summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-07-22kvm: set CR0.NE = 1Andrei Vagin
CR0.NE enables internal x87 floating point error reporting when set, else enables PC style x87 error detection. On AMD, the #MF exception isn't generated if CR0.NE isn't set. PiperOrigin-RevId: 386340269
2021-07-22runsc: Wait child processes without timeoutsAndrei Vagin
* First, we don't need to poll child processes. * Second, the 5 seconds timeout is too small if a host is overloaded. * Third, this can hide bugs in the code when we wait a process that isn't going to exit. PiperOrigin-RevId: 386337586
2021-07-22Merge pull request #6108 from sudo-sturbia:msgqueue/syscallsgVisor bot
PiperOrigin-RevId: 386323389
2021-07-22buildkite: move golang installation to VM bootKevin Krakauer
Rather than re-downloading and installing Go for each pipeline run, we should just do it at boot. PiperOrigin-RevId: 386320005
2021-07-22Replace kernel package types for clone and unshare with linux package types.Jamie Liu
PiperOrigin-RevId: 386312456
2021-07-21Add metric to count number of segments acknowledged by DSACK.Nayana Bidari
- Creates new metric "/tcp/segments_acked_with_dsack" to count the number of segments acked with DSACK. - Added check to verify the metric is getting incremented when a DSACK is sent in the unit tests. PiperOrigin-RevId: 386135949
2021-07-21buildkite: update GoKevin Krakauer
#6322 tried to update Go to 1.16, but existing nodes fail to upgrade due to the presence of old Go [1]. Specifically when trying to add Go to `/usr/bin`: ``` ln: failed to create symbolic link '/usr/bin/go': File exists ``` Also: - Removing `golang-go` also removes apt installs of `gcc` and `pkg-config`, so those are installed explicitly. - Add `-c` to wget, which will prevent re-downloading Go for each run. - Disable GO111MODULE when building cri-tools and containerd, since we're using pre-module versions of each. 1 - https://buildkite.com/gvisor/pipeline/builds/7285#3593244c-e411-472d-804a-9c7fbbd24762 PiperOrigin-RevId: 386106881
2021-07-21Fix required Linux version in networking docs.Ian Lewis
PiperOrigin-RevId: 386093826
2021-07-21Use atomics when checking for parent setgid in VFS2 tmpfs file creation.Jamie Liu
Reported-by: syzbot+59550b48e06cc0d3b638@syzkaller.appspotmail.com PiperOrigin-RevId: 386075453
2021-07-20Enable RACK by default in netstack.Nayana Bidari
PiperOrigin-RevId: 385944428
2021-07-20Expose local address from raw socketsGhanan Gowripalan
PiperOrigin-RevId: 385940836
2021-07-20Add fsstress test to goferfsFabricio Voznika
PiperOrigin-RevId: 385937353
2021-07-20Don't kill container when volume is unmountedFabricio Voznika
The gofer session is killed when a gofer backed volume is unmounted. The gofer monitor catches the disconnect and kills the container. This changes the gofer monitor to only care about the rootfs connections, which cannot be unmounted. Fixes #6259 PiperOrigin-RevId: 385929039
2021-07-20Merge pull request #6220 from laijs:disconnect-fpgVisor bot
PiperOrigin-RevId: 385919423
2021-07-20Add go:build directives as required by Go 1.17's gofmt.Jamie Liu
PiperOrigin-RevId: 385894869
2021-07-20ring0: Initialize sentryXCR0 from Kernel.init()Andrei Vagin
Fixes #6300 PiperOrigin-RevId: 385840917
2021-07-16Automated rollback of changelist 385029528Kevin Krakauer
PiperOrigin-RevId: 385200993
2021-07-15Fix refcount increments in gofer.filesystem.Sync.Fabricio Voznika
fs.renameMu is released and reacquired in `dentry.destroyLocked()` allowing a dentry to be in `fs.syncableDentries` with a negative reference count. Fixes #5263 PiperOrigin-RevId: 385054337
2021-07-15Update gVisor release signing key to a version that does not expire.Etienne Perot
PiperOrigin-RevId: 385051420
2021-07-15buildkite: bump Go version to 1.16Kevin Krakauer
We're currently on 1.13, which can cause build issues with code targeting later versions. PiperOrigin-RevId: 385029528
2021-07-15netstack: support SO_RCVBUFFORCEKevin Krakauer
TCP is fully supported. As with SO_RCVBUF, other transport protocols perform no-ops per DefaultSocketOptionsHandler.OnSetReceiveBufferSize. PiperOrigin-RevId: 385023239
2021-07-15Merge pull request #6320 from kevinGC:issues-templategVisor bot
PiperOrigin-RevId: 385019550
2021-07-14Add verity symlink testsChong Cai
PiperOrigin-RevId: 384823097
2021-07-14Replace whitelist with allowlist from docsFabricio Voznika
PiperOrigin-RevId: 384796852
2021-07-14Set tcp endpoint state atomicallyTamir Duberstein
PiperOrigin-RevId: 384776517
2021-07-14testing: shrink exhaustion test size to avoid timeoutsKevin Krakauer
Tested via: ``` bazel test \ //test/syscalls:socket_ipv4_udp_unbound_loopback_nogotsan_test_runsc_ptrace --runs_per_test=2000 ``` PiperOrigin-RevId: 384773477
2021-07-14use github issue templatesKevin Krakauer
2021-07-13Replace whitelist with allowlistFabricio Voznika
PiperOrigin-RevId: 384586164
2021-07-13Do not require O_PATH flag to enable verityChong Cai
