| Age | Commit message (Collapse) | Author |
|---|
|
PiperOrigin-RevId: 341001328
|
|
This change adds a Subnet() method to AddressableEndpoint so that we
can avoid repeated calls to AddressableEndpoint.AddressWithPrefix().Subnet().
Updates #231
PiperOrigin-RevId: 340969877
|
|
Due to a type doDestroyNotStartedTest was being tested
2x instead of doDestroyStartingTest.
PiperOrigin-RevId: 340969797
|
|
This was causing gvisor-containerd-shim to crash because the command
suceeded, but there was no stat present.
PiperOrigin-RevId: 340964921
|
|
This will allow us to run massive runtime tests live java to run in parallel
across multiple jobs.
PiperOrigin-RevId: 340956246
|
|
* Remove stack.Route from incoming packet path.
There is no need to pass around a stack.Route during the incoming path
of a packet. Instead, pass around the packet's link/network layer
information in the packet buffer since all layers may need this
information.
* Support address bound and outgoing packet NIC in routes.
When forwarding is enabled, the source address of a packet may be bound
to a different interface than the outgoing interface. This change
updates stack.Route to hold both NICs so that one can be used to write
packets while the other is used to check if the route's bound address
is valid. Note, we need to hold the address's interface so we can check
if the address is a spoofed address.
* Introduce the concept of a local route.
Local routes are routes where the packet never needs to leave the stack;
the destination is stack-local. We can now route between interfaces
within a stack if the packet never needs to leave the stack, even when
forwarding is disabled.
* Always obtain a route from the stack before sending a packet.
If a packet needs to be sent in response to an incoming packet, a route
must be obtained from the stack to ensure the stack is configured to
send packets to the packet's source from the packet's destination.
* Enable spoofing if a stack may send packets from unowned addresses.
This change required changes to some netgophers since previously,
promiscuous mode was enough to let the netstack respond to all
incoming packets regardless of the packet's destination address. Now
that a stack.Route is not held for each incoming packet, finding a route
may fail with local addresses we don't own but accepted packets for
while in promiscuous mode. Since we also want to be able to send from
any address (in response the received promiscuous mode packets), we need
to enable spoofing.
* Skip transport layer checksum checks for locally generated packets.
If a packet is locally generated, the stack can safely assume that no
errors were introduced while being locally routed since the packet is
never sent out the wire.
Some bugs fixed:
- transport layer checksum was never calculated after NAT.
- handleLocal didn't handle routing across interfaces.
- stack didn't support forwarding across interfaces.
- always consult the routing table before creating an endpoint.
Updates #4688
Fixes #3906
PiperOrigin-RevId: 340943442
|
|
PiperOrigin-RevId: 340941898
|
|
When OOM score adjustment needs to be set, all the containers need to be
loaded to find all containers that belong to the sandbox. However, each
load signals the container to ensure it is still alive. OOM score
adjustment is set during creation and deletion of every container, generating
a flood of signals to all containers. The fix removes the signal check
when it's not needed.
There is also a race fetching OOM score adjustment value from the parent when
the sandbox exits at the same time (the time it took to signal containers above
made this window quite large). The fix is to store the original value
in the sandbox state file and use it when the value needs to be restored.
Also add more logging and made the existing ones more consistent to help with
debugging.
PiperOrigin-RevId: 340940799
|
|
PiperOrigin-RevId: 340925131
|
|
- Disable saving in tests that wait for EINTR.
- Do not execute async-signal-unsafe code after fork() (see fork(2)'s manpage,
"After a fork in a multithreaded program ...")
- Check for errors returned by semctl(GETZCNT).
PiperOrigin-RevId: 340901353
|
|
This was occasionally causing tests to get stuck due to races with the save
process, during which the same mutex is acquired.
PiperOrigin-RevId: 340789616
|
|
PiperOrigin-RevId: 340763455
|
|
The file size can now also be verified. Also, since we are zero-padding
the last block of the data, we cannot differentiate the cases between
zero-padded block from the blocks that are ends with zeroes. With the
size included this can be addressed, as those cases would have different
file size.
PiperOrigin-RevId: 340695510
|
|
Updates #2785
PiperOrigin-RevId: 340566576
|
|
PiperOrigin-RevId: 340536306
|
|
The waits-for relationship between an epoll instance and an inotify fd should
be restored.
This fixes flaky inotify vfs2 tests.
PiperOrigin-RevId: 340531367
|
|
The default pipe size already matched linux, and is unchanged.
Furthermore `atomicIOBytes` is made a proper constant (as it is in Linux). We
were plumbing usermem.PageSize everywhere, so this is no functional change.
PiperOrigin-RevId: 340497006
|
|
PiperOrigin-RevId: 340484823
|
|
Without releasing the mutex, operations on the endpoint following a
nonblocking connect will not make progress until connect is complete.
PiperOrigin-RevId: 340467654
|
|
Use an sErr injection to trigger sigbus when we receive EFAULT from the
run ioctl.
