summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-11-03Merge release-20211026.0-31-g5185548e1 (automated)gVisor bot
2021-11-03Merge pull request #6499 from dqminh:cgroup-interfacegVisor bot
PiperOrigin-RevId: 407392578
2021-11-03Merge release-20211026.0-29-g7551b0590 (automated)gVisor bot
2021-11-02Minor checklocks improvements.Adin Scannell
* Support sync.Locker. * Prevent runaway recursion when locks are acquired in a loop. * Allowing ignoring of anonymous functions (inherited from parent function). * Add support for aliases. PiperOrigin-RevId: 407221521
2021-11-02Merge release-20211026.0-28-ga8eb1895b (automated)gVisor bot
2021-11-02Merge pull request #6805 from bradfitz:bradfitz/mipslegVisor bot
PiperOrigin-RevId: 407188968
2021-11-02Merge release-20211026.0-26-g88cf2e93e (automated)gVisor bot
2021-11-02Extract tcb & lastUsed to its own lockGhanan Gowripalan
These fields do not need to synchronize reads/writes with the rest of the connection. PiperOrigin-RevId: 407183693
2021-11-02Merge release-20211026.0-25-g3141bf7a2 (automated)gVisor bot
2021-11-02Merge pull request #6803 from pkit:pkit/copy_arpgVisor bot
PiperOrigin-RevId: 407177936
2021-11-02Merge release-20211026.0-23-gea792cb3e (automated)gVisor bot
2021-11-02Properly reap NATed connectionsGhanan Gowripalan
This change fixes a bug when reaping tuples of NAT-ed connections. Previously when reaping a tuple, the other direction's tuple ID was calculated by taking the reaping tuple's ID and inverting it. This works when a connection is not NATed but doesn't work when NAT is performed as the other direction's tuple may use different addresses. PiperOrigin-RevId: 407160930
2021-11-02Merge release-20211026.0-22-g1e1d6b2be (automated)gVisor bot
2021-11-02Allow SetAttr and Allocate for deleted filesFabricio Voznika
It's safe to call SetAttr and Allocate on fsgofer because the file path is not used to open the file, if needed. Fixes #3654 PiperOrigin-RevId: 407149393
2021-11-02copy PERM ARP entries from namespace on bootConstantine Peresypkin
copy and setup PERMANENT (static) ARP entries from CNI namespace to the sandbox Fixes #3301
2021-11-02Merge release-20211026.0-21-g42a08f036 (automated)gVisor bot
2021-11-01Allow partial packets in ICMP errors when NATingGhanan Gowripalan
An ICMP error may not hold the full packet that triggered the ICMP response. As long as the IP header and the transport header is parsable, we should be able to successfully NAT as that is all that we need to identify the connection. PiperOrigin-RevId: 406966048
2021-11-01Merge release-20211026.0-20-g58017e655 (automated)gVisor bot
2021-11-01Handle UMOUNT_NOFOLLOW in VFS2 umount(2).Ayush Ranjan
Reported-by: syzbot+f9ecb181a4b3abdde9b9@syzkaller.appspotmail.com Reported-by: syzbot+8c5cb9d7a044a91a513b@syzkaller.appspotmail.com PiperOrigin-RevId: 406951359
2021-11-01Merge release-20211026.0-19-g9776edb3f (automated)gVisor bot
2021-11-01Move ThreadGroupIDFromContext to kernel/auth.Adin Scannell
This function doesn't belong in the global context package. Move to a more suitable package to break the dependency cycle. PiperOrigin-RevId: 406942122
2021-11-01Merge release-20211026.0-18-gdf6043afa (automated)gVisor bot
2021-11-01Merge pull request #6802 from ajilal95:patch-1gVisor bot
PiperOrigin-RevId: 406938082
2021-11-01pkg/atomicbitops: support 32-bit GOARCH value "mipsle"Brad Fitzpatrick
mips was supported, but mipsle had been forgotten. Fixes google/gvisor#6804
2021-11-01Add common Cgroup interfaceAndrei Vagin
This is part of cgroupv2 patch set. Here we add a Cgroup interface that both v1 and v2 need to conform to, and port cgroupv1 to use that first. Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2021-10-31Update REDME.mdAjilal
Grammar correction.
