summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-06-29Sort children map before hashChong Cai
The unordered map may generate different hash due to its order. The children map needs to be sorted each time before hashing to avoid false verification failure due to the map. Store the sorted children map in verity dentry to avoid sorting it each time verification happens. Also serialize the whole VerityDescriptor struct to hash now that the map is removed from it. PiperOrigin-RevId: 382201560
2021-06-29Add SIOCGIFFLAGS ioctl support to hostinet.Lucas Manning
PiperOrigin-RevId: 382194711
2021-06-29[syserror] Change syserror to linuxerr for E2BIG, EADDRINUSE, and EINVALZach Koopmans
Remove three syserror entries duplicated in linuxerr. Because of the linuxerr.Equals method, this is a mere change of return values from syserror to linuxerr definitions. Done with only these three errnos as CLs removing all grow to a significantly large size. PiperOrigin-RevId: 382173835
2021-06-29Delete PID files right after they are readFabricio Voznika
The PID files are not used after they are read, so there is no point in keeping them around until the shim is deleted. Updates #6225 PiperOrigin-RevId: 382169916
2021-06-29Redirect all calls from `errdefs.ToGRPC` to `utils.ErrToGRPC`Fabricio Voznika
This is to ensure that Go 1.13 error wrapping is correctly translated to gRPC errors before returning from the shim. Updates #6225 PiperOrigin-RevId: 382120441
2021-06-28Allow VFS2 gofer client to mmap from sentry page cache when forced.Jamie Liu
PiperOrigin-RevId: 381982257
2021-06-28Exit early with error message on checkpoint/pause w/ hostinet.Ian Lewis
PiperOrigin-RevId: 381964660
2021-06-28code quality: cleanup lint messagesKevin Krakauer
dns PiperOrigin-RevId: 381949375
2021-06-28netstack: deflake TestSynRcvdBadSeqNumberKevin Krakauer
There was a race wherein Accept() could fail, then the handshake would complete, and then a waiter would be created to listen for the handshake. In such cases, no notification was ever sent and the test timed out. PiperOrigin-RevId: 381913041
2021-06-28check explicitly that AF_PACKET sockets can't write in gVisorKevin Krakauer
PiperOrigin-RevId: 381896875
2021-06-25Merge pull request #6222 from avagin:stopgVisor bot
PiperOrigin-RevId: 381561785
2021-06-25Remove sndQueue as its pointless now.Bhasker Hariharan
sndQueue made sense when the worker goroutine and the syscall context held different locks. Now both lock the endpoint lock before doing anything which means adding to sndQueue is pointless as we move it to writeList immediately after that in endpoint.Write() by calling e.drainSendQueue. PiperOrigin-RevId: 381523177
2021-06-25[tcp_info_test] Increase retransmission timeoutTamir Duberstein
PiperOrigin-RevId: 381515399
2021-06-25[tcp_info_test] Remove %vTamir Duberstein
PiperOrigin-RevId: 381508674
2021-06-24Incrementally update checksum when NAT-ingGhanan Gowripalan
...instead of calculating a fresh checksum to avoid re-calcalculating a checksum on unchanged bytes. Fixes #5340. PiperOrigin-RevId: 381403888
2021-06-24Refactor default router state to off-link route stateGhanan Gowripalan
This change prepares for a later change which supports the NDP Route Information option to discover more-specific routes, as per RFC 4191. The newly introduced off-link route state will be used to hold both the state for default routers (which is a default (off-link) route through the router, and more-specific routes (which are routes through some router to some destination subnet more specific than the IPv6 empty subnet). Updates #6172. PiperOrigin-RevId: 381403761
2021-06-24Internal change.Jamie Liu
PiperOrigin-RevId: 381375705
2021-06-24Run `:socket_inet_loopback_isolated_test_linux` tests in a container.Etienne Perot
This creates new user and network namespaces for all tests in `:socket_inet_loopback_isolated_test_linux`. PiperOrigin-RevId: 381374120
2021-06-24Delete sentry metrics /watchdog/{stuck_startup_detected, stuck_tasks_detected}Nayana Bidari
- These metrics are replaced with WeirdnessMetric with fields watchdog_stuck_startup and watchdog_stuck_tasks. PiperOrigin-RevId: 381365617
2021-06-24CreateProcessGroup has to check whether a target process stil exists or notAndrei Vagin
A caller of CreateProcessGroup looks up a thread group without locks, so the target process can exit before CreateProcessGroup will be called. Reported-by: syzbot+6abb7c34663dacbd55a8@syzkaller.appspotmail.com PiperOrigin-RevId: 381351069
2021-06-24Merge pull request #6228 from ↵gVisor bot
puppetlabs:fix-shim-pid-leaking-on-stopped-processes PiperOrigin-RevId: 381341920
2021-06-23Use memutil.MapFile for the memory accounting page.Jamie Liu
PiperOrigin-RevId: 381145216
2021-06-23Move flipcall.packetWindowMmap to memutil.Jamie Liu
PiperOrigin-RevId: 381100861
2021-06-23Fix PR_SET_PTRACER applicability to non-leader threads.Jamie Liu
Compare if (!thread_group_leader(tracee)) tracee = rcu_dereference(tracee->group_leader); in security/yama/yama_lsm.c:ptracer_exception_found(). PiperOrigin-RevId: 381074242
2021-06-23Do not attempt to kill stopped exec processesNoah Fontes
While #6204 addressed the stopped state for handling signals in the main process, it did not update exec processes in the same way. This change mirrors that adjustment for exec processes.
