summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-04-03Merge release-20210322.0-36-g491b106d6 (automated)gVisor bot
2021-04-02Implement the runsc verity-prepare command.Rahat Mahmood
Implement a new runsc command to set up a sandbox with verityfs and run the measure tool. This is loosely forked from the do command, and currently requires the caller to provide the measure tool binary. PiperOrigin-RevId: 366553769
2021-04-02Merge release-20210322.0-35-g1b53550e5 (automated)gVisor bot
2021-04-02Add vfs1 to go/runsc-benchmarksZach Koopmans
PiperOrigin-RevId: 366470480
2021-04-02Merge release-20210322.0-34-gcc762235c (automated)gVisor bot
2021-04-02Internal change.gVisor bot
PiperOrigin-RevId: 366462448
2021-04-01Merge release-20210322.0-33-gb2ea37401 (automated)gVisor bot
2021-04-01Merge release-20210322.0-32-g513de4039 (automated)gVisor bot
2021-04-01Internal changesBhasker Hariharan
PiperOrigin-RevId: 366344805
2021-04-01Remove invalid dependency.Adin Scannell
PiperOrigin-RevId: 366344222
2021-04-01Merge release-20210322.0-31-g6c10c772e (automated)gVisor bot
2021-04-01Internal change.gVisor bot
PiperOrigin-RevId: 366292533
2021-03-30Merge release-20210322.0-30-g71f3dccbb (automated)gVisor bot
2021-03-30Fix panic when overriding /dev files with VFS2Fabricio Voznika
VFS1 skips over mounts that overrides files in /dev because the list of files is hardcoded. This is not needed for VFS2 and a recent change lifted this restriction. However, parts of the code were still skipping /dev mounts even in VFS2, causing the loader to panic when it ran short of FDs to connect to the gofer. PiperOrigin-RevId: 365858436
2021-03-29Merge release-20210322.0-29-g8a2f7e716 (automated)gVisor bot
2021-03-29[syserror] Split usermem packageZach Koopmans
Split usermem package to help remove syserror dependency in go_marshal. New hostarch package contains code not dependent on syserror. PiperOrigin-RevId: 365651233
2021-03-29Merge release-20210322.0-28-gb125afba4 (automated)gVisor bot
2021-03-29Merge pull request #5728 from zhlhahaha:2091gVisor bot
PiperOrigin-RevId: 365613394
2021-03-29[perf] Reduce contention in ptrace.threadPool.lookupOrCreate().Ayush Ranjan
lookupOrCreate is called from subprocess.switchToApp() and subprocess.syscall(). lookupOrCreate() looks for a thread already created for the current TID. If a thread exists (common case), it returns immediately. Otherwise it creates a new one. This change switches to using a sync.RWMutex. The initial thread existence lookup is now done only with the read lock. So multiple successful lookups can occur concurrently. Only when a new thread is created will it acquire the lock for writing and update the map (which is not the common case). Discovered in mutex profiles from the various ptrace benchmarks. Example: https://gvisor.dev/profile/gvisor-buildkite/fd14bfad-b30f-44dc-859b-80ebac50beb4/843827db-da50-4dc9-a2ea-ecf734dde2d5/tmp/profile/ptrace/BenchmarkFio/operation.write/blockSize.4K/filesystem.tmpfs/benchmarks/fio/mutex.pprof/flamegraph PiperOrigin-RevId: 365612094
2021-03-26Merge release-20210315.0-28-gfbec65fc3 (automated)gVisor bot
2021-03-25Use seqfile.SeqHandles correctly in VFS1 /proc/net/.Jamie Liu
Before this change: ``` $ docker run --runtime=runsc --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = EOF $ docker run --runtime=runsc-vfs2 --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = 256 ``` After this change: ``` $ docker run --runtime=runsc --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = 256 $ docker run --runtime=runsc-vfs2 --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024 #1: read(128) = 128 #2: read(1024) = 256 ``` Fixes #5732 PiperOrigin-RevId: 365178386
2021-03-25Merge release-20210315.0-27-g79bc446fa (automated)gVisor bot
2021-03-25Lock TaskSet mutex for writing in ptraceClone().Jamie Liu
This is necessary since ptraceClone() mutates tracer.ptraceTracees. PiperOrigin-RevId: 365152396
