summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-07-12sentry: save inet stacks in proc files.Zhaozhong Ni
PiperOrigin-RevId: 204362791 Change-Id: If85ea7442741e299f0d7cddbc3d6b415e285da81
2018-07-12netstack: save tcp endpoint accepted channel directly.Zhaozhong Ni
PiperOrigin-RevId: 204356873 Change-Id: I5e2f885f58678e693aae1a69e8bf8084a685af28
2018-07-12netstack: do not defer panicable logic in tcp main loop.Zhaozhong Ni
PiperOrigin-RevId: 204355026 Change-Id: I1a8229879ea3b58aa861a4eb4456fd7aff99863d
2018-07-12runsc: Don't close the control server in a defer.Nicolas Lacasse
Closing the control server will block until all open requests have completed. If a control server method panics, we end up stuck because the defer'd Destroy function will never return. PiperOrigin-RevId: 204354676 Change-Id: I6bb1d84b31242d7c3f20d5334b1c966bd6a61dbf
2018-07-12Format documentationMichael Pratt
PiperOrigin-RevId: 204323728 Change-Id: I1ff9aa062ffa12583b2e38ec94c87db7a3711971
2018-07-12Bump rules_go to v0.13.0, and go toolchain to 1.10.3Nicolas Lacasse
PiperOrigin-RevId: 204321643 Change-Id: Id52f9cb5aa12c0859ca6fc8012d7f20744773b88
2018-07-11Automated rollback of changelist 203157739Bhasker Hariharan
PiperOrigin-RevId: 204196916 Change-Id: If632750fc6368acb835e22cfcee0ae55c8a04d16
2018-07-11Move ptrace constants to abi/linux.Jamie Liu
PiperOrigin-RevId: 204188763 Change-Id: I5596ab7abb3ec9e210a7f57b3fc420e836fa43f3
2018-07-11Add MemoryManager.Pin.Jamie Liu
PiperOrigin-RevId: 204162313 Change-Id: Ib0593dde88ac33e222c12d0dca6733ef1f1035dc
2018-07-11Created runsc and docker integration tests.Justine Olshan
Moved some of the docker image functions to testutil.go. Test runsc commands create, start, stop, pause, and resume. PiperOrigin-RevId: 204138452 Change-Id: Id00bc58d2ad230db5e9e905eed942187e68e7c7b
2018-07-10Internal changeMichael Pratt
PiperOrigin-RevId: 204028082 Change-Id: I4251cce10aace43f9b9a80c36204ef66f1b329df
2018-07-10Modified error message for clarity.Brielle Broder
Previously, error message only showed "<nil>" when child and pid were the same (since no error is returned by the Wait4 syscall in this case) which occurs when the process has incorrectly terminated. A new error message was added to improve clarity for such a case. Tests for this function were modified to reflect the improved distinction between process termination and error. PiperOrigin-RevId: 204018107 Change-Id: Ib38481c9590405e5bafcb6efe27fd49b3948910c
2018-07-10Exit tmpfs.fileInodeOperations.Translate early if required.Start >= EOF.Jamie Liu
Otherwise required and optional can be empty or have negative length. PiperOrigin-RevId: 204007079 Change-Id: I59e472a87a8caac11ffb9a914b8d79bf0cd70995
2018-07-10netstack: only do connected TCP S/R for loopback connections.Zhaozhong Ni
PiperOrigin-RevId: 204006237 Change-Id: Ica8402ab54d9dd7d11cc41c6d74aacef51d140b7
2018-07-10Internal changeMichael Pratt
PiperOrigin-RevId: 203997995 Change-Id: I8974fe74f1582bc9b2622f18a4bc4ab47ff5d622
2018-07-10netstack: tcp socket connected state S/R support.Zhaozhong Ni
PiperOrigin-RevId: 203958972 Change-Id: Ia6fe16547539296d48e2c6731edacdd96bd6e93c
2018-07-09Notify UDP and Ping endpoints on closeIan Gudger
PiperOrigin-RevId: 203883138 Change-Id: I7500c0a70f5d71c3fb37e2477f7fc466fa92fd3e
2018-07-09Fix two race conditions in tcp stack.Brian Geffon
PiperOrigin-RevId: 203880278 Change-Id: I66b790a616de59142859cc12db4781b57ea626d3
2018-07-09Inherit parent in clone(CLONE_THREAD) under TaskSet.mu.Jamie Liu
PiperOrigin-RevId: 203849534 Change-Id: I4d81513bfd32e0b7fc40c8a4c194eba7abc35a83
2018-07-09Switch netstack licenses to Apache 2.0.Nicolas Lacasse
Fixes #27 PiperOrigin-RevId: 203825288 Change-Id: Ie9f3a2b2c1e296b026b024f75c07da1a7e118633
2018-07-09Trim all whitespace between interpreter and argMichael Pratt
Multiple whitespace characters are allowed. This fixes Ubuntu's /usr/sbin/invoke-rc.d, which has trailing whitespace after the interpreter which we were treating as an arg. PiperOrigin-RevId: 203802278 Change-Id: I0a6cdb0af4b139cf8abb22fa70351fe3697a5c6b
2018-07-06Add non-AMD64 support to rawfileIan Gudger
PiperOrigin-RevId: 203499064 Change-Id: I2cd5189638e94ce926f1e82c1264a8d3ece9dfa5
2018-07-06Tests pause and resume functionality on a Python container.Justine Olshan
