| Age | Commit message (Collapse) | Author |
|---|
|
In gVisor today its possible that when trying to bind a TCP socket
w/ SO_REUSEADDR specified and requesting the kernel pick a port by
setting port to zero can result in a previously bound port being
returned. This behaviour is incorrect as the user is clearly requesting
a free port. The behaviour is fine when the user explicity specifies
a port.
This change now checks if the user specified a port when making a port
reservation for a TCP port and only returns unbound ports even if
SO_REUSEADDR was specified.
Fixes #6209
PiperOrigin-RevId: 382607638
|
|
PiperOrigin-RevId: 382603592
|
|
Update/remove most syserror errors to linuxerr equivalents. For list
of removed errors, see //pkg/syserror/syserror.go.
PiperOrigin-RevId: 382574582
|
|
PiperOrigin-RevId: 382427879
|
|
Update all instances of the above errors to the faster linuxerr implementation.
With the temporary linuxerr.Equals(), no logical changes are made.
PiperOrigin-RevId: 382306655
|
|
This change prepares for a later change which supports the NDP
Route Information option to discover more-specific routes, as
per RFC 4191.
Updates #6172.
PiperOrigin-RevId: 382225812
|
|
PiperOrigin-RevId: 382202462
|
|
The unordered map may generate different hash due to its order. The
children map needs to be sorted each time before hashing to avoid false
verification failure due to the map.
Store the sorted children map in verity dentry to avoid sorting it each
time verification happens.
Also serialize the whole VerityDescriptor struct to hash now that the
map is removed from it.
PiperOrigin-RevId: 382201560
|
|
PiperOrigin-RevId: 382194711
|
|
Remove three syserror entries duplicated in linuxerr. Because of the
linuxerr.Equals method, this is a mere change of return values from
syserror to linuxerr definitions.
Done with only these three errnos as CLs removing all grow to a significantly
large size.
PiperOrigin-RevId: 382173835
|
|
The PID files are not used after they are read, so there is
no point in keeping them around until the shim is deleted.
Updates #6225
PiperOrigin-RevId: 382169916
|
|
This is to ensure that Go 1.13 error wrapping is correctly
translated to gRPC errors before returning from the shim.
Updates #6225
PiperOrigin-RevId: 382120441
|
|
When TUN is created with IFF_NO_PI flag, there will be no Ethernet header and no packet info, therefore, both read and write will fail.
This commit fix this bug.
|
|
PiperOrigin-RevId: 381982257
|
|
PiperOrigin-RevId: 381964660
|
|
dns
PiperOrigin-RevId: 381949375
|
|
There was a race wherein Accept() could fail, then the handshake would complete,
and then a waiter would be created to listen for the handshake. In such cases,
no notification was ever sent and the test timed out.
PiperOrigin-RevId: 381913041
|
|
PiperOrigin-RevId: 381896875
|
|
PiperOrigin-RevId: 381561785
|
|
sndQueue made sense when the worker goroutine and the syscall context held
different locks. Now both lock the endpoint lock before doing anything which
means adding to sndQueue is pointless as we move it to writeList immediately
after that in endpoint.Write() by calling e.drainSendQueue.
PiperOrigin-RevId: 381523177
|
|
PiperOrigin-RevId: 381515399
|
|
PiperOrigin-RevId: 381508674
|
|
...instead of calculating a fresh checksum to avoid re-calcalculating
a checksum on unchanged bytes.
Fixes #5340.
PiperOrigin-RevId: 381403888
|
|
This change prepares for a later change which supports the NDP
Route Information option to discover more-specific routes, as
per RFC 4191.
The newly introduced off-link route state will be used to hold
both the state for default routers (which is a default (off-link)
route through the router, and more-specific routes (which are
routes through some router to some destination subnet more specific
than the IPv6 empty subnet).
Updates #6172.
PiperOrigin-RevId: 381403761
|
|
PiperOrigin-RevId: 381375705
|
|
This creates new user and network namespaces for all tests in
`:socket_inet_loopback_isolated_test_linux`.
PiperOrigin-RevId: 381374120
|
|
- These metrics are replaced with WeirdnessMetric with fields
watchdog_stuck_startup and watchdog_stuck_tasks.
PiperOrigin-RevId: 381365617
|
|
A caller of CreateProcessGroup looks up a thread group without locks, so
the target process can exit before CreateProcessGroup will be called.
