summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-02-02Merge release-20210125.0-66-gfb422db70 (automated)gVisor bot
2021-02-02Update go-tools to 2020.2.1Tamir Duberstein
...and a bunch of other things as I worked through the rot. Notably: - Upgrade to bazel 4.0.0 - Upgrade to Go 1.15.7 Remove go_branch stderr suppression; this made it quite difficult to see what was failing while developing this patch. PiperOrigin-RevId: 355257833
2021-02-02Merge release-20210125.0-65-gff8b308a3 (automated)gVisor bot
2021-02-02Remove call to Notify from pipe.VFSPipeFD.CopyOutFrom.Jamie Liu
This was missed in cl/351911375; pipe.VFSPipeFD.SpliceFromNonPipe already calls Notify. PiperOrigin-RevId: 355246655
2021-02-02Merge release-20210125.0-64-gfcc2468db (automated)gVisor bot
2021-02-02Add CPUSet for runsc mitigate.Zach Koopmans
PiperOrigin-RevId: 355242055
2021-02-02Merge release-20210125.0-63-g49f783fb6 (automated)gVisor bot
2021-02-02Rename HandleNDupAcks in TCP.Nayana Bidari
Rename HandleNDupAcks() to HandleLossDetected() as it will enter this when is detected after: - reorder window expires and TLP (in case of RACK) - dupAckCount >= 3 PiperOrigin-RevId: 355237858
2021-02-02Merge release-20210125.0-62-g5f7bf3152 (automated)gVisor bot
2021-02-02Stub out basic `runsc events --stat` CPU functionalityKevin Krakauer
Because we lack gVisor-internal cgroups, we take the CPU usage of the entire pod and divide it proportionally according to sentry-internal usage stats. This fixes `kubectl top pods`, which gets a pod's CPU usage by summing the usage of its containers. Addresses #172. PiperOrigin-RevId: 355229833
2021-02-02Merge release-20210125.0-61-gf884ea13b (automated)gVisor bot
2021-02-02Move ring0 package.Adin Scannell
This allows the package to serve as a general purpose ring0 support package, as opposed to being bound to specific sentry platforms. Updates #5039 PiperOrigin-RevId: 355220044
2021-02-02Merge release-20210125.0-60-gd6d169320 (automated)gVisor bot
2021-02-02Merge release-20210125.0-59-g017348af9 (automated)gVisor bot
2021-02-02Add ETIMEDOUT to partial result listFabricio Voznika
Reported-by: syzbot+db8d83f93b84fcb84374@syzkaller.appspotmail.com PiperOrigin-RevId: 355213994
2021-02-02Drop gazelle target from the Makefile.Adin Scannell
This is replaced with a straight call to bazel. Unfortunately, the built gazelle target requires a bazel installation to run anyways. PiperOrigin-RevId: 355211990
2021-02-02Merge release-20210125.0-58-g8c7c5abaf (automated)gVisor bot
2021-02-02Add support for rate limiting out of window ACKs.Bhasker Hariharan
Netstack today will send dupACK's with no rate limit for incoming out of window segments. This can result in ACK loops for example if a TCP socket connects to itself (actually permitted by TCP). Where the ACK sent in response to packets being out of order itself gets considered as an out of window segment resulting in another ACK being generated. PiperOrigin-RevId: 355206877
2021-02-02Merge release-20210125.0-57-g3817c7349 (automated)gVisor bot
2021-02-02Remove go_tool_library references.Adin Scannell
This is required only for the built-in bazel nogo functionality. Since we roll these targets manually via the wrappers, we don't need to use go_tool_library. The inconsistent use of these targets leads to conflicting instantiations of go_default_library and go_tool_library, which both contain the same output files. PiperOrigin-RevId: 355184975
2021-02-02Merge release-20210125.0-56-g00d21b9ae (automated)gVisor bot
2021-02-02Assert TCP_INFO size before checking contentTamir Duberstein
Also sync syscall test expectations on Fuchisa. PiperOrigin-RevId: 355163492
2021-02-02Merge release-20210125.0-55-g5fa683ffd (automated)gVisor bot
2021-02-02Minor page tables improvements.Adin Scannell
* Make split safe. * Enable looking up next valid address. * Support mappings with !accessType.Any(), distinct from unmap. These changes allow for the use of pagetables in low-level OS packages, such as ring0, and allow for the use of pagetables for more generic address space reservation (by writing entries with no access specified). Updates #5039 PiperOrigin-RevId: 355109016
