summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-04-05Fix listen backlog handling to be in parity with LinuxMithun Iyer
- Change the accept queue full condition for a listening endpoint to only honor completed (and delivered) connections. - Use syncookies if the number of incomplete connections is beyond listen backlog. This also cleans up the SynThreshold option code as that is no longer used with this change. - Added a new stack option to unconditionally generate syncookies. Similar to sysctl -w net.ipv4.tcp_syncookies=2 on Linux. - Enable keeping of incomplete connections beyond listen backlog. - Drop incoming SYNs only if the accept queue is filled up. - Drop incoming ACKs that complete handshakes when accept queue is full - Enable the stack to accept one more connection than programmed by listen backlog. - Handle backlog argument being zero, negative for listen, as Linux. - Add syscall and packetimpact tests to reflect the changes above. - Remove TCPConnectBacklog test which is polling for completed connections on the client side which is not reflective of whether the accept queue is filled up by the test. The modified syscall test in this CL addresses testing of connecting sockets. Fixes #3153 PiperOrigin-RevId: 366935921
2021-04-05Report task CPU usage through the cpuacct cgroup controller.Rahat Mahmood
PiperOrigin-RevId: 366923274
2021-04-05Add initial verity ioctl syscall testsChong Cai
PiperOrigin-RevId: 366907152
2021-04-05Enable Checkpoint/Restore test with VFS2Fabricio Voznika
Closes #3373 PiperOrigin-RevId: 366903991
2021-04-05Add fsstress on tmpfs to presubmitFabricio Voznika
Updates #5273 PiperOrigin-RevId: 366902314
2021-04-05Allow default control values to be set for cgroupfs.Rahat Mahmood
PiperOrigin-RevId: 366891806
2021-04-05Actually don't run unlink_benchmark with TSAN.Ayush Ranjan
This benchmark currently takes > 15 minutes to run in that case. PiperOrigin-RevId: 366891726
2021-04-05deflake semaphore testKevin Krakauer
There's no reason to actually increment the semaphore, it just introduces the chance of a race. PiperOrigin-RevId: 366851795
2021-04-05Allow user mount for verity fsChong Cai
Allow user mounting a verity fs on an existing mount by specifying mount flags root_hash and lower_path. PiperOrigin-RevId: 366843846
2021-04-05Set Verity bit in verity_prepare cmdChong Cai
This is needed to enable Xattrs features required by verity. PiperOrigin-RevId: 366843640
2021-04-05Fail tests when container returns non-zero statusFabricio Voznika
PiperOrigin-RevId: 366839955
2021-04-05Don't run unlink_benchmark with TSAN.Adin Scannell
This benchmark currently takes > 15 minutes to run in that case. PiperOrigin-RevId: 366817185
2021-04-03Remove eternal and enormous tests.Adin Scannell
PiperOrigin-RevId: 366573366
2021-04-02Implement cgroupfs.Rahat Mahmood
A skeleton implementation of cgroupfs. It supports trivial cpu and memory controllers with no support for hierarchies. PiperOrigin-RevId: 366561126
2021-04-02Internal change.gVisor bot
PiperOrigin-RevId: 366555466
2021-04-02Implement the runsc verity-prepare command.Rahat Mahmood
Implement a new runsc command to set up a sandbox with verityfs and run the measure tool. This is loosely forked from the do command, and currently requires the caller to provide the measure tool binary. PiperOrigin-RevId: 366553769
2021-04-02Add vfs1 to go/runsc-benchmarksZach Koopmans
PiperOrigin-RevId: 366470480
2021-04-02Internal change.gVisor bot
PiperOrigin-RevId: 366462448
2021-04-01Internal changesBhasker Hariharan
PiperOrigin-RevId: 366344805
2021-04-01Remove invalid dependency.Adin Scannell
PiperOrigin-RevId: 366344222
2021-04-01Internal change.gVisor bot
PiperOrigin-RevId: 366292533
2021-03-30Fix panic when overriding /dev files with VFS2Fabricio Voznika
