summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-05-21Merge release-20210510.0-72-g821cec3f1 (automated)gVisor bot
2021-05-21Add aggregated NIC statsArthur Sfez
This change also includes miscellaneous improvements: * UnknownProtocolRcvdPackets has been separated into two stats, to specify at which layer the unknown protocol was found (L3 or L4) * MalformedRcvdPacket is not aggregated across every endpoint anymore. Doing it this way did not add useful information, and it was also error-prone (example: ipv6 forgot to increment this aggregated stat, it only incremented its own ipv6.MalformedPacketsReceived). It is now only incremented the NIC. * Removed TestStatsString test which was outdated and had no real utility. PiperOrigin-RevId: 375057472
2021-05-21Merge release-20210510.0-71-g9164154de (automated)gVisor bot
2021-05-21Clean-up netstack metrics descriptionsArthur Sfez
PiperOrigin-RevId: 375051638
2021-05-21Merge release-20210510.0-70-g2bed0bb09 (automated)gVisor bot
2021-05-20Send SIGPIPE for closed pipes.Ian Lewis
Fixes #5974 Updates #161 PiperOrigin-RevId: 375024740
2021-05-21Merge release-20210510.0-69-g5bbc22797 (automated)gVisor bot
2021-05-20Merge pull request #6037 from sudo-sturbia:docgVisor bot
PiperOrigin-RevId: 375007632
2021-05-21Merge release-20210510.0-67-g28c78eb03 (automated)gVisor bot
2021-05-20Add Knative Services tutorialIan Lewis
This adds a new short tutorial on how to run Knative services in gVisor by enabling the runtime class feature flag for Knative. Fixes #3634 PiperOrigin-RevId: 374999528
2021-05-21Merge release-20210510.0-66-g9157a91a4 (automated)gVisor bot
2021-05-20Add protocol state to TCPINFOMithun Iyer
Add missing protocol state to TCPINFO struct and update packetimpact. This re-arranges the TCP state definitions to align with Linux. Fixes #478 PiperOrigin-RevId: 374996751
2021-05-21Merge release-20210510.0-65-gae96e00bd (automated)gVisor bot
2021-05-20Automated rollback of changelist 374319456gVisor bot
PiperOrigin-RevId: 374983747
2021-05-21Merge release-20210510.0-64-gec542dbed (automated)gVisor bot
2021-05-20Suppress log message when there is no errorFabricio Voznika
PiperOrigin-RevId: 374981100
2021-05-20Merge release-20210510.0-63-gaf229f46a (automated)gVisor bot
2021-05-20Fix cgroupfs mount racing with unmount.Rahat Mahmood
Previously, mount could discover a hierarchy being destroyed concurrently, which resulted in mount attempting to take a ref on an already destroyed cgroupfs. Reported-by: syzbot+062c0a67798a200f23ee@syzkaller.appspotmail.com PiperOrigin-RevId: 374959054
2021-05-20Format precondition to match style guide.Zyad A. Ali
2021-05-19Merge release-20210510.0-62-gb8b43f70c (automated)gVisor bot
2021-05-19Send ICMP errors when link address resolution failsNick Brown
Before this change, we would silently drop packets when link resolution failed. This change brings us into line with RFC 792 (IPv4) and RFC 4443 (IPv6), both of which specify that gateways should return an ICMP error to the sender when link resolution fails. PiperOrigin-RevId: 374699789
2021-05-19Merge release-20210510.0-61-g2f3eda37a (automated)gVisor bot
2021-05-19Fix nogo analysis.Adin Scannell
Ignore calls to atomic functions in case there is no analysis information. It is unclear why this has broken in some cases, perhaps these functions have been replaced by intrinsics as an optimization? PiperOrigin-RevId: 374682441
2021-05-19Merge release-20210510.0-60-g52394c34a (automated)gVisor bot
2021-05-18use more explicit netstack dependency restrictionsKevin Krakauer
Fuchsia was unable to build when building netstack transitively depended on golang.org/x/unix constants not defined in Fuchsia. The packages causing this (safemem and usermem) are no longer in the allowlist. Tested that this failed at cl/373651666, and passes now that the dependency has been removed. PiperOrigin-RevId: 374570220
2021-05-18Be explicit about setsid() return values in pty.ccKevin Krakauer
