summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-03-21Add test for short recvmsg iovec length.Ian Gudger
PiperOrigin-RevId: 239718991 Change-Id: Idc78557a8e9bfdd3cb7d8ec4db708364652640a4
2019-03-21Test TCP sockets with MSG_TRUNC|MSG_PEEK.Ian Gudger
PiperOrigin-RevId: 239714368 Change-Id: I35860b880a1d8885eb8c2d4ff267caaf72d91088
2019-03-21Replace manual pty copies to/from userspace with safemem operations.Kevin Krakauer
Also, changing queue.writeBuf from a buffer.Bytes to a [][]byte should reduce copying and reallocating of slices. PiperOrigin-RevId: 239713547 Change-Id: I6ee5ff19c3ee2662f1af5749cae7b73db0569e96
2019-03-21Clear msghdr flags on successful recvmsg.Ian Gudger
.net sets these flags to -1 and then uses their result, especting it to be zero. Does not set actual flags (e.g. MSG_TRUNC), but setting to zero is more correct than what we did before. PiperOrigin-RevId: 239657951 Change-Id: I89c5f84bc9b94a2cd8ff84e8ecfea09e01142030
2019-03-21Address typos from github.Kevin Krakauer
https://github.com/google/gvisor/pull/132 PiperOrigin-RevId: 239641377 Change-Id: I7ba6b57730800cc98496c83cb643e70ec902ed3d
2019-03-20gvisor: don't allocate a new credential object on forkAndrei Vagin
A credential object is immutable, so we don't need to copy it for a new task. PiperOrigin-RevId: 239519266 Change-Id: I0632f641fdea9554779ac25d84bee4231d0d18f2
2019-03-20Record sockets created during accept(2) for all families.Rahat Mahmood
Track new sockets created during accept(2) in the socket table for all families. Previously we were only doing this for unix domain sockets. PiperOrigin-RevId: 239475550 Change-Id: I16f009f24a06245bfd1d72ffd2175200f837c6ac
2019-03-20Fail in case mount option is unknownFabricio Voznika
PiperOrigin-RevId: 239425816 Change-Id: I3b1479c61b4222c3931a416c4efc909157044330
2019-03-20netstack: adjust the sequence number after trimming the packetAndrei Vagin
PiperOrigin-RevId: 239417224 Change-Id: I14a9adc31a6330a79a6156c105969cd5f1f63d20
2019-03-19netstack: reduce MSS from SYN to account tcp optionsAndrei Vagin
See: https://tools.ietf.org/html/rfc6691#section-2 PiperOrigin-RevId: 239305632 Change-Id: Ie8eb912a43332e6490045dc95570709c5b81855e
2019-03-19Fix data race in netlink send buffer sizeFabricio Voznika
PiperOrigin-RevId: 239221041 Change-Id: Icc19e32a00fa89167447ab2f45e90dcfd61bea04
2019-03-19Add layer 2 stats (tx, rx) X (packets, bytes) to netstackBert Muthalaly
PiperOrigin-RevId: 239194420 Change-Id: Ie193e8ac2b7a6db21195ac85824a335930483971
2019-03-18Remove references to replaced child in Rename in ramfs/agentfsMichael Pratt
In the case of a rename replacing an existing destination inode, ramfs Rename failed to first remove the replaced inode. This caused: 1. A leak of a reference to the inode (making it live indefinitely). 2. For directories, a leak of the replaced directory's .. link to the parent. This would cause the parent's link count to incorrectly increase. (2) is much simpler to test than (1), so that's what I've done. agentfs has a similar bug with link count only, so the Dirent layer informs the Inode if this is a replacing rename. Fixes #133 PiperOrigin-RevId: 239105698 Change-Id: I4450af2462d8ae3339def812287213d2cbeebde0
2019-03-18Add support for mount propagationFabricio Voznika
Properly handle propagation options for root and mounts. Now usage of mount options shared, rshared, and noexec cause error to start. shared/ rshared breaks sandbox=>host isolation. slave however can be supported because changes propagate from host to sandbox. Root FS setup moved inside the gofer. Apart from simplifying the code, it keeps all mounts inside the namespace. And they are torn down when the namespace is destroyed (DestroyFS is no longer needed). PiperOrigin-RevId: 239037661 Change-Id: I8b5ee4d50da33c042ea34fa68e56514ebe20e6e0
2019-03-18Internal changeFabricio Voznika
PiperOrigin-RevId: 239031539 Change-Id: I783127d0287a647d21de40c301c5a5c2e62b7640
2019-03-18Replace use of ucontext with ucontext_t.Kevin Krakauer
PiperOrigin-RevId: 239026571 Change-Id: Ifd01674855094f3abad497776f418023452033a1
2019-03-18Remove racy access to shm fields.Rahat Mahmood
PiperOrigin-RevId: 239016776 Change-Id: Ia7af4258e7c69b16a4630a6f3278aa8e6b627746
2019-03-15Bump rules_go to v0.18.1 and go toolchain to v1.12.1.Nicolas Lacasse