2021-03-25Merge release-20210315.0-26-g6b085ba47 (automated)gVisor bot
2021-03-25setgid: skip tests when we can't find usable GIDsKevin Krakauer
PiperOrigin-RevId: 365092320
2021-03-25Fix comments errorHoward Zhang
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2021-03-25Fix nogo test errorHoward Zhang
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2021-03-25Merge release-20210315.0-25-gc27fac421 (automated)gVisor bot
2021-03-24Fix path to runsc in CNI tutorial.Ian Lewis
PiperOrigin-RevId: 364931406
2021-03-24Fix highlighting sidebar menu on the websiteIan Lewis
Highlighting previously highlighted multiple items in the sidebar if the had the same page name (not full url). This change simplifies this by adding the highlight class in the jekyll template rather than javascript, and highlights only the correct page. PiperOrigin-RevId: 364931350
2021-03-24Merge release-20210315.0-23-ge7ca2a51a (automated)gVisor bot
2021-03-24Add POLLRDNORM/POLLWRNORM support.Bhasker Hariharan
On Linux these are meant to be equivalent to POLLIN/POLLOUT. Rather than hack these on in sys_poll etc it felt cleaner to just cleanup the call sites to notify for both events. This is what linux does as well. Fixes #5544 PiperOrigin-RevId: 364859977
2021-03-24Fix data race in fdbased when accessing fanoutID.Bhasker Hariharan
PiperOrigin-RevId: 364859173
2021-03-24Merge release-20210315.0-21-gec0aa657e (automated)gVisor bot
2021-03-24Unexpose immutable fields in stack.RouteNick Brown
This change sets the inner `routeInfo` struct to be a named private member and replaces direct access with access through getters. Note that direct access to the fields of `routeInfo` is still possible through the `RouteInfo` struct. Fixes #4902 PiperOrigin-RevId: 364822872
2021-03-24Merge release-20210315.0-20-g8ee4a3f6d (automated)gVisor bot
2021-03-23Merge pull request #5677 from avagin:kvm-mmiogVisor bot
PiperOrigin-RevId: 364728696
2021-03-24Merge release-20210315.0-18-g56a9a1397 (automated)gVisor bot
2021-03-23Move the code that manages floating-point state to a separate packageAndrei Vagin
This change is inspired by Adin's cl/355256448. PiperOrigin-RevId: 364695931
2021-03-23Merge release-20210315.0-17-g960155cda (automated)gVisor bot
2021-03-23Add --file-access-mounts flagFabricio Voznika
--file-access-mounts flag is similar to --file-access, but controls non-root mounts that were previously mounted in shared mode only. This gives more flexibility to control how mounts are shared within a container. PiperOrigin-RevId: 364669882
2021-03-23Merge release-20210315.0-16-g92374e519 (automated)gVisor bot
2021-03-23setgid directory support in goferfsKevin Krakauer
Also adds support for clearing the setuid bit when appropriate (writing, truncating, changing size, changing UID, or changing GID). VFS2 only. PiperOrigin-RevId: 364661835
2021-03-23Merge release-20210315.0-15-gacb4c6288 (automated)gVisor bot
2021-03-23Skip checklocks analysis for stateify generated code.Rahat Mahmood
Stateify methods are always called without holding the appropriate locks. The system is paused and we know there will be no mutations when we call Save/Load, so this is perfectly safe. However, checklocks can't know about this, and it will always complain. Mark stateify generated methods that touch struct fields as "checklocksignore" to avoid this. PiperOrigin-RevId: 364610241
2021-03-23Merge release-20210315.0-14-gbeb11cec7 (automated)gVisor bot
2021-03-23Merge release-20210315.0-13-gdc75f08c2 (automated)gVisor bot
2021-03-23Allow FSETXATTR/FGETXATTR host calls for VerityChong Cai
These host calls are needed for Verity fs to generate/verify hashes. PiperOrigin-RevId: 364598180
2021-03-23Use constant (TestInitialSequenceNumber) instead of integer (789) in tests.Nayana Bidari
PiperOrigin-RevId: 364596526
2021-03-23Merge release-20210315.0-12-g98f378d9e (automated)gVisor bot