Age | Commit message (Collapse) | Author |
|
|
|
Implement a new runsc command to set up a sandbox with verityfs and
run the measure tool. This is loosely forked from the do command, and
currently requires the caller to provide the measure tool binary.
PiperOrigin-RevId: 366553769
|
|
|
|
PiperOrigin-RevId: 366470480
|
|
|
|
PiperOrigin-RevId: 366462448
|
|
|
|
|
|
PiperOrigin-RevId: 366344805
|
|
PiperOrigin-RevId: 366344222
|
|
|
|
PiperOrigin-RevId: 366292533
|
|
|
|
VFS1 skips over mounts that overrides files in /dev because the list of
files is hardcoded. This is not needed for VFS2 and a recent change
lifted this restriction. However, parts of the code were still skipping
/dev mounts even in VFS2, causing the loader to panic when it ran short
of FDs to connect to the gofer.
PiperOrigin-RevId: 365858436
|
|
|
|
Split usermem package to help remove syserror dependency in go_marshal.
New hostarch package contains code not dependent on syserror.
PiperOrigin-RevId: 365651233
|
|
|
|
PiperOrigin-RevId: 365613394
|
|
lookupOrCreate is called from subprocess.switchToApp() and subprocess.syscall().
lookupOrCreate() looks for a thread already created for the current TID. If a
thread exists (common case), it returns immediately. Otherwise it creates a new
one.
This change switches to using a sync.RWMutex. The initial thread existence
lookup is now done only with the read lock. So multiple successful lookups can
occur concurrently. Only when a new thread is created will it acquire the lock
for writing and update the map (which is not the common case).
Discovered in mutex profiles from the various ptrace benchmarks.
Example: https://gvisor.dev/profile/gvisor-buildkite/fd14bfad-b30f-44dc-859b-80ebac50beb4/843827db-da50-4dc9-a2ea-ecf734dde2d5/tmp/profile/ptrace/BenchmarkFio/operation.write/blockSize.4K/filesystem.tmpfs/benchmarks/fio/mutex.pprof/flamegraph
PiperOrigin-RevId: 365612094
|
|
|
|
Before this change:
```
$ docker run --runtime=runsc --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024
#1: read(128) = 128
#2: read(1024) = EOF
$ docker run --runtime=runsc-vfs2 --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024
#1: read(128) = 128
#2: read(1024) = 256
```
After this change:
```
$ docker run --runtime=runsc --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024
#1: read(128) = 128
#2: read(1024) = 256
$ docker run --runtime=runsc-vfs2 --rm -it -v ~/tmp:/hosttmp ubuntu:focal /hosttmp/issue5732 --bytes1=128 --bytes2=1024
#1: read(128) = 128
#2: read(1024) = 256
```
Fixes #5732
PiperOrigin-RevId: 365178386
|
|
|
|
This is necessary since ptraceClone() mutates tracer.ptraceTracees.
PiperOrigin-RevId: 365152396
|
|
|
|
PiperOrigin-RevId: 365092320
|
|
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
|
|
PiperOrigin-RevId: 364931406
|
|
Highlighting previously highlighted multiple items in the sidebar if the had
the same page name (not full url). This change simplifies this by adding the
highlight class in the jekyll template rather than javascript, and highlights
only the correct page.
PiperOrigin-RevId: 364931350
|
|
|
|
On Linux these are meant to be equivalent to POLLIN/POLLOUT. Rather
than hack these on in sys_poll etc it felt cleaner to just cleanup
the call sites to notify for both events. This is what linux does
as well.
Fixes #5544
PiperOrigin-RevId: 364859977
|
|
PiperOrigin-RevId: 364859173
|
|
|
|
This change sets the inner `routeInfo` struct to be a named private member
and replaces direct access with access through getters. Note that direct
access to the fields of `routeInfo` is still possible through the `RouteInfo`
struct.
Fixes #4902
PiperOrigin-RevId: 364822872
|
|
|
|
PiperOrigin-RevId: 364728696
|
|
|
|
This change is inspired by Adin's cl/355256448.
PiperOrigin-RevId: 364695931
|
|
|
|
--file-access-mounts flag is similar to --file-access, but controls
non-root mounts that were previously mounted in shared mode only.
This gives more flexibility to control how mounts are shared within
a container.
PiperOrigin-RevId: 364669882
|
|
|
|
Also adds support for clearing the setuid bit when appropriate (writing,
truncating, changing size, changing UID, or changing GID).
VFS2 only.
PiperOrigin-RevId: 364661835
|
|
|
|
Stateify methods are always called without holding the appropriate
locks. The system is paused and we know there will be no mutations
when we call Save/Load, so this is perfectly safe. However, checklocks
can't know about this, and it will always complain.
Mark stateify generated methods that touch struct fields as
"checklocksignore" to avoid this.
PiperOrigin-RevId: 364610241
|
|
|
|
|
|
These host calls are needed for Verity fs to generate/verify hashes.
PiperOrigin-RevId: 364598180
|
|
PiperOrigin-RevId: 364596526
|
|
|