VFS1 skips over mounts that overrides files in /dev because the list of files is hardcoded. This is not needed for VFS2 and a recent change lifted this restriction. However, parts of the code were still skipping /dev mounts even in VFS2, causing the loader to panic when it ran short of FDs to connect to the gofer. PiperOrigin-RevId: 365858436
2021-03-29[syserror] Split usermem packageZach Koopmans
Split usermem package to help remove syserror dependency in go_marshal. New hostarch package contains code not dependent on syserror. PiperOrigin-RevId: 365651233
2021-03-29Merge pull request #5728 from zhlhahaha:2091gVisor bot
PiperOrigin-RevId: 365613394
2021-03-29[perf] Reduce contention in ptrace.threadPool.lookupOrCreate().Ayush Ranjan
lookupOrCreate is called from subprocess.switchToApp() and subprocess.syscall(). lookupOrCreate() looks for a thread already created for the current TID. If a thread exists (common case), it returns immediately. Otherwise it creates a new one. This change switches to using a sync.RWMutex. The initial thread existence lookup is now done only with the read lock. So multiple successful lookups can occur concurrently. Only when a new thread is created will it acquire the lock for writing and update the map (which is not the common case). Discovered in mutex profiles from the various ptrace benchmarks. Example: https://gvisor.dev/profile/gvisor-buildkite/fd14bfad-b30f-44dc-859b-80ebac50beb4/843827db-da50-4dc9-a2ea-ecf734dde2d5/tmp/profile/ptrace/BenchmarkFio/operation.write/blockSize.4K/filesystem.tmpfs/benchmarks/fio/mutex.pprof/flamegraph PiperOrigin-RevId: 365612094
2021-03-25Use seqfile.SeqHandles correctly in VFS1 /proc/net/.Jamie Liu
Before this change: ``` $ docker run --runtime=runsc --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = EOF $ docker run --runtime=runsc-vfs2 --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = 256 ``` After this change: ``` $ docker run --runtime=runsc --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = 256 $ docker run --runtime=runsc-vfs2 --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = 256 ``` Fixes #5732 PiperOrigin-RevId: 365178386
2021-03-25Lock TaskSet mutex for writing in ptraceClone().Jamie Liu
This is necessary since ptraceClone() mutates tracer.ptraceTracees. PiperOrigin-RevId: 365152396
2021-03-25setgid: skip tests when we can't find usable GIDsKevin Krakauer
PiperOrigin-RevId: 365092320
2021-03-25Fix comments errorHoward Zhang
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2021-03-25Fix nogo test errorHoward Zhang
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2021-03-24Fix path to runsc in CNI tutorial.Ian Lewis
PiperOrigin-RevId: 364931406
2021-03-24Fix highlighting sidebar menu on the websiteIan Lewis
Highlighting previously highlighted multiple items in the sidebar if the had the same page name (not full url). This change simplifies this by adding the highlight class in the jekyll template rather than javascript, and highlights only the correct page. PiperOrigin-RevId: 364931350
2021-03-24Add POLLRDNORM/POLLWRNORM support.Bhasker Hariharan
On Linux these are meant to be equivalent to POLLIN/POLLOUT. Rather than hack these on in sys_poll etc it felt cleaner to just cleanup the call sites to notify for both events. This is what linux does as well. Fixes #5544 PiperOrigin-RevId: 364859977
2021-03-24Fix data race in fdbased when accessing fanoutID.Bhasker Hariharan
PiperOrigin-RevId: 364859173
2021-03-24Unexpose immutable fields in stack.RouteNick Brown
This change sets the inner `routeInfo` struct to be a named private member and replaces direct access with access through getters. Note that direct access to the fields of `routeInfo` is still possible through the `RouteInfo` struct. Fixes #4902 PiperOrigin-RevId: 364822872
2021-03-23Merge pull request #5677 from avagin:kvm-mmiogVisor bot
PiperOrigin-RevId: 364728696
2021-03-23Move the code that manages floating-point state to a separate packageAndrei Vagin