PiperOrigin-RevId: 238704915 Change-Id: I9f38162b27b4f401446593865bb857eb280ae426
2019-03-15Fix flaky RawPingAndSockets (and MultipleSocketsRecieve just in case).Kevin Krakauer
PiperOrigin-RevId: 238474202 Change-Id: Ib8c431e973e8cf1e1c8ee2f8c1978ddb8e88b0b8
2019-03-14Remove duplicate TCP flag definitionsTamir Duberstein
PiperOrigin-RevId: 238467634 Change-Id: If4cd8efff7386fbee1195f051d15549b495910a9
2019-03-14Decouple filemem from platform and move it to pgalloc.MemoryFile.Jamie Liu
This is in preparation for improved page cache reclaim, which requires greater integration between the page cache and page allocator. PiperOrigin-RevId: 238444706 Change-Id: Id24141b3678d96c7d7dc24baddd9be555bffafe4
2019-03-14Use WalkGetAttr in gofer.inodeOperations.Create.Jamie Liu
p9.Twalk.handle() with a non-empty path also stats the walked-to path anyway, so the preceding GetAttr is completely wasted. PiperOrigin-RevId: 238440645 Change-Id: I7fbc7536f46b8157639d0d1f491e6aaa9ab688a3
2019-03-13Allow filesystem.Mount to take an optional interface argument.Nicolas Lacasse
PiperOrigin-RevId: 238360231 Change-Id: I5eaf8d26f8892f77d71c7fbd6c5225ef471cedf1
2019-03-13Remove unused function.Kevin Krakauer
PiperOrigin-RevId: 238336475 Change-Id: I8131e04699028246ebc233953ebb3feca5673940
2019-03-13Reduce PACKET_RX_RING memory usageFabricio Voznika
Previous memory allocation was excessive (80 MB). Changed it to use 2 MB instead. There is no drop in perfomance due to this change: ab -n 100 -c 10 http://server/latin10m.txt ==> 10 MB file 80 MB: 178 MB/s 2 MB: 181 MB/s PiperOrigin-RevId: 238321594 Change-Id: I1c8aed13cad5d75f4506d2b406b305117055fbe5
2019-03-13vdso/BUILD: add bazel building support for Arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com> mpratt@google.com: matched against just x86_64, since that's all we care about. Change-Id: I1320ef31cef6517bf6121a933cc105f2ac548ec8 PiperOrigin-RevId: 238294240
2019-03-12Make gonet.PacketConn implement net.Conn.Noah Gold
gonet.PacketConn now implements net.Conn, allowing it to be returned from net.Dial.Dialer functions. PiperOrigin-RevId: 238111980 Change-Id: I174884385ff4d9b8e9918fac7bbb5b93ca366ba7
2019-03-12Make HandleLocal apply to all non-loopback interfaces.Ian Gudger
HandleLocal is very similar conceptually to MULTICAST_LOOP, so we can unify the implementations. This has the benefit of making HandleLocal apply even when the fdbased link endpoint isn't in use. In addition, move looping logic to route creation so that it doesn't need to be run for each packet. This should improve performance. PiperOrigin-RevId: 238099480 Change-Id: I72839f16f25310471453bc9d3fb8544815b25c23
2019-03-12Clarify the platform.File interface.Jamie Liu
- Redefine some memmap.Mappable, platform.File, and platform.Memory semantics in terms of File reference counts (no functional change). - Make AddressSpace.MapFile take a platform.File instead of a raw FD, and replace platform.File.MapInto with platform.File.FD. This allows kvm.AddressSpace.MapFile to always use platform.File.MapInternal instead of maintaining its own (redundant) cache of file mappings in the sentry address space. PiperOrigin-RevId: 238044504 Change-Id: Ib73a11e4275c0da0126d0194aa6c6017a9cef64f
2019-03-11kvm: minimum guest/host timekeeping delta.Adin Scannell
PiperOrigin-RevId: 237927368 Change-Id: I359badd1967bb118fe74eab3282c946c18937edc
2019-03-11gvisor/kokoro: don't downgrade libseccompAndrei Vagin
It isn't required with a new vm image. PiperOrigin-RevId: 237915203 Change-Id: I813e7f1801d0766cec598413718e5ddd4c3d8cdf
2019-03-11Add profiling commands to runscFabricio Voznika
Example: runsc debug --root=<dir> \ --profile-heap=/tmp/heap.prof \ --profile-cpu=/tmp/cpu.prod --profile-delay=30 \ <container ID> PiperOrigin-RevId: 237848456 Change-Id: Icff3f20c1b157a84d0922599eaea327320dad773
2019-03-09Fix getsockopt(IP_MULTICAST_IF).Ian Gudger
getsockopt(IP_MULTICAST_IF) only supports struct in_addr. Also adds support for setsockopt(IP_MULTICAST_IF) with struct in_addr. PiperOrigin-RevId: 237620230 Change-Id: I75e7b5b3e08972164eb1906f43ddd67aedffc27c
2019-03-08Make IP_MULTICAST_LOOP and IP_MULTICAST_TTL allow setting int or char.Ian Gudger
This is the correct Linux behavior, and at least PHP depends on it. PiperOrigin-RevId: 237565639 Change-Id: I931af09c8ed99a842cf70d22bfe0b65e330c4137