Reported-by: syzbot+6abb7c34663dacbd55a8@syzkaller.appspotmail.com
PiperOrigin-RevId: 381351069
|
|
puppetlabs:fix-shim-pid-leaking-on-stopped-processes
PiperOrigin-RevId: 381341920
|
|
PiperOrigin-RevId: 381145216
|
|
PiperOrigin-RevId: 381100861
|
|
Compare
if (!thread_group_leader(tracee))
tracee = rcu_dereference(tracee->group_leader);
in security/yama/yama_lsm.c:ptracer_exception_found().
PiperOrigin-RevId: 381074242
|
|
While #6204 addressed the stopped state for handling signals in the main
process, it did not update exec processes in the same way. This change
mirrors that adjustment for exec processes.
|
|
This change wraps containerd's errdefs.ToGRPC function with one that
understands Go 1.13-style error wrapping style, which is used
pervasively throughout the shim. With this change, errors that have been
marked with, e.g., `errdefs.ErrNotFound`, will be correctly propagated
back to the containerd server.
|
|
PiperOrigin-RevId: 380967023
|
|
There are unnecessarily short timeouts in several places.
Note: a later change will switch tcp_test to fake clocks intead of the built-in
`time` package.
PiperOrigin-RevId: 380935400
|
|
This allows these tests, which can cause flakiness when run in the same network
namespace as the other `socket_inet_loopback` tests, to run as separate tests
in their own environment. It also means that all of the shards of those tests
can be more isolated from each other as well.
PiperOrigin-RevId: 380930198
|
|
Add Equals method to compare syserror and unix.Errno errors to linuxerr errors.
This will facilitate removal of syserror definitions in a followup, and
finding needed conversions from unix.Errno to linuxerr.
PiperOrigin-RevId: 380909667
|
|
PiperOrigin-RevId: 380904249
|
|
These aren't useful and create opportunities for flakes.
PiperOrigin-RevId: 380889223
|
|
The typical sequence of calls to start a container looks like this
ct, err := container.New(conf, containerArgs)
defer ct.Destroy()
ct.Start(conf)
ws, err := ct.Wait()
For the root container, ct.Destroy() kills the sandbox process. This
doesn't look like a right wait to stop it. For example, all ongoing rpc
calls are aborted in this case. If everything is going alright, we can
just wait and it will exit itself.
Reported-by: syzbot+084fca334720887441e7@syzkaller.appspotmail.com
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
Fixes #2726
PiperOrigin-RevId: 380753516
|
|
tcpdump is largely supported. We've also chose not to implement writeable
AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333).
Fixes #173.
PiperOrigin-RevId: 380733686
|
|
Getting state of a stopped container would fail and could lead containerd
to not detecting that the container had actually stopped. Now stopped and
deleted containers return `stopped` state.
Also makes other messages more consistent when container is stopped. Some
where still sending messages to runsc and failing in different ways. Now
they go through `initState` state machine like the other messages.
There are a few changes to improve debugability with it as well.
Fixes #5861
PiperOrigin-RevId: 380698513
|
|
Updates #5940.
PiperOrigin-RevId: 380668609
|
|
It was possible for a SYN to arrive after the endpoint sent an ACK as part of
the transition to TIME-WAIT, but before returning from handleSegmentsLocked().
This caused the SYN to be dequeued and ACK'd despite the change in
EndpointState.
Deflakes TestTCPTimeWaitNewSyn.
Tested with:
blaze test --config=gotsan --runs_per_test 10000 \
//third_party/gvisor/pkg/tcpip/transport/tcp:tcp_x_test -j 2000 \
// --test_filter TestTCPTimeWaitNewSyn
PiperOrigin-RevId: 380639808
|
|
PiperOrigin-RevId: 380636877
|
|
epsByNIC.registerEndpoint can add a multiportEndpoint to its map of
nic->multiportEndpoint even if multiport.Endpoint.singleRegisterEndpoint
failed. Same for transportDemuxer.singleRegisterEndpoint which ends up adding an
entry to nic->epsByNIC even if epsByNIC.registerEndpoint fails.
These breaks an invariant which the code assumes that a
multiportEndpoint/endpointsByNIC always have at least one valid entry.
PiperOrigin-RevId: 380310115
|
|
RFC 4191 supports the notion of a preference value for default routers
and more-specific routes, so update the OffLinkRouteUpdate event to
include this preference value so integrators may prioritize routes
based on a route's advertised preference value.
Note, more-specific route discovery is not supported yet, but will be in
a later change.
Updates #6172.
Test: ndp_test.TestRouterDiscovery
PiperOrigin-RevId: 380243716
|
|
Change the p9 server to use *errors.Error defined in pkg linuxerr. Done
separate from the client so that we ensure different p9 server/client versions
work with each other.
PiperOrigin-RevId: 380084491
|
