summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-11-12runsc: generate exec pidfile after everything is ready.Lantao Liu
PiperOrigin-RevId: 221123160 Change-Id: Ia7061d60d114d69f49aba853fe6bae3c733522b5
2018-11-12Remove obsolete TODOIan Gudger
PiperOrigin-RevId: 221117846 Change-Id: I2a43fd8135b1d1194ff81e98644ce6b6182ece50
2018-11-09Close donated files if containerManager.Start() failsFabricio Voznika
PiperOrigin-RevId: 220869535 Change-Id: I9917e5daf02499f7aab6e2aa4051c54ff4461b9a
2018-11-09Add an implementation of a SACK scoreboard as per RFC6675.Bhasker Hariharan
PiperOrigin-RevId: 220866996 Change-Id: I89d48215df57c00d6a6ec512fc18712a2ea9080b
2018-11-09Add tests multicontainer start/stopFabricio Voznika
Each container has its respective gofer. Test that gofer can be shutdown when a container stops and that it doesn't affect other containers. PiperOrigin-RevId: 220829898 Change-Id: I2a44a3cf2a88577e6ad1133afc622bbf4a5f6591
2018-11-08Implement sync_file_range()Andrei Vagin
sync_file_range - sync a file segment with disk In Linux, sync_file_range() accepts three flags: SYNC_FILE_RANGE_WAIT_BEFORE Wait upon write-out of all pages in the specified range that have already been submitted to the device driver for write-out before performing any write. SYNC_FILE_RANGE_WRITE Initiate write-out of all dirty pages in the specified range which are not presently submitted write-out. Note that even this may block if you attempt to write more than request queue size. SYNC_FILE_RANGE_WAIT_AFTER Wait upon write-out of all pages in the range after performing any write. In this implementation: SYNC_FILE_RANGE_WAIT_BEFORE without SYNC_FILE_RANGE_WAIT_AFTER isn't supported right now. SYNC_FILE_RANGE_WRITE is skipped. It should initiate write-out of all dirty pages, but it doesn't wait, so it should be safe to do nothing while nobody uses SYNC_FILE_RANGE_WAIT_BEFORE. SYNC_FILE_RANGE_WAIT_AFTER is equal to fdatasync(). In Linux, sync_file_range() doesn't writes out the file's meta-data, but fdatasync() does if a file size is changed. PiperOrigin-RevId: 220730840 Change-Id: Iae5dfb23c2c916967d67cf1a1ad32f25eb3f6286
2018-11-08Create stubs for syscalls upto Linux 4.4.Rahat Mahmood
Create syscall stubs for missing syscalls upto Linux 4.4 and advertise a kernel version of 4.4. PiperOrigin-RevId: 220667680 Change-Id: Idbdccde538faabf16debc22f492dd053a8af0ba7
2018-11-07Add test that volume can be mounted on top of a symlinkFabricio Voznika
PiperOrigin-RevId: 220588094 Change-Id: I18915e892ceac86eac1f89ebcadffb4fdf8d0cf6
2018-11-07Fix test --race violationFabricio Voznika
SetupContainerInRoot was setting Config.RootDir unnecessarily and causing a --race violation in TestMultiContainerDestroyStarting. PiperOrigin-RevId: 220580073 Change-Id: Ie0b28c19846106c7458a92681b708ae70f87d25a
2018-11-07AsyncBarrier should be run after all defers in destroyContainerFS.Nicolas Lacasse
destroyContainerFS must wait for all async operations to finish before returning. In an attempt to do this, we call fs.AsyncBarrier() at the end of the function. However, there are many defer'd DecRefs which end up running AFTER the AsyncBarrier() call. This CL fixes this by calling fs.AsyncBarrier() in the first defer statement, thus ensuring that it runs at the end of the function, after all other defers. PiperOrigin-RevId: 220523545 Change-Id: I5e96ee9ea6d86eeab788ff964484c50ef7f64a2f
2018-11-07Add more logging to controller.goFabricio Voznika
PiperOrigin-RevId: 220519632 Change-Id: Iaeec007fc1aa3f0b72569b288826d45f2534c4bf
2018-11-07Fix flaky TestCacheResolutionTimeoutFabricio Voznika