2021-02-02Merge release-20210125.0-54-g0c8cc6611 (automated)gVisor bot
2021-02-01Fix empty Packages file for APT repository.Adin Scannell
This change also adds an extra sanity check to the make_apt.sh script, in order to ensure that this simple mistake does not occur again. PiperOrigin-RevId: 355101754
2021-02-02Merge release-20210125.0-53-gaae480380 (automated)gVisor bot
2021-02-01Enable container checkpoint/restore tests with VFS2Fabricio Voznika
Updates #1663 PiperOrigin-RevId: 355077816
2021-02-02Merge release-20210125.0-52-gd3855ad6b (automated)gVisor bot
2021-02-01Add RACK reorder tests.Nayana Bidari
PiperOrigin-RevId: 355067082
2021-02-02Merge release-20210125.0-51-g5d8054e75 (automated)gVisor bot
2021-02-01Remove Go cache on failure.Adin Scannell
It's unclear why permissions wind up corrupted, but these can be cleared on any failure, similar to the bazel cache itself: https://buildkite.com/gvisor/pipeline/builds/2304#_ PiperOrigin-RevId: 355057421
2021-02-02Merge release-20210125.0-50-g5230c8e13 (automated)gVisor bot
2021-02-01Merge pull request #5403 from avagin:syzkaller3gVisor bot
PiperOrigin-RevId: 355047815
2021-02-01Merge release-20210125.0-48-g0da3c72c9 (automated)gVisor bot
2021-02-01[infra] Consolidate all ubuntu tests into one image.Ayush Ranjan
This makes it easier to add more tests that run on Ubuntu. We can now just add a bash script and call that from integration_test without having to set up another image. PiperOrigin-RevId: 355000410
2021-02-01Merge release-20210125.0-47-gebd3912c0 (automated)gVisor bot
2021-02-01Merge release-20210125.0-46-gcbcebfea8 (automated)gVisor bot
2021-02-01Refactor HandleControlPacket/SockErrorGhanan Gowripalan
...to remove the need for the transport layer to deduce the type of error it received. Rename HandleControlPacket to HandleError as HandleControlPacket only handles errors. tcpip.SockError now holds a tcpip.SockErrorCause interface that different errors can implement. PiperOrigin-RevId: 354994306
2021-02-01[infra] Fix gazelle target.Ayush Ranjan
PiperOrigin-RevId: 354991724
2021-02-01Merge release-20210125.0-45-g726100f8e (automated)gVisor bot
2021-02-01Assert expected size before unmarshallingTamir Duberstein
...to prevent panicking in case of failure. PiperOrigin-RevId: 354970257
2021-02-01Merge release-20210125.0-44-gd930def27 (automated)gVisor bot
2021-01-31Default to NUD/neighborCache instead of linkAddrCacheGhanan Gowripalan
This change flips gvisor to use Neighbor unreachability detection by default to populate the neighbor table as defined by RFC 4861 section 7. Although RFC 4861 is targeted at IPv6, the same algorithm is used for link resolution on IPv4 networks using ARP. Integrators may still use the legacy link address cache by setting stack.Options.UseLinkAddrCache to true; stack.Options.UseNeighborCache is now unused and will be removed. A later change will remove linkAddrCache and associated code. Updates #4658. PiperOrigin-RevId: 354850531
2021-01-31Merge release-20210125.0-43-gc5e3c1c7b (automated)gVisor bot
2021-01-31Use closure for IPv6 testContext cleanupGhanan Gowripalan
PiperOrigin-RevId: 354827491
2021-01-31Merge release-20210125.0-42-gb4f8a9252 (automated)gVisor bot
2021-01-31Remove NICs before closing their link endpointsGhanan Gowripalan
...in IPv6 ICMP tests. A channel link endpoint's channel is closed when the link endpoint is closed. When the stack tries to send packets through a NIC with a closed channel endpoint, a panic will occur when attempting to write to a closed channel (https://golang.org/ref/spec#Close). To make sure the stack does not try to send packets through a NIC, we remove it. PiperOrigin-RevId: 354822085
2021-01-31Merge release-20210125.0-41-g4ee8cf873 (automated)gVisor bot
2021-01-31Use different neighbor tables per network endpointGhanan Gowripalan
This stores each protocol's neighbor state separately. This change also removes the need for each neighbor entry to keep track of their own link address resolver now that all the entries in a cache will use the same resolver. PiperOrigin-RevId: 354818155