PiperOrigin-RevId: 374570219
2021-05-19Merge release-20210510.0-58-gf2d6c72b6 (automated)gVisor bot
2021-05-18Prevent infinite loops from being optimized away.gVisor bot
https://github.com/llvm/llvm-project/commit/6c3129549374c0e81e28fd0a21e96f8087b63a78 adds "mustprogress" to loops, which causes empty, side-effect free loops to be optimized away. These loops are intentionally infinite for purposes of testing, so add asm statements that prevent them from being removed. PiperOrigin-RevId: 374546142
2021-05-19Merge release-20210510.0-57-ge290d3370 (automated)gVisor bot
2021-05-18Merge pull request #6009 from kevinGC:anotheraligngVisor bot
PiperOrigin-RevId: 374545882
2021-05-18Merge release-20210510.0-55-g2ff71116e (automated)gVisor bot
2021-05-18Merge pull request #5908 from zhlhahaha:2157gVisor bot
PiperOrigin-RevId: 374517895
2021-05-18Merge release-20210510.0-53-ge4984f853 (automated)gVisor bot
2021-05-18Delete /cloud/gvisor/sandbox/sentry/gofer/opened_write_execute_file metricNayana Bidari
This metric is replaced by /cloud/gvisor/sandbox/sentry/suspicious_operations metric with field value opened_write_execute_file. PiperOrigin-RevId: 374509823
2021-05-18Merge release-20210510.0-52-g8ff6694e5 (automated)gVisor bot
2021-05-18[syserror] Add linuxerr package.Zach Koopmans
Add linuxerr package to replace syserror and syserr errors. This is done to improve performance comparing/returning errors to on par with syscall.Errno. The below linuxerr_test (formerly syserror_test) shows linuxerr.Error on par with unix.Error (syscall.Errno) as desired. BenchmarkAssignErrno BenchmarkAssignErrno-6 1000000000 0.6291 ns/op BenchmarkLinuxerrAssignError BenchmarkLinuxerrAssignError-6 1000000000 0.5808 ns/op BenchmarkAssignSyserrorError BenchmarkAssignSyserrorError-6 1000000000 0.6188 ns/op BenchmarkCompareErrno BenchmarkCompareErrno-6 1000000000 0.5041 ns/op BenchmarkCompareLinuxerrError BenchmarkCompareLinuxerrError-6 1000000000 0.4660 ns/op BenchmarkCompareSyserrorError BenchmarkCompareSyserrorError-6 309026907 3.386 ns/op BenchmarkSwitchErrno BenchmarkSwitchErrno-6 722253750 1.440 ns/op BenchmarkSwitchLinuxerrError BenchmarkSwitchLinuxerrError-6 709108542 1.453 ns/op BenchmarkSwitchSyserrorError BenchmarkSwitchSyserrorError-6 106331331 11.21 ns/op PiperOrigin-RevId: 374507431
2021-05-18Merge release-20210510.0-51-g5d04e0ae3 (automated)gVisor bot
2021-05-18Emit more information on panicTamir Duberstein
PiperOrigin-RevId: 374464969
2021-05-18Merge release-20210510.0-50-g32b66bb2b (automated)gVisor bot
2021-05-17Add badges for Github actions so it's easier to notice when they are failing.Ian Lewis
PiperOrigin-RevId: 374331016
2021-05-18Merge release-20210510.0-49-g3c24d345d (automated)gVisor bot
2021-05-17Automated rollback of changelist 373417636Jamie Liu
PiperOrigin-RevId: 374319456
2021-05-17Merge pull request #5224 from avagin:bazel-3.7gVisor bot
PiperOrigin-RevId: 374295866
2021-05-17Update bazel packagesAndrei Vagin
2021-05-17Merge release-20210510.0-46-ge6cd1ff1b (automated)gVisor bot
2021-05-17Reduce thread count in TCPResetDuringClose.Jamie Liu
This test suffers from extreme contention on tcpip/stack.AddressableEndpointState.mu via AddressableEndpointState.decAddressRef, at least when Go race detection is enabled. PiperOrigin-RevId: 374273745
2021-05-17Merge release-20210510.0-45-gd96499d17 (automated)gVisor bot
2021-05-17Make sandbox join the pod cgroup in K8sFabricio Voznika
cgroups in K8s are setup with the following hierarchy: `.../pod/container`. The sandbox is created with the first container and consequently uses the the pause container cgroup. This change removes the container cgroup from the path to make the sandbox use the pod cgroup instead. Otherwise limits set to the pause container will apply to the entire sandbox. PiperOrigin-RevId: 374273277
2021-05-17replace use of atomic with AlignedAtomicInt64Kevin Krakauer
2021-05-17Merge release-20210510.0-44-g7654181cc (automated)gVisor bot