After applying this patch, mmap_test_runsc_kvm will be passed on
Arm64.
Signed-off-by: Bin Lu <bin.lu@arm.com>
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/4542 from lubinszARM:pr_kvm_mmap_1 f81bd42466d1d60a581e5fb34de18b78878c68c1
PiperOrigin-RevId: 340461239
|
|
PiperOrigin-RevId: 340389884
|
|
Don't return the filename, since it can already be determined by the caller.
This was causing a panic in RenameAt, which relied on the name to be nonempty
even if the error was EEXIST.
Reported-by: syzbot+e9f117d000301e42361f@syzkaller.appspotmail.com
PiperOrigin-RevId: 340381946
|
|
Send NUD probes in another gorountine to free the thread of execution for
finishing the state transition. This is necessary to avoid deadlock where
sending and processing probes are done in the same call stack, such as loopback
and integration tests.
Fixes #4701
PiperOrigin-RevId: 340362481
|
|
PiperOrigin-RevId: 340361998
|
|
The active_closefd has to be shutdown only for write,
otherwise the second poll will always return immediately.
The second poll should not be called from a separate thread.
PiperOrigin-RevId: 340319071
|
|
PiperOrigin-RevId: 340275942
|
|
PiperOrigin-RevId: 340274194
|
|
And in this case, tests will run in separate network namespaces
and will not affect each other.
PiperOrigin-RevId: 340267734
|
|
Fixes: #509
Signed-off-by: Lai Jiangshan <jiangshan.ljs@antfin.com>
Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
|
|
PiperOrigin-RevId: 340149214
|
|
In the docker container, the ipv6 loopback address is not set,
and connect("::1") has to return ENEADDRNOTAVAIL in this case.
Without this fix, it returns EHOSTUNREACH.
PiperOrigin-RevId: 340002915
|
|
Read-only directories (e.g. under /sys, /proc) should return EPERM for rename.
PiperOrigin-RevId: 339979022
|
|
The non-errno error was causing panics before.
PiperOrigin-RevId: 339969348
|
|
PiperOrigin-RevId: 339945377
|
|
kernel.copyContext{t} cannot be used outside of t's task goroutine, for three
reasons:
- t.CopyScratchBuffer() is task-goroutine-local.
- Calling t.MemoryManager() without running on t's task goroutine or locking
t.mu violates t.MemoryManager()'s preconditions.
- kernel.copyContext passes t as context.Context to MM IO methods, which is
illegal outside of t's task goroutine (cf. kernel.Task.Value()).
Fix this by splitting AsCopyContext() into CopyContext() (which takes an
explicit context.Context and is usable outside of the task goroutine) and
OwnCopyContext() (which uses t as context.Context, but is only usable by t's
task goroutine).
PiperOrigin-RevId: 339933809
|
|
PiperOrigin-RevId: 339921446
|
|
PiperOrigin-RevId: 339913577
|
|
PiperOrigin-RevId: 339886754
|
|
The IPv6 reassembly test was also refactored to be easily extended with
more cases.
PiperOrigin-RevId: 339768605
|
|
#4673 does not seem to work. Try this new approach.
PiperOrigin-RevId: 339754794
|
|
PiperOrigin-RevId: 339750876
|
|
Fixes #4613.
PiperOrigin-RevId: 339746784
|
|
TCP endpoint unconditionly binds to v4 even when the stack only supports v6.
PiperOrigin-RevId: 339739392
|
|
PiperOrigin-RevId: 339721152
|
|
PiperOrigin-RevId: 339699771
|
|
Refactor TCP handshake code so that when connect is initiated, the initial SYN
is sent before creating a goroutine to handle the rest of the handshake (which
blocks). Similarly, the initial SYN-ACK is sent inline when SYN is received
during accept.
Some additional cleanup is done as well.
Eventually we would like to complete connections in the dispatcher without
requiring a wakeup to complete the handshake. This refactor makes that easier.
Updates #231
PiperOrigin-RevId: 339675182
|
|
PiperOrigin-RevId: 339608078
|
|
As you can see https://github.com/google/gvisor/commits/master, there are a lot
of red commits. This is because the Go / generate GitHub action flakes.
On merge, two variants of this workflow run:
- one triggered by the pull request (copybara force pushes to the PR right
before merge)
- one triggered by the push (merge)
If the push action ends up finishing before the pull request action can run
go_branch.sh, then the changes that go_branch.sh makes is already pushed to
the remote go branch. Consequently, the pull request action ends up having
nothing to commit causing this action to fail.
This change also fixes lint warnings.
Now we skip running the go_branch.sh if we find that our current working commit
has already been committed to remote.
PiperOrigin-RevId: 339586760
|
|
Updates #1486.
PiperOrigin-RevId: 339581879
|
|
Also refactor the template and CheckedObject interface to make this cleaner.
Updates #1486.
PiperOrigin-RevId: 339577120
|