Increase timeout to prevent the entry from being found when there is delay on the address resolution goroutine that doesn't mark the request as failed. PiperOrigin-RevId: 220504789 Change-Id: I7e44fd95d8624bd69962f862fbf5517a81395f2a
2018-11-07Bump rules_go to v0.16.1 and go toolchain to v1.11.2.Nicolas Lacasse
PiperOrigin-RevId: 220492705 Change-Id: I6b7bc11acd5d407982e0038e7f0762975a56f4d4
2018-11-06Fix problem where crictl tests would signal both error and done channelsKevin Krakauer
PiperOrigin-RevId: 220372291 Change-Id: I054ba56a23c402c7244b476d7d6fe72084942a0e
2018-11-06Move bazelrc to new locationMichael Pratt
Bazel 0.18 moved the workspace bazelrc location from //tools/bazel.rc to //.bazelrc. The old location will be dropped by a future version of bazel. This bumps the minimum required version of bazel to 0.18. More context: https://groups.google.com/forum/#!msg/bazel-discuss/ycDacctX2vw/EGFxGLibAgAJ PiperOrigin-RevId: 220338084 Change-Id: Ib6fa83a4a0f89e8e898d67152c7bd429e0b9b21e
2018-11-06Internal change.Googler
PiperOrigin-RevId: 220314735 Change-Id: Ic519567e43f6caf042b9f223e517da40640b7d38
2018-11-05Fix race between start and destroyFabricio Voznika
Before this change, a container starting up could race with destroy (aka delete) and leave processes behind. Now, whenever a container is created, Loader.processes gets a new entry. Start now expects the entry to be there, and if it's not it means that the container was deleted. I've also fixed Loader.waitPID to search for the process using the init process's PID namespace. We could use a few more tests for signal and wait. I'll send them in another cl. PiperOrigin-RevId: 220224290 Change-Id: I15146079f69904dc07d43c3b66cc343a2dab4cc4
2018-11-05Log when external signal is receivedFabricio Voznika
PiperOrigin-RevId: 220204591 Change-Id: I21a9c6f5c12a376d18da5d10c1871837c4f49ad2
2018-11-05Use correct company name in copyright headerIan Gudger
These files were added with the wrong name after all of the existing files were corrected. PiperOrigin-RevId: 220202068 Change-Id: Ia0d15233c1aa69330356a7cf16b5aa00d978e09c
2018-11-05Merge segments in sender's writeListIan Gudger
PiperOrigin-RevId: 220185891 Change-Id: Iaea73fd7b2fa8c399b989cdcaabf4885f370df4b
2018-11-01First crictl integration tests.Kevin Krakauer
More tests will come, but it's worth getting what's done so far reviewed. PiperOrigin-RevId: 219734531 Change-Id: If15ca6e6855e3d1cc28c83b5f9c3a72cb65b2e59
2018-11-01Use spec with clean paths for goferFabricio Voznika
Otherwise the gofer's attach point may be different from sandbox when there symlinks in the path. PiperOrigin-RevId: 219730492 Change-Id: Ia9c4c2d16228c6a1a9e790e0cb673fd881003fe1
2018-11-01Add new log format that is compatible with KubernetesFabricio Voznika
Fluentd configuration uses 'log' for the log message while containerd uses 'msg'. Since we can't have a single JSON format for both, add another log format and make debug log configurable. PiperOrigin-RevId: 219729658 Change-Id: I2a6afc4034d893ab90bafc63b394c4fb62b2a7a0
2018-11-01Make error messages a bit more user friendly.Ian Lewis
Updated error messages so that it doesn't print full Go struct representations when running a new container in a sandbox. For example, this occurs frequently when commands are not found when doing a 'kubectl exec'. PiperOrigin-RevId: 219729141 Change-Id: Ic3a7bc84cd7b2167f495d48a1da241d621d3ca09
2018-11-01Prevent premature destruction of shm segments.Rahat Mahmood
