dependabot.com/puma/puma/issues/2046 ), [#2052 ](https://github-redirect.dependabot.com/puma/puma/issues/2052 ))
>
> * Bugfixes
> * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564 ](https://github-redirect.dependabot.com/puma/puma/issues/1564 ))
> * Fix pumactl defaulting puma to development if an environment was not specified ([#2035 ](https://github-redirect.dependabot.com/puma/puma/issues/2035 ))
> * Fix closing file stream when reading pid from pidfile ([#2048 ](https://github-redirect.dependabot.com/puma/puma/issues/2048 ))
> * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050 ](https://github-redirect.dependabot.com/puma/puma/issues/2050 ))
>
> ## 4.2.1 / 2019-10-07
>
> * 3 bugfixes
> * Fix socket activation of systemd (pre-existing) unix binder files ([#1842 ](https://github-redirect.dependabot.com/puma/puma/issues/1842 ), [#1988 ](https://github-redirect.dependabot.com/puma/puma/issues/1988 ))
> * Deal with multiple calls to bind correctly ([#1986 ](https://github-redirect.dependabot.com/puma/puma/issues/1986 ), [#1994 ](https://github-redirect.dependabot.com/puma/puma/issues/1994 ), [#2006 ](https://github-redirect.dependabot.com/puma/puma/issues/2006 ))
> * Accepts symbols for `verify_mode` ([#1222 ](https://github-redirect.dependabot.com/puma/puma/issues/1222 ))
>
> ## 4.2.0 / 2019-09-23
>
> * 6 features
> * Pumactl has a new -e environment option and reads `config/puma/<environment>.rb` config files ([#1885 ](https://github-redirect.dependabot.com/puma/puma/issues/1885 ))
> * Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine ([#1934 ](https://github-redirect.dependabot.com/puma/puma/issues/1934 ))
> * Allow extra dependencies to be defined when using prune_bundler ([#1105 ](https://github-redirect.dependabot.com/puma/puma/issues/1105 ))
> * Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost ([#1786 ](https://github-redirect.dependabot.com/puma/puma/issues/1786 ))
> * Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces ([#1320 ](https://github-redirect.dependabot.com/puma/puma/issues/1320 ))
> * Puma threads all now have their name set on Ruby 2.3+ ([#1968 ](https://github-redirect.dependabot.com/puma/puma/issues/1968 ))
> * 4 bugfixes
> * Fix some misbehavior with phased restart and externally SIGTERMed workers ([#1908 ](https://github-redirect.dependabot.com/puma/puma/issues/1908 ), [#1952 ](https://github-redirect.dependabot.com/puma/puma/issues/1952 ))
> * Fix socket closing on error ([#1941 ](https://github-redirect.dependabot.com/puma/puma/issues/1941 ))
> * Removed unnecessary SIGINT trap for JRuby that caused some race conditions ([#1961 ](https://github-redirect.dependabot.com/puma/puma/issues/1961 ))
> * Fix socket files being left around after process stopped ([#1970 ](https://github-redirect.dependabot.com/puma/puma/issues/1970 ))
> * Absolutely thousands of lines of test improvements and fixes thanks to [@​MSP-Greg](https://github.com/MSP-Greg )
>
> ## 4.1.1 / 2019-09-05
>
> * 3 bugfixes
> * Revert our attempt to not dup STDOUT/STDERR ([#1946 ](https://github-redirect.dependabot.com/puma/puma/issues/1946 ))
> * Fix socket close on error ([#1941 ](https://github-redirect.dependabot.com/puma/puma/issues/1941 ))
> * Fix workers not shutting down correctly ([#1908 ](https://github-redirect.dependabot.com/puma/puma/issues/1908 ))
>
> ## 4.1.0 / 2019-08-08
>
></tr></table> ... (truncated)
</details>
<details>
<summary>Commits</summary>
- [`bb29fc7`](bb29fc7fe8058df12b7806053e6090461c9e99787e2c88d41336964ec429#1700 ](https://github-redirect.dependabot.com/puma/puma/issues/1700 ) from schneems/schneems/fix-puma-rack-handler-config
- [`c24c0c8`](c24c0c8834e5d566ed81#1682 ](https://github-redirect.dependabot.com/puma/puma/issues/1682 ) from MSP-Greg/update-travis-ruby
- [`cecc44a`](cecc44aa0a#1701 ](https://github-redirect.dependabot.com/puma/puma/issues/1701 ) from schneems/schneems/m
- [`ce57cfb`](ce57cfb8c3https://github.com/puma/puma/compare/v3.12.0...v3.12.2 )
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/gvisor/network/alerts ).