2021-06-23Ensure shim propagates errors over gRPC correctlyNoah Fontes
This change wraps containerd's errdefs.ToGRPC function with one that understands Go 1.13-style error wrapping style, which is used pervasively throughout the shim. With this change, errors that have been marked with, e.g., `errdefs.ErrNotFound`, will be correctly propagated back to the containerd server.
2021-06-22Wake up Writers when tcp socket is shutdown for writes.Bhasker Hariharan
PiperOrigin-RevId: 380967023
2021-06-22netstack: further deflake tcp_testKevin Krakauer
There are unnecessarily short timeouts in several places. Note: a later change will switch tcp_test to fake clocks intead of the built-in `time` package. PiperOrigin-RevId: 380935400
2021-06-22`socket_inet_loopback`: Split off tests that need isolation in their own file.Etienne Perot
This allows these tests, which can cause flakiness when run in the same network namespace as the other `socket_inet_loopback` tests, to run as separate tests in their own environment. It also means that all of the shards of those tests can be more isolated from each other as well. PiperOrigin-RevId: 380930198
2021-06-22[syserror] Add conversions to linuxerr with temporary Equals method.Zach Koopmans
Add Equals method to compare syserror and unix.Errno errors to linuxerr errors. This will facilitate removal of syserror definitions in a followup, and finding needed conversions from unix.Errno to linuxerr. PiperOrigin-RevId: 380909667
2021-06-22Merge pull request #5051 from lubinszARM:pr_escapes_1gVisor bot
PiperOrigin-RevId: 380904249
2021-06-22Remove timeoutsTamir Duberstein
These aren't useful and create opportunities for flakes. PiperOrigin-RevId: 380889223
2021-06-22runsc: don't kill sandbox, let it stop properlyAndrei Vagin
The typical sequence of calls to start a container looks like this ct, err := container.New(conf, containerArgs) defer ct.Destroy() ct.Start(conf) ws, err := ct.Wait() For the root container, ct.Destroy() kills the sandbox process. This doesn't look like a right wait to stop it. For example, all ongoing rpc calls are aborted in this case. If everything is going alright, we can just wait and it will exit itself. Reported-by: syzbot+084fca334720887441e7@syzkaller.appspotmail.com Signed-off-by: Andrei Vagin <avagin@gmail.com>
2021-06-22Trigger poll/epoll events on zero-length hostinet sendmsgIan Lewis
Fixes #2726 PiperOrigin-RevId: 380753516
2021-06-21clean up tcpdump TODOsKevin Krakauer
tcpdump is largely supported. We've also chose not to implement writeable AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333). Fixes #173. PiperOrigin-RevId: 380733686
2021-06-21Improve stopped container handlingFabricio Voznika
Getting state of a stopped container would fail and could lead containerd to not detecting that the container had actually stopped. Now stopped and deleted containers return `stopped` state. Also makes other messages more consistent when container is stopped. Some where still sending messages to runsc and failing in different ways. Now they go through `initState` state machine like the other messages. There are a few changes to improve debugability with it as well. Fixes #5861 PiperOrigin-RevId: 380698513
2021-06-21Use fake clocks in NDP testsGhanan Gowripalan
Updates #5940. PiperOrigin-RevId: 380668609
2021-06-21netstack: don't ACK SYNs in TIME-WAITKevin Krakauer
It was possible for a SYN to arrive after the endpoint sent an ACK as part of the transition to TIME-WAIT, but before returning from handleSegmentsLocked(). This caused the SYN to be dequeued and ACK'd despite the change in EndpointState. Deflakes TestTCPTimeWaitNewSyn. Tested with: blaze test --config=gotsan --runs_per_test 10000 \ //third_party/gvisor/pkg/tcpip/transport/tcp:tcp_x_test -j 2000 \ // --test_filter TestTCPTimeWaitNewSyn PiperOrigin-RevId: 380639808
2021-06-21Add gcore to list of supported toolsFabricio Voznika