Shm segments can be marked for lazy destruction via shmctl(IPC_RMID), which destroys a segment once it is no longer attached to any processes. We were unconditionally decrementing the segment refcount on shmctl(IPC_RMID) which allowed a user to force a segment to be destroyed by repeatedly calling shmctl(IPC_RMID), with outstanding memory maps to the segment. This is problematic because the memory released by a segment destroyed this way can be reused by a different process while remaining accessible by the process with outstanding maps to the segment. PiperOrigin-RevId: 219713660 Change-Id: I443ab838322b4fb418ed87b2722c3413ead21845
2018-11-01modify modeRegexp to adapt the default spec of containerdJuan
https://github.com/containerd/containerd/blob/master/oci/spec.go#L206, the mode=755 didn't match the pattern modeRegexp = regexp.MustCompile("0[0-7][0-7][0-7]"). Closes #112 Signed-off-by: Juan <xionghuan.cn@gmail.com> Change-Id: I469e0a68160a1278e34c9e1dbe4b7784c6f97e5a PiperOrigin-RevId: 219672525
2018-11-01Close http.Response.Body after Get request.Kevin Krakauer
From https://golang.org/pkg/net/http/#Get: "When err is nil, resp always contains a non-nil resp.Body. Caller should close resp.Body when done reading from it." PiperOrigin-RevId: 219658052 Change-Id: I556e88ac4f2c90cd36ab16cd3163d1a52afc32b7
2018-10-31Mark amutex_test as flaky.Rahat Mahmood
PiperOrigin-RevId: 219575226 Change-Id: If4e67b29110332c94013513fb111ec7e019f2915
2018-10-31Fix a race where keepalives could be sent while there is pending dataIan Gudger
PiperOrigin-RevId: 219571556 Change-Id: I5a1042c1cb05eb2711eb01627fd298bad6c543a6
2018-10-31Use syserr style error translation in netstack's rawfileIan Gudger
Replacing map lookups with slice indexing is higher performance. PiperOrigin-RevId: 219569901 Change-Id: I9b7cd22abd4b95383025edbd5a80d1c1a4496936
2018-10-31kvm: simplify floating point logic.Adin Scannell
This reduces the number of floating point save/restore cycles required (since we don't need to restore immediately following the switch, this always happens in a known context) and allows the kernel hooks to capture state. This lets us remove calls like "Current()". PiperOrigin-RevId: 219552844 Change-Id: I7676fa2f6c18b9919718458aa888b832a7db8cab
2018-10-31kvm: add detailed traces on vCPU errors.Adin Scannell
This improves debuggability greatly. PiperOrigin-RevId: 219551560 Change-Id: I2ecaffdd1c17b0d9f25911538ea6f693e2bc699f
2018-10-31Make lazy open the mode of operation for fsgoferFabricio Voznika
With recent changes to 9P server, path walks are now safe inside open, create, rename and setattr calls. To simplify the code, remove the lazyopen=false mode that was used for bind mounts, and converge all mounts to using lazy open. PiperOrigin-RevId: 219508628 Change-Id: I073e7e1e2e9a9972d150eaf4cb29e553997a9b76
2018-10-31kvm: avoid siginfo allocations.Adin Scannell
PiperOrigin-RevId: 219492587 Change-Id: I47f6fc0b74a4907ab0aff03d5f26453bdb983bb5
2018-10-31Remove ipv4.endpoint.addressTamir Duberstein
This field was added in the intial implementation, before Route existed to pass the local and remote addresses to the packet-writing path. Today, the Route's members should be respected. A similar bug was previously fixed in 214650822. PiperOrigin-RevId: 219474095 Change-Id: Id2a8ee4421d2841c8d88ccb3c193c455086350ee
2018-10-30kvm: use private futexes.Adin Scannell
Use private futexes for performance and to align with other runtime uses. PiperOrigin-RevId: 219422634 Change-Id: Ief2af5e8302847ea6dc246e8d1ee4d64684ca9dd
2018-10-30Clean up cpuid_parse_testMichael Pratt
Actually parse flags from cpuinfo to avoid mistakenly matching substrings in cpuinfo that happen to match a flags. Some features were only exposed in recent versions of Linux. Don't require them to appear in cpuinfo on old versions of Linux. Move PREFETCHWT1 back to parse only features. It isn't actually exposed in Linux yet. Move SDBG to shown features. It has been visible since Linux 4.3. PiperOrigin-RevId: 219381731 Change-Id: Ied7c0ee7c8a9879683e81933de56c9074b01108f
