Age | Commit message (Collapse) | Author |
|
When the sandbox runs in attached more, e.g. runsc do, runsc run, the
sandbox lifetime is controlled by the parent process. This wasn't working
in all cases because PR_GET_PDEATHSIG doesn't propagate through execve
when the process changes uid/gid. So it was getting dropped when the
sandbox execve's to change to user nobody.
PiperOrigin-RevId: 300601247
|
|
...instead of sorting at various times. Plug a memory leak by setting
removed elements to nil.
PiperOrigin-RevId: 300471087
|
|
PiperOrigin-RevId: 300467253
|
|
Atomically close the endpoint. Before this change, it was possible for
multiple callers to perform duplicate work.
PiperOrigin-RevId: 300462110
|
|
This also adds substantial test cases.
The Read/Write interfaces are dropped as they are not necessary.
PiperOrigin-RevId: 300461547
|
|
PiperOrigin-RevId: 300449422
|
|
Endpoints which were being terminated in an ERROR state or were moved to CLOSED
by the worker goroutine do not run cleanupLocked() as that should already be run
by the worker termination. But when making that change we made the mistake of
not removing the endpoint from the danglingEndpoints which is normally done in
cleanupLocked().
As a result these endpoints are leaked since a reference is held to them in the
danglingEndpoints array forever till Stack is torn down.
PiperOrigin-RevId: 300438426
|
|
Fixed flakes (tested via --runs_per_test=100) and added skips for
not-yet-implemented features. Once submitted, the iptables tests will be
ready to enable in kokoro.
|
|
PiperOrigin-RevId: 300410856
|
|
PiperOrigin-RevId: 300409401
|
|
This fixes a compile time error:
pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go:45:35: undefined: unsafe
PiperOrigin-RevId: 300375687
|
|
The asynchronous goroutine preemption is a new feature of Go 1.14.
When we switched to go 1.14 (cl/297915917) in the bazel config,
the kokoro syscall-kvm job started permanently failing. Lets
temporary set asyncpreemptoff for the kvm platform to unblock tests.
PiperOrigin-RevId: 300372387
|
|
PiperOrigin-RevId: 300362789
|
|
Go 1.14+ sends SIGURG to Ms to attempt asynchronous preemption of a G. Since it
can't guarantee that a SIGURG is only related to preemption, it continues to
forward them to signal.Notify (see runtime.sighandler).
When runsc is running a container, there are three processes: a parent process
and two children (sandbox and gopher). A parent process sets a signal handler
for all signals and redirect them to the container init process. This logic
should ignore SIGURG signals. We already ignore them in the Sentry, but it will
be better to not notify about them when this is possible.
PiperOrigin-RevId: 300345286
|
|
PiperOrigin-RevId: 300308974
|
|
PiperOrigin-RevId: 300270894
|
|
This change also updates where the IP packet buffer is held in an
outbound tcpip.PacketBuffer from Header to Data. This change removes
unncessary copying of the IP packet buffer when forwarding.
Test: stack_test.TestNICForwarding
PiperOrigin-RevId: 300217972
|
|
Fixes #1510
Test:
- stack_test.TestForwardingWithStaticResolver
- stack_test.TestForwardingWithFakeResolver
- stack_test.TestForwardingWithNoResolver
- stack_test.TestForwardingWithFakeResolverPartialTimeout
- stack_test.TestForwardingWithFakeResolverTwoPackets
- stack_test.TestForwardingWithFakeResolverManyPackets
- stack_test.TestForwardingWithFakeResolverManyResolutions
PiperOrigin-RevId: 300182570
|
|
PiperOrigin-RevId: 300171916
|
|
Issue #1833
PiperOrigin-RevId: 299998105
|
|
Without this change, the assembly code of this test compiled without
optimizations:
mov -0x150(%rbp),%rax
movl $0x77777777,(%rax)
lea -0x128(%rbp),%rax
with optimizations:
movl $0x77777777,0x0
This code doesn't work properly, because the test changes rax in the segv
handler.