Remove the hack in gVisor vfs that allows verity to bypass the O_PATH check, since ioctl is not allowed on fds opened with O_PATH in linux. Verity still opens the lowerFD with O_PATH to open it as a symlink, but the API no longer expects O_PATH to open a fd to be verity enabled. Now only O_FOLLOW should be specified when opening and enabling verity features. PiperOrigin-RevId: 384567833
2021-07-13Implement stubs for msgget(2) and msgctl(IPC_RMID).Zyad A. Ali
Add support for msgget, and msgctl(IPC_RMID), and enable msgqueue syscall tests. Updates #135
2021-07-13Implement Registry.Remove.Zyad A. Ali
Remove implements the behaviour or msgctl(IPC_RMID). Updates #135
2021-07-13Implement Registry.FindOrCreate.Zyad A. Ali
FindOrCreate implements the behaviour of msgget(2). Updates #135
2021-07-13Create package msgqueue.Zyad A. Ali
Create package msgqueue, define primitives to be used for message queues, and add a msgqueue.Registry to IPCNamespace. Updates #135
2021-07-13Add initial test cases for msgget(2).Zyad A. Ali
Updates #135
2021-07-13Add abi definitions for sysv message queues.Zyad A. Ali
Updates #135
2021-07-13Create ipc.Registry.Zyad A. Ali
Create ipc.Registry to hold fields, and define functionality common to all SysV registries, and have registries use it.
2021-07-13Create ipc package and ipc.Object.Zyad A. Ali
Create ipc.Object to define fields and functionality used in SysV mechanisms, and have them use it.
2021-07-13Use consistent naming for subcontainersFabricio Voznika
It was confusing to find functions relating to root and non-root containers. Replace "non-root" and "subcontainer" and make naming consistent in Sandbox and controller. PiperOrigin-RevId: 384512518
2021-07-13netstack: atomically update buffer sizesKevin Krakauer
Previously, two calls to set the send or receive buffer size could have raced and left state wherein: - The actual size depended on one call - The value returned by getsockopt() depended on the other PiperOrigin-RevId: 384508720
2021-07-13Deflake TestRouterSolicitationGhanan Gowripalan
Before this change, transmission of the first router solicitation races with the adding of an IPv6 link-local address. This change creates the NIC in the disabled state and is only enabled after the address is added (if required) to avoid this race. PiperOrigin-RevId: 384493553
2021-07-12netstack: move SO_SNDBUF/RCVBUF clamping logic out of //pkg/tcpipKevin Krakauer
- Keeps Linux-specific behavior out of //pkg/tcpip - Makes it clearer that clamping is done only for setsockopt calls from users - Removes code duplication PiperOrigin-RevId: 384389809
2021-07-12Fix deadlock in procfsFabricio Voznika
Kernfs provides an internal mechanism to defer calls to `DecRef()` because on the last reference `Filesystem.mu` must be held and most places that need to call `DecRef()` are inside the lock. The same can be true for filesystems that extend kernfs. procfs needs to look up files and `DecRef()` them inside the `kernfs.Filesystem.mu`. If the files happen to be procfs files, it can deadlock trying to decrement if it's the last reference. This change extends the mechanism to external callers to defer DecRefs to `vfs.FileDescription` and `vfs.VirtualDentries`. PiperOrigin-RevId: 384361647
2021-07-12Drop dedicated benchmark lifecycle.Adin Scannell
Instead, roll the output scraping into the main runner. Pass a perf flag to the runner in order to control leak checking, apply tags via the macro and appropriately disable logging. This may be removed in the future. PiperOrigin-RevId: 384348035
2021-07-12Fix stdios ownershipFabricio Voznika
Set stdio ownership based on the container's user to ensure the user can open/read/write to/from stdios. 1. stdios in the host are changed to have the owner be the same uid/gid of the process running the sandbox. This ensures that the sandbox has full control over it. 2. stdios owner owner inside the sandbox is changed to match the container's user to give access inside the container and make it behave the same as runc. Fixes #6180 PiperOrigin-RevId: 384347009
2021-07-12Fix GoLand analyzer errors under runsc/...Fabricio Voznika
PiperOrigin-RevId: 384344990
2021-07-12[syserror] Update syserror to linuxerr for more errors.Zach Koopmans
Update the following from syserror to the linuxerr equivalent: EEXIST EFAULT ENOTDIR ENOTTY EOPNOTSUPP ERANGE ESRCH PiperOrigin-RevId: 384329869
2021-07-12Mark all functions that are called from a forked child with go:noraceAndrei Vagin
PiperOrigin-RevId: 384305599
2021-07-12Fix async-signal-unsafety in chroot test.Jamie Liu
PiperOrigin-RevId: 384295543
2021-07-12Prevent interleaving in sniffer pcap outputTamir Duberstein
Remove "partial write" handling as io.Writer.Write is not permitted to return a nil error on partial writes, and this code was already panicking on non-nil errors. PiperOrigin-RevId: 384289970
2021-07-12Prevent the cleanup script from destroying any "bootstrap" containers.Adin Scannell
PiperOrigin-RevId: 384257460
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 22:37:14 +0000