</details>
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/1345 from google:dependabot/bundler/benchmarks/workloads/ruby_template/puma-3.12.2 2be8d923b4cf5452e763ce369803f2729876b209
PiperOrigin-RevId: 297664218
2020-02-27 12:51:25 -08:00
6b2e48514e
Merge pull request #1971 from google:dependabot/bundler/benchmarks/workloads/ruby/rack-2.2.2
...
PiperOrigin-RevId: 297664184
2020-02-27 12:47:08 -08:00
246b34dabd
Bump rack from 2.0.7 to 2.2.2 in /benchmarks/workloads/ruby
...
Bumps [rack](https://github.com/rack/rack ) from 2.0.7 to 2.2.2.
- [Release notes](https://github.com/rack/rack/releases )
- [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rack/rack/compare/2.0.7...v2.2.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-02-27 20:26:02 +00:00
abf7ebcd38
Internal change.
...
PiperOrigin-RevId: 297638665
2020-02-27 11:00:41 -08:00
8e2b14fecf
Use automated release notes, if available.
...
PiperOrigin-RevId: 297628615
2020-02-27 10:22:41 -08:00
5f0e8e6239
Prepare the vcpu environment for sentry on Arm64
...
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-02-27 01:19:28 -05:00
8fb84f78ad
Fix construct of linux.Stat for arm64.
...
PiperOrigin-RevId: 297494373
2020-02-26 19:29:27 -08:00
6ddeb35ed4
Merge pull request #1912 from lubinszARM:pr_kvm_build
...
PiperOrigin-RevId: 297492004
2020-02-26 19:09:45 -08:00
de0b2ebf86
Add getsockopt tests for SO_SNDTIMEO and SO_RCVTIMEO
...
PiperOrigin-RevId: 297485310
2020-02-26 18:17:23 -08:00
9fccf98c0d
Fix merge conflicts.
2020-02-26 13:18:35 -08:00
408979e619
iptables: filter by IP address (and range)
...
Enables commands such as:
$ iptables -A INPUT -d 127.0.0.1 -j ACCEPT
$ iptables -t nat -A PREROUTING ! -d 127.0.0.1 -j REDIRECT
Also adds a bunch of REDIRECT+destination tests.
2020-02-26 11:04:00 -08:00
d8ed784311
add profile option
2020-02-26 16:49:51 +09:00
a92087f0f8
Add VFS.NewDisconnectedMount().
...
Analogous to Linux's kern_mount().
PiperOrigin-RevId: 297259580
2020-02-25 19:13:30 -08:00
fba479b3c7
Fix DATA RACE in fs.MayDelete.
...
MayDelete must lock the directory also, otherwise concurrent renames may
race. Note that this also changes the methods to be aligned with the actual
Remove and RemoveDirectory methods to minimize confusion when reading the
code. (It was hard to see that resolution was correct.)
PiperOrigin-RevId: 297258304
2020-02-25 19:04:15 -08:00
gVisor bot
Ian Gudger
Adin Scannell
Bin Lu
Nayana Bidari
Bhasker Hariharan
Andrei Vagin
Ghanan Gowripalan
Andrei Vagin
Michael Pratt
Haibo Xu
Nicolas Lacasse
Zach Koopmans
Ting-Yu Wang
Fabricio Voznika
Rahat Mahmood
dependabot[bot]
Jay Zhuang
Kevin Krakauer
moricho
Jamie Liu