2019-03-08Validate multicast addresses in multicast group operations.Ian Gudger
PiperOrigin-RevId: 237559843 Change-Id: I93a9d83a08cd3d49d5fc7fcad5b0710d0aa04aaa
2019-03-08Implement IP_MULTICAST_LOOP.Ian Gudger
IP_MULTICAST_LOOP controls whether or not multicast packets sent on the default route are looped back. In order to implement this switch, support for sending and looping back multicast packets on the default route had to be implemented. For now we only support IPv4 multicast. PiperOrigin-RevId: 237534603 Change-Id: I490ac7ff8e8ebef417c7eb049a919c29d156ac1c
2019-03-08Fix tests which fail in kokoroAndrei Vagin
* open_create_test_runsc_ptrace_shared doesn't expect the write access to / * exec_test_runsc_ptrace_shared could not find /usr/share/zoneinfo/ * clock_gettime_test_runsc_ptrace_shared didn't expect that a thread cpu time can be zero. * affinity_test_runsc_ptrace_shared expected minimum 3 cpus PiperOrigin-RevId: 237509429 Change-Id: I477937e5d2cdf3f8720836bfa972abd35d8220a3
2019-03-06No need to check for negative uintptr.Nicolas Lacasse
Fixes #134 PiperOrigin-RevId: 237128306 Change-Id: I396e808484c18931fc5775970ec1f5ae231e1cb9
2019-03-06Increase ipv4_udp_unbound_loopback size to mediumMichael Pratt
Now that tests aren't running in parallel, this test occassionally takes too long and times out. PiperOrigin-RevId: 237106971 Change-Id: I195a4b77315c9f5511c9e8ffadddb7aaa78beafd
2019-03-06Remove unsafe ScopedSigactionMichael Pratt
ScopedSigaction is not async-signal-safe, so it cannot be used after fork. Replace it with plain sigaction, which is safe. This is in a unique child anyways, so it doesn't need any cleanup. PiperOrigin-RevId: 237102411 Change-Id: I5c6ea373bbac67b9c4db204ceb1db62d338d9178
2019-03-05Priority-inheritance futex implementationFabricio Voznika
It is Implemented without the priority inheritance part given that gVisor defers scheduling decisions to Go runtime and doesn't have control over it. PiperOrigin-RevId: 236989545 Change-Id: I714c8ca0798743ecf3167b14ffeb5cd834302560
2019-03-05Add uncaught signal message to the user logFabricio Voznika
This help troubleshoot cases where the container is killed and the app logs don't show the reason. PiperOrigin-RevId: 236982883 Change-Id: I361892856a146cea5b04abaa3aedbf805e123724
2019-03-05Add new retransmissions and recovery related metrics.Bhasker Hariharan
PiperOrigin-RevId: 236945145 Change-Id: I051760d95154ea5574c8bb6aea526f488af5e07b
2019-03-05Remove unused commit() function argument to Bind.Kevin Krakauer
PiperOrigin-RevId: 236926132 Change-Id: I5cf103f22766e6e65a581de780c7bb9ca0fa3181
2019-03-05Add NoRandomSave to tests with correctness DisableSaveMichael Pratt
Tests using DisableSave because a portion of the test is *incompatible* with S/R clearly cannot use random S/R, as the saves may occur in the DisableSave critical section. Most such tests already have NoRandomSave. Add it to the rest. PiperOrigin-RevId: 236914708 Change-Id: Iee1cf044cfa7cb8d5aba21ddc130926218210c48
2019-03-04Remove duplicate SetSockOpt callTamir Duberstein
Clean up some error handling, and add TODO explaining incorrect behaviour with respect to broadcast on interfaces lacking an IP address. PiperOrigin-RevId: 236756233 Change-Id: I9662e7dc062c90565a32a3e153c4dbc98c55b522
2019-03-04Make tmpfs respect MountNoATime now that fs.Handle is gone.Nicolas Lacasse
PiperOrigin-RevId: 236752802 Change-Id: I9e50600b2ae25d5f2ac632c4405a7a185bdc3c92
2019-03-04Bump rules_go to v0.18.0Nicolas Lacasse
PiperOrigin-RevId: 236745227 Change-Id: Icddfdebe1f6c56bb95a7839b48773fca6794bad8
2019-03-04Deflake socket_ipv4_udp_unbound_loopback.Ian Gudger
When run in parallel, multicast packets can be received by the wrong test. The tests in the target are run in an isolated network namespace, but if parallelism is enabled, multiple tests from the same target will run in parallel within the target's network namespace. Disabling parallelism only allows one test to run in the network namespace at a time, which prevents interaction. PiperOrigin-RevId: 236709160 Change-Id: If828db44f0ae4002af36de6097866137c8d9da5c
2019-03-04Remove TODO that we won't do.Nicolas Lacasse
There is no need to run the simple tests with RBE. PiperOrigin-RevId: 236682573 Change-Id: I6c7fa25a33ef5e4d0b2cc2badc12ff9e1a70f015