On UDP sockets, SO_REUSEADDR allows multiple sockets to bind to the same
address, but only delivers packets to the most recently bound socket. This
differs from the behavior of SO_REUSEADDR on TCP sockets. SO_REUSEADDR for TCP
sockets will likely need an almost completely independent implementation.
SO_REUSEADDR has some odd interactions with the similar SO_REUSEPORT. These
interactions are tested fairly extensively and all but one particularly odd
one (that honestly seems like a bug) behave the same on gVisor and Linux.
PiperOrigin-RevId: 315844832
LockFD is the generic implementation that can be embedded in
FileDescriptionImpl implementations. Unique lock ID is
maintained in vfs.FileDescription and is created on demand.
Updates #1480
PiperOrigin-RevId: 315604825
The current task can share its fdtable with a few other tasks,
but after exec, this should be a completely separate process.
PiperOrigin-RevId: 314999565
For TCP sockets gVisor incorrectly returns EAGAIN when no ephemeral ports are
available to bind during a connect. Linux returns EADDRNOTAVAIL. This change
fixes gVisor to return the correct code and adds a test for the same.
This change also fixes a minor bug for ping sockets where connect() would fail
with EINVAL unless the socket was bound first.
Also added tests for testing UDP Port exhaustion and Ping socket port
exhaustion.
PiperOrigin-RevId: 314988525
b/36576592 calls out an edge case previously not supported
by HostFS. HostFS is currently being removed, meaning gVisor
supports this feature. Simply add the test to open_test.
PiperOrigin-RevId: 314610226
Splice, setxattr and removexattr should generate events. Note that VFS2 already
generates events for extended attributes.
Updates #1479.
PiperOrigin-RevId: 314244261
Support in other filesystem impls is still needed. Unlike in Linux and vfs1, we
need to plumb inotify down to each filesystem implementation in order to keep
track of links/inode structures properly.
IN_EXCL_UNLINK still needs to be implemented, as well as a few inotify hooks
that are not present in either vfs1 or vfs2. Those will be addressed in
subsequent changes.
Updates #1479.
PiperOrigin-RevId: 313781995
With additional logging, the issue described by the new comment looks like:
D0518 21:28:08.416810 6777 task_signals.go:459] [ 8] Notified of signal 27
D0518 21:28:08.416852 6777 task_block.go:223] [ 8] Interrupt queued
D0518 21:28:08.417013 6777 task_run.go:250] [ 8] Switching to sentry
D0518 21:28:08.417033 6777 task_signals.go:220] [ 8] Signal 27: delivering to handler
D0518 21:28:08.417127 6777 task_run.go:248] [ 8] Switching to app
D0518 21:28:08.443765 6777 task_signals.go:519] [ 8] Refusing masked signal 27 // ED: note the ~26ms elapsed since TID 8 "switched to app"
D0518 21:28:08.443814 6777 task_signals.go:465] [ 6] Notified of group signal 27
D0518 21:28:08.443832 6777 task_block.go:223] [ 6] Interrupt queued
D0518 21:28:08.443914 6777 task_block.go:223] [ 6] Interrupt queued
D0518 21:28:08.443859 6777 task_run.go:250] [ 8] Switching to sentry
I0518 21:28:08.443936 6777 strace.go:576] [ 8] exe E rt_sigreturn()
Slow context switches on ptrace are probably due to kernel scheduling delays.
Slow context switches on KVM are less clear, so leave that bug and TODO open.
PiperOrigin-RevId: 312322782
On native Linux, calling recv/read right after send/write sometimes returns
EWOULDBLOCK, if the data has not made it to the receiving socket (even though
the endpoints are on the same host). Poll before reading to avoid this.
Making this change also uncovered a hostinet bug (gvisor.dev/issue/2726),
which is noted in this CL.
PiperOrigin-RevId: 312320587
Some functions were added for Arm64 platform:
a, get_fp/set_fp
b, inline_tgkill
Test step:
bazel test //test/syscalls:fpsig_nested_test_runsc_ptrace
Signed-off-by: Bin Lu <bin.lu@arm.com>
This change adds support for TCP_SYNCNT and TCP_WINDOW_CLAMP options
in GetSockOpt/SetSockOpt. This change does not really change any
behaviour in Netstack and only stores/returns the stored value.
Actual honoring of these options will be added as required.
Fixes#2626, #2625
PiperOrigin-RevId: 311453777
Some functions were added for Arm64 platform:
a, get_fp/set_fp
b, inline_tgkill
Test step:
bazel test //test/syscalls:fpsig_fork_test_runsc_ptrace
Signed-off-by: Bin Lu <bin.lu@arm.com>
There is the known issue of the linux procfs, that two consequent calls of
readdir can return the same entry twice if between these calls one or more
entries have been removed from this directory.
PiperOrigin-RevId: 309803066
Enforce write permission checks in BoundEndpointAt, which corresponds to the
permission checks in Linux (net/unix/af_unix.c:unix_find_other).
Also, create bound socket files with the correct permissions in VFS2.
Fixes#2324.
PiperOrigin-RevId: 308949084
TempPath's destructor runs at the end of the named pipe creation functions,
deleting the named pipe. If the named pipe is backed by a "non-virtual"
filesystem (!fs.Inode.IsVirtual()), this causes the following save attempt to
fail because there are FDs holding the deleted named pipe open.
PiperOrigin-RevId: 308861999
prlimit was erroneously comparing UIDs and GIDs when getting/setting a process'
own limits. From the manpage:
To set or get the resources of a process other than itself, the caller must have
the CAP_SYS_RESOURCE capability, or the real, effective, and saved set user IDs
of the target process must match the real user ID of the caller and the real,
effective, and saved set group IDs of the target process must match the real
group ID of the caller.
PiperOrigin-RevId: 307127266
When the listening socket is read shutdown, we need to reset all pending
and incoming connections. Ensure that the endpoint is not cleaned up
from the demuxer and subsequent bind to same port does not go through.
PiperOrigin-RevId: 306958038
Attempt to redeliver TCP segments that are enqueued into a closing
TCP endpoint. This was being done for Established endpoints but not
for those that are listening or performing connection handshake.
Fixes#2417
PiperOrigin-RevId: 306598155