PiperOrigin-RevId: 203488336 Change-Id: I55e1b646f1fae73c27a49e064875d55f5605b200
2018-07-03Fix data race on inotify.Watch.mask.Rahat Mahmood
PiperOrigin-RevId: 203180463 Change-Id: Ief50988c1c028f81ec07a26e704d893e86985bf0
2018-07-03Fix runsc VDSO mappingMichael Pratt
80bdf8a4068de3ac4a73b6b61a0cdcfe3e3571af accidentally moved vdso into an inner scope, never assigning the vdso variable passed to the Kernel and thus skipping VDSO mappings. Fix this and remove the ability for loadVDSO to skip VDSO mappings, since tests that do so are gone. PiperOrigin-RevId: 203169135 Change-Id: Ifd8cadcbaf82f959223c501edcc4d83d05327eba
2018-07-03Skip overlay on root when its readonlyFabricio Voznika
PiperOrigin-RevId: 203161098 Change-Id: Ia1904420cb3ee830899d24a4fe418bba6533be64
2018-07-03runsc: `runsc wait` print wait status.Lantao Liu
PiperOrigin-RevId: 203160639 Change-Id: I8fb2787ba0efb7eacd9d4c934238a26eb5ae79d5
2018-07-03Resend packets back to netstack if destined to itselfFabricio Voznika
Add option to redirect packet back to netstack if it's destined to itself. This fixes the problem where connecting to the local NIC address would not work, e.g.: echo bar | nc -l -p 8080 & echo foo | nc 192.168.0.2 8080 PiperOrigin-RevId: 203157739 Change-Id: I31c9f7c501e3f55007f25e1852c27893a16ac6c4
2018-07-03Fix flaky image_testFabricio Voznika
- Some failures were being ignored in run_tests.sh - Give more time for mysql to setup - Fix typo with network=host tests - Change httpd test to wait on http server being available, not only output PiperOrigin-RevId: 203156896 Change-Id: Ie1801dcd76e9b5fe4722c4d8695c76e40988dd74
2018-07-03Handle NUL-only paths in execMichael Pratt
The path in execve(2), interpreter script, and ELF interpreter may all be no more than a NUL-byte. Handle each of those cases. PiperOrigin-RevId: 203155745 Change-Id: I1c8b1b387924b23b2cf942341dfc76c9003da959
2018-07-03runsc: Mount "mandatory" mounts right after mounting the root.Nicolas Lacasse
The /proc and /sys mounts are "mandatory" in the sense that they should be mounted in the sandbox even when they are not included in the spec. Runsc treats /tmp similarly, because it is faster to use the internal tmpfs implementation instead of proxying to the host. However, the spec may contain submounts of these mandatory mounts (particularly for /tmp). In those cases, we must mount our mandatory mounts before the submount, otherwise the submount will be masked. Since the mandatory mounts are all top-level directories, we can mount them right after the root. PiperOrigin-RevId: 203145635 Change-Id: Id69bae771d32c1a5b67e08c8131b73d9b42b2fbf
2018-07-02runsc/boot/filter: permit SYS_TIME for raceDmitry Vyukov
glibc's malloc also uses SYS_TIME. Permit it. #0 0x0000000000de6267 in time () #1 0x0000000000db19d8 in get_nprocs () #2 0x0000000000d8a31a in arena_get2.part () #3 0x0000000000d8ab4a in malloc () #4 0x0000000000d3c6b5 in __sanitizer::InternalAlloc(unsigned long, __sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator32<0ul, 140737488355328ull, 0ul, __sanitizer::SizeClassMap<3ul, 4ul, 8ul, 17ul, 64ul, 14ul>, 20ul, __sanitizer::TwoLevelByteMap<32768ull, 4096ull, __sanitizer::NoOpMapUnmapCallback>, __sanitizer::NoOpMapUnmapCallback> >*, unsigned long) () #5 0x0000000000d4cd70 in __tsan_go_start () #6 0x00000000004617a3 in racecall () #7 0x00000000010f4ea0 in runtime.findfunctab () #8 0x000000000043f193 in runtime.racegostart () Signed-off-by: Dmitry Vyukov <dvyukov@google.com> [mpratt@google.com: updated comments and commit message] Signed-off-by: Michael Pratt <mpratt@google.com> Change-Id: Ibe2d0dc3035bf5052d5fb802cfaa37c5e0e7a09a PiperOrigin-RevId: 203042627
2018-07-02Hold d.parent.mu when reading d.nameMichael Pratt
PiperOrigin-RevId: 203041657 Change-Id: I120783d91712818e600505454c9276f8d9877f37
2018-07-02runsc: fix panic for `runsc wait` on stopped container.Lantao Liu
PiperOrigin-RevId: 203016694 Change-Id: Ic51ef754aa6d7d1b3b35491aff96a63d7992e122
2018-07-02Make default limits the same as with runcFabricio Voznika
Closes #2 PiperOrigin-RevId: 202997196 Change-Id: I0c9f6f5a8a1abe1ae427bca5f590bdf9f82a6675
2018-07-02Drop version option from mount commandMichael Pratt