PiperOrigin-RevId: 299896117
|
|
Linux use the task.thread.uw.tp_value field to store the
TLS pointer on arm64 platform, and we use a similar way
in gvisor to store it in the arch/State struct.
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: Ie76b5c6d109bc27ccfd594008a96753806db7764
|
|
google:dependabot/bundler/benchmarks/workloads/ruby/puma-3.12.4
PiperOrigin-RevId: 299485340
|
|
Bumps [puma](https://github.com/puma/puma) from 3.12.2 to 3.12.4.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v3.12.2...v3.12.4)
Signed-off-by: dependabot[bot] <support@github.com>
|
|
google:dependabot/bundler/benchmarks/workloads/ruby_template/puma-3.12.4
PiperOrigin-RevId: 299480247
|
|
PiperOrigin-RevId: 299466906
|
|
PiperOrigin-RevId: 299448307
|
|
In VFS2, imported file descriptors are stored in a kernfs-based filesystem.
Upon calling ImportFD, the host fd can be accessed in two ways:
1. a FileDescription that can be added to the FDTable, and
2. a Dentry in the host.filesystem mount, which we will want to access through
magic symlinks in /proc/[pid]/fd/.
An implementation of the kernfs.Inode interface stores a unique host fd. This
inode can be inserted into file descriptions as well as dentries.
This change also plumbs in three FileDescriptionImpls corresponding to fds for
sockets, TTYs, and other files (only the latter is implemented here).
These implementations will mostly make corresponding syscalls to the host.
Where possible, the logic is ported over from pkg/sentry/fs/host.
Updates #1672
PiperOrigin-RevId: 299417263
|
|
When list elements are removed from a list but not discarded, it becomes
important to invalidate the references they hold to their former
neighbors to prevent memory leaks.
PiperOrigin-RevId: 299412421
|
|
PiperOrigin-RevId: 299405855
|
|
PiperOrigin-RevId: 299405663
|
|
From RFC 793 s3.9 p61 Event Processing:
CLOSE Call during TIME-WAIT: return with "error: connection closing"
Fixes #1603
PiperOrigin-RevId: 299401353
|
|
If the NIC has a valid IPv6 address assigned, use it as the
source address for outgoing NDP Router Solicitation packets.
Test: stack_test.TestRouterSolicitation
PiperOrigin-RevId: 299398763
|
|
PiperOrigin-RevId: 299396286
|
|
PiperOrigin-RevId: 299383276
|
|
|
|
Useful for logs to print the string representation of the value
instead of the integer value.
PiperOrigin-RevId: 299356847
|
|
Adds an oom_score_adj and oom_score proc file stub. oom_score_adj accepts
writes of values -1000 to 1000 and persists the value with the task. New tasks
inherit the parent's oom_score_adj.
oom_score is a read-only stub that always returns the value '0'.
Issue #202
PiperOrigin-RevId: 299245355
|
|
PiperOrigin-RevId: 299238067
|
|
PiperOrigin-RevId: 299233818
|
|
By putting slices into the pool, the slice header escapes. This can be avoided
by not putting the slice header into the pool.
This removes an allocation from the TCP segment send path.
PiperOrigin-RevId: 299215480
|
|
A parser of test results doesn't expect to see any extra messages.
PiperOrigin-RevId: 299174138
|
|
PiperOrigin-RevId: 299151227
|
|
|
|
A parser of test results doesn't expect to see any extra messages.
PiperOrigin-RevId: 298966577
|
|
PiperOrigin-RevId: 298951909
|
|
PiperOrigin-RevId: 298941855
|
|
The benchmark_filter options accepts regex-s, but
the gtest-filter option accepts shell-like wildcards.
Fixes #2034
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
google:dependabot/bundler/benchmarks/workloads/ruby/rake-12.3.3
PiperOrigin-RevId: 298894164
|
|
$RANDOM can cause collisions but shuf uses /dev/urandom so it ought to cause
fewer.
PiperOrigin-RevId: 298786344
|