This change is inspired by Adin's cl/355256448. PiperOrigin-RevId: 364695931
2021-03-23Add --file-access-mounts flagFabricio Voznika
--file-access-mounts flag is similar to --file-access, but controls non-root mounts that were previously mounted in shared mode only. This gives more flexibility to control how mounts are shared within a container. PiperOrigin-RevId: 364669882
2021-03-23setgid directory support in goferfsKevin Krakauer
Also adds support for clearing the setuid bit when appropriate (writing, truncating, changing size, changing UID, or changing GID). VFS2 only. PiperOrigin-RevId: 364661835
2021-03-23Skip checklocks analysis for stateify generated code.Rahat Mahmood
Stateify methods are always called without holding the appropriate locks. The system is paused and we know there will be no mutations when we call Save/Load, so this is perfectly safe. However, checklocks can't know about this, and it will always complain. Mark stateify generated methods that touch struct fields as "checklocksignore" to avoid this. PiperOrigin-RevId: 364610241
2021-03-23Allow FSETXATTR/FGETXATTR host calls for VerityChong Cai
These host calls are needed for Verity fs to generate/verify hashes. PiperOrigin-RevId: 364598180
2021-03-23Use constant (TestInitialSequenceNumber) instead of integer (789) in tests.Nayana Bidari
PiperOrigin-RevId: 364596526
2021-03-23Split fio read/write and randread/randwrite operationsZach Koopmans
The fio benchmark was changed to a fixed size read/write ammount because the timed benchmark was overwhelming machine memory on tmpfs mounts. Now rand(read|write) operations are prohibitively long, leading to timeouts. Split the benchmarks as they were in python bm-tools: the read/write as fixed sized (1GB) and the rand(read|write) as timed operations (15s). PiperOrigin-RevId: 364584436
2021-03-23Explicitly allow martian loopback packetsGhanan Gowripalan
...instead of opting out of them. Loopback traffic should be stack-local but gVisor has some clients that depend on the ability to receive loopback traffic that originated from outside of the stack. Because of this, we guard this change behind IP protocol options. A previous change provided the facility to deny these martian loopback packets but this change requires client to opt-in to accepting martian loopback packets as accepting martian loopback packets are not meant to be accepted, as per RFC 1122 section 3.2.1.3.g: (g) { 127, <any> } Internal host loopback address. Addresses of this form MUST NOT appear outside a host. PiperOrigin-RevId: 364581174
2021-03-22Update apt repository to limit to supported architectures.Adin Scannell
Fixes #5703 PiperOrigin-RevId: 364492235
2021-03-22[lisa] Support dynamic types for all types.Ayush Ranjan
We were only supporting dynamic struct types. With this change, users can make any type dynamic. The tool (correctly) blindly just generates the remaining methods needed to implement Marshallable using the 3 methods defined by the user on the dynamic type. This is helpful in situations like: type StringArray []string Added a test for such a use case. PiperOrigin-RevId: 364463164
2021-03-22Fix logs for packetimpact tests cleanupZeling Feng
- Don't cleanup containers in Network.Cleanup, otherwise containers will be killed and removed several times. - Don't set AutoRemove for containers. This will prevent the confusing 'removal already in progress' messages. Fixes #3795 PiperOrigin-RevId: 364404414
2021-03-22Return tcpip.Error from (*Stack).GetMainNICAddressGhanan Gowripalan
PiperOrigin-RevId: 364381970
2021-03-22Emit comment about build tags in gomarshal generated files.Rahat Mahmood
This may be useful for tracking down where build tags come from and understanding tag import issues in generated files. PiperOrigin-RevId: 364374931
2021-03-22Avoid calling sync on each write in writethrough mode.Nicolas Lacasse
PiperOrigin-RevId: 364370595