Fun fact: in protocol version negotiation, our 9p version must be written "9P2000.L". In the 'version' mount option, it must be written "9p2000.L". Very consistent! The mount command as given complains about an unknown protocol version. Drop it entirely because Linux defaults to 9p2000.L anyways. PiperOrigin-RevId: 202971961 Change-Id: I5d46c83f03182476033db9c36870c68aeaf30f65
2018-06-29Fix typo.Brielle Broder
PiperOrigin-RevId: 202720658 Change-Id: Iff42fd23f831ee7f29ddd6eb867020b76ed1eb23
2018-06-29Sets the restore environment for restoring a container.Justine Olshan
Updated how restoring occurs through boot.go with a separate Restore function. This prevents a new process and new mounts from being created. Added tests to ensure the container is restored. Registered checkpoint and restore commands so they can be used. Docker support for these commands is still limited. Working on #80. PiperOrigin-RevId: 202710950 Change-Id: I2b893ceaef6b9442b1ce3743bd112383cb92af0c
2018-06-29Added leave-running flag for checkpoint.Brielle Broder
The leave-running flag allows the container to continue running after a checkpoint has occurred by doing an immediate restore into a new container with the same container ID after the old container is destroyed. Updates #80. PiperOrigin-RevId: 202695426 Change-Id: Iac50437f5afda018dc18b24bb8ddb935983cf336
2018-06-29Panic in netstack during cleanup where a FIN becomes a RST.Brian Geffon
There is a subtle bug where during cleanup with unread data a FIN can be converted to a RST, at that point the entire connection should be aborted as we're not expecting any ACKs to the RST. PiperOrigin-RevId: 202691271 Change-Id: Idae70800208ca26e07a379bc6b2b8090805d0a22
2018-06-29aio: Return EINVAL if the number of events is negative.Nicolas Lacasse
PiperOrigin-RevId: 202671065 Change-Id: I248b74544d47ddde9cd59d89aa6ccb7dad2b6f89
2018-06-28Hold t.mu while calling t.FSContext().Nicolas Lacasse
PiperOrigin-RevId: 202562686 Change-Id: I0f5be7cc9098e86fa31d016251c127cb91084b05
2018-06-28runsc: Add the "wait" subcommand.Kevin Krakauer
Users can now call "runsc wait <container id>" to wait on a particular process inside the container. -pid can also be used to wait on a specific PID. Manually tested the wait subcommand for a single waiter and multiple waiters (simultaneously 2 processes waiting on the container and 2 processes waiting on a PID within the container). PiperOrigin-RevId: 202548978 Change-Id: Idd507c2cdea613c3a14879b51cfb0f7ea3fb3d4c
2018-06-28Add more image testsFabricio Voznika
PiperOrigin-RevId: 202537696 Change-Id: I900fe8fd36cc7a4edb44fe2d03f8ba6768db53cb
2018-06-28Wait for sandbox process when waiting for root containerFabricio Voznika
Closes #71 PiperOrigin-RevId: 202532762 Change-Id: I80a446ff638672ff08e6fd853cd77e28dd05d540
2018-06-28Check for invalid offset when submitting an AIO read/write request.Nicolas Lacasse
PiperOrigin-RevId: 202528335 Change-Id: Ic32312cf4337bcb40a7155cb2174e5cd89a280f7
2018-06-28Error out if spec is invalidFabricio Voznika
Closes #66 PiperOrigin-RevId: 202496258 Change-Id: Ib9287c5bf1279ffba1db21ebd9e6b59305cddf34
2018-06-28Add option to configure watchdog actionFabricio Voznika
PiperOrigin-RevId: 202494747 Change-Id: I4d4a18e71468690b785060e580a5f83c616bd90f
2018-06-27Fix semaphore data racesFabricio Voznika
PiperOrigin-RevId: 202371908 Change-Id: I72603b1d321878cae6404987c49e64732b676331
2018-06-27Call mm.CheckIORange() when copying in IOVecs.Nicolas Lacasse
CheckIORange is analagous to Linux's access_ok() method, which is checked when copying in IOVecs in both lib/iov_iter.c:import_single_range() and lib/iov_iter.c:import_iovec() => fs/read_write.c:rw_copy_check_uvector(). gVisor copies in IOVecs via Task.SingleIOSequence() and Task.CopyInIovecs(). We were checking the address range bounds, but not whether the address is valid. To conform with linux, we should also check that the address is valid. For usual preadv/pwritev syscalls, the effect of this change is not noticeable, since we find out that the address is invalid before the syscall completes. For vectorized async-IO operations, however, this change is necessary because Linux returns EFAULT when the operation is submitted, but before it executes. Thus, we must validate the iovecs when copying them in. PiperOrigin-RevId: 202370092 Change-Id: I8759a63ccf7e6b90d90d30f78ab8935a0fcf4936