PiperOrigin-RevId: 380636877
2021-06-18Add endpoints to map only if registerEndpoint succeeds.Bhasker Hariharan
epsByNIC.registerEndpoint can add a multiportEndpoint to its map of nic->multiportEndpoint even if multiport.Endpoint.singleRegisterEndpoint failed. Same for transportDemuxer.singleRegisterEndpoint which ends up adding an entry to nic->epsByNIC even if epsByNIC.registerEndpoint fails. These breaks an invariant which the code assumes that a multiportEndpoint/endpointsByNIC always have at least one valid entry. PiperOrigin-RevId: 380310115
2021-06-18Include off-link route's preference in update eventsGhanan Gowripalan
RFC 4191 supports the notion of a preference value for default routers and more-specific routes, so update the OffLinkRouteUpdate event to include this preference value so integrators may prioritize routes based on a route's advertised preference value. Note, more-specific route discovery is not supported yet, but will be in a later change. Updates #6172. Test: ndp_test.TestRouterDiscovery PiperOrigin-RevId: 380243716
2021-06-17[syserror] Change p9 server to use linuxerr.Zach Koopmans
Change the p9 server to use *errors.Error defined in pkg linuxerr. Done separate from the client so that we ensure different p9 server/client versions work with each other. PiperOrigin-RevId: 380084491
2021-06-17remove outdated ip6tables TODOsKevin Krakauer
IPv6 SO_ORIGINAL_DST is supported, and the flag check as-written will detect when other flags are needed. Fixes #3549. PiperOrigin-RevId: 380059115
2021-06-17Move tcpip.Clock impl to TimekeeperTamir Duberstein
...and pass it explicitly. This reverts commit b63e61828d0652ad1769db342c17a3529d2d24ed. PiperOrigin-RevId: 380039167
2021-06-17raw sockets: don't overwrite destination addressKevin Krakauer
Also makes the behavior of raw sockets WRT fragmentation clearer, and makes the ICMPv4 header-length check explicit. Fixes #3160. PiperOrigin-RevId: 380033450
2021-06-16Fix broken hdrincl testKevin Krakauer
Fixes #3159. PiperOrigin-RevId: 379814096
2021-06-16[syserror] Refactor linuxerr and error package.Zach Koopmans
Move Error struct to pkg/errors package for use in multiple places. Move linuxerr static definitions under pkg/errors/linuxerr. Add a lookup list for quick lookup of *errors.Error by errno. This is useful when converting syserror errors and unix.Errno/syscall.Errrno values to *errors.Error. Update benchmarks routines to include conversions. The below benchmarks show *errors.Error usage to be comparable to using unix.Errno. BenchmarkAssignUnix BenchmarkAssignUnix-32 787875022 1.284 ns/op BenchmarkAssignLinuxerr BenchmarkAssignLinuxerr-32 1000000000 1.209 ns/op BenchmarkAssignSyserror BenchmarkAssignSyserror-32 759269229 1.429 ns/op BenchmarkCompareUnix BenchmarkCompareUnix-32 1000000000 1.310 ns/op BenchmarkCompareLinuxerr BenchmarkCompareLinuxerr-32 1000000000 1.241 ns/op BenchmarkCompareSyserror BenchmarkCompareSyserror-32 147196165 8.248 ns/op BenchmarkSwitchUnix BenchmarkSwitchUnix-32 373233556 3.664 ns/op BenchmarkSwitchLinuxerr BenchmarkSwitchLinuxerr-32 476323929 3.294 ns/op BenchmarkSwitchSyserror BenchmarkSwitchSyserror-32 39293408 29.62 ns/op BenchmarkReturnUnix BenchmarkReturnUnix-32 1000000000 0.5042 ns/op BenchmarkReturnLinuxerr BenchmarkReturnLinuxerr-32 1000000000 0.8152 ns/op BenchmarkConvertUnixLinuxerr BenchmarkConvertUnixLinuxerr-32 739948875 1.547 ns/op BenchmarkConvertUnixLinuxerrZero BenchmarkConvertUnixLinuxerrZero-32 977733974 1.489 ns/op PiperOrigin-RevId: 379806801
2021-06-16kvm: mark UpperHalf PTE-s as globalAndrei Vagin
UpperHalf is shared with all address spaces. PiperOrigin-RevId: 379790539
2021-06-16Merge pull request #5991 from zhlhahaha:2165gVisor bot
PiperOrigin-RevId: 379766106
2021-06-15Deflake SocketInetLoopbackTest.TCPBacklogKevin Krakauer
The value can be off by one depending on the kernel we're running. Tested with --runs_per_test=1000. PiperOrigin-RevId: 379535390