2018-10-29Install containerd and crictl when running tests in Kokoro.Kevin Krakauer
PiperOrigin-RevId: 219166563 Change-Id: If4922eb5dd119b00f2c4bc7a5e016016ce9b9e45
2018-10-29Add copybara rules to export C++ test code.Brian Geffon
PiperOrigin-RevId: 219166541 Change-Id: Ieebadaed4096eb48f00fba663e1c76fb41438078
2018-10-29Removes outdated TODO.Kevin Krakauer
PiperOrigin-RevId: 219151173 Change-Id: I73014ea648ae485692ea0d44860c87f4365055cb
2018-10-26Add AMD-specific features to cpuid packageMichael Pratt
Extend the cpuid package to parse and emulate cpuid features that exist only on AMD and not Intel. The least straightforward part of this is that AMD duplicates several block 1 features in block 6. Thus we ignore those features when parsing block 6 and add them when emulating. PiperOrigin-RevId: 218935032 Change-Id: Id41bf1c24720b0d9b968e2c19ab5bc00a6d62bd4
2018-10-26Add block 3 features to /proc/cpuinfoMichael Pratt
Linux added these block 3 features to the end of /proc/cpuinfo in dfb4a70f20c5b3880da56ee4c9484bdb4e8f1e65. This also fixes that block 3 features were completely missing from FeatureSet.FlagsString(false) because FlagsString only prints Linux blocks regardless of the cpuinfo option. PiperOrigin-RevId: 218913816 Change-Id: I2f9c38c7c9da4b247a140877d4aca782e80684bd
2018-10-26Order feature strings by blockMichael Pratt
PiperOrigin-RevId: 218894181 Change-Id: I97d0c74175f4aa528363f768a0a85d6953ea0bfd
2018-10-25Uninstall() should not fail if a cgroup directory doesn't existAndrei Vagin
It can be occurred if two controllers are mounted together or if Uninstall() is called on a error path. PiperOrigin-RevId: 218723886 Change-Id: I69d7a3c0685a7da38527ea8b7b301dbe96268285
2018-10-24Re-enable TestPythonHello now that ptrace seccomp issue is resolved.Nicolas Lacasse
PiperOrigin-RevId: 218636184 Change-Id: I44deac3f32276d06955c5fb1e28c5970bb08f5fd
2018-10-24Use TRAP to simplify vsyscall emulation.Adin Scannell
PiperOrigin-RevId: 218592058 Change-Id: I373a2d813aa6cc362500dd5a894c0b214a1959d7
2018-10-24Convert Unix transport to syserrIan Gudger
Previously this code used the tcpip error space. Since it is no longer part of netstack, it can use the sentry's error space (except for a few cases where there is still some shared code. This reduces the number of error space conversions required for hot Unix socket operations. PiperOrigin-RevId: 218541611 Change-Id: I3d13047006a8245b5dfda73364d37b8a453784bb
2018-10-24Mark netstack/tcpip/transport/tcp:tcp_test flakyFabricio Voznika
PiperOrigin-RevId: 218537640 Change-Id: I1c5f55a46390174e1f5caeff74b1a364fa3268d9
2018-10-24Run ptrace stubs in their own session and process group.Nicolas Lacasse
Pseudoterminal job control signals are meant to be received and handled by the sandbox process, but if the ptrace stubs are running in the same process group, they will receive the signals as well and inject then into the sentry kernel. This can result in duplicate signals being delivered (often to the wrong process), or a sentry panic if the ptrace stub is inactive. This CL makes the ptrace stub run in a new session. PiperOrigin-RevId: 218536851 Change-Id: Ie593c5687439bbfbf690ada3b2197ea71ed60a0e
2018-10-23Fix panic on creation of zero-len shm segments.Rahat Mahmood
Attempting to create a zero-len shm segment causes a panic since we try to allocate a zero-len filemem region. The existing code had a guard to disallow this, but the check didn't encode the fact that requesting a private segment implies a segment creation regardless of whether IPC_CREAT is explicitly specified. PiperOrigin-RevId: 218405743 Change-Id: I30aef1232b2125ebba50333a73352c2f907977da