2021-10-29Merge release-20211019.0-53-gb822923b7 (automated)gVisor bot
2021-10-29[syserr] Covert all linuxerr returns to error type.Zach Koopmans
Change the linuxerr.ErrorFromErrno to return an error type and not a *errors.Error type. The latter results in problems comparing to nil as <nil><nil> != <nil><*errors.Error>. In a follow up, there will be a change to remove *errors.Error.Errno(), which will also encourage users to not use Errnos to reference linuxerr. PiperOrigin-RevId: 406444419
2021-10-29Merge release-20211019.0-52-g1953d2ad2 (automated)gVisor bot
2021-10-28NAT ICMPv6 errorsGhanan Gowripalan
...so a NAT-ed connection's socket can handle ICMP errors. Updates #5916. PiperOrigin-RevId: 406270868
2021-10-29Merge release-20211019.0-51-gca55c18a3 (automated)gVisor bot
2021-10-28Use Task blocking timer for nanosleep(2).Jamie Liu
kernel/time.Timer allocation is expensive and not sync.Poolable (since time.Timer only supports notification through a channel, requiring a goroutine to receive from the channel, and sync.Pool doesn't invoke any kind of cleanup on discarded items in the pool so it would leak timer goroutines). Using the existing Task.blockingTimer for nanosleep(), and applicable cases in clock_nanosleep(), at least avoids Timer allocation in common cases. PiperOrigin-RevId: 406248394
2021-10-28Merge release-20211019.0-50-gd350c95b0 (automated)gVisor bot
2021-10-27Replace bespoke WaitGroupErr with errgroupTamir Duberstein
PiperOrigin-RevId: 406027220
2021-10-28Merge release-20211019.0-49-g6078d2658 (automated)gVisor bot
2021-10-27Sychronize access to cpuset controller bitmaps.Rahat Mahmood
Reported-by: syzbot+39d434b96cf7c29a66ad@syzkaller.appspotmail.com Reported-by: syzbot+7c38bce6353d91facca3@syzkaller.appspotmail.com PiperOrigin-RevId: 406024052
2021-10-28Merge release-20211019.0-48-g8acc3a9bb (automated)gVisor bot
2021-10-27Reduce eventFD notifications on transmit.Bhasker Hariharan
When transmitting packets we only need to notify if the peer is not already processing packets. sharedData region is used to enable/disable notifications and the peer will disable notifications when its actively processing packets and enable notifications just before it goes to sleep waiting on packets. This allows more efficient transmit as the sharedmem endpoint does not need to notify on eventFD and incur an expensive host systemcall when the peer is already awake. PiperOrigin-RevId: 406018843
2021-10-27Merge release-20211019.0-47-g9541a5842 (automated)gVisor bot
2021-10-27rename tcp_conntrack inbound/outbound to reply/originalKevin Krakauer
Connection tracking is agnostic to whether the packet is inbound or outbound. It cares who initiated the connection. The naming can get confusing as conntrack can track connections originating from any host. Part of resolving #6736. PiperOrigin-RevId: 405997540
2021-10-27Merge release-20211019.0-46-g3015c0ac6 (automated)gVisor bot
2021-10-27NAT ICMPv4 errorsGhanan Gowripalan
...so a NAT-ed connection's socket can handle ICMP errors. Updates #5916. PiperOrigin-RevId: 405970089
2021-10-27Merge release-20211019.0-45-g22a6a3707 (automated)gVisor bot
2021-10-27Record counts of packets with unknown L3/L4 numbersNick Brown
Previously, we recorded a single aggregated count. These per-protocol counts can help us debug field issues when frames are dropped for this reason. PiperOrigin-RevId: 405913911
2021-10-27Merge release-20211019.0-44-g7b8f19dc7 (automated)gVisor bot
2021-10-26Simplify vfs.NewDisconnectedMount signature and callpoints.Ayush Ranjan
vfs.NewDisconnectedMount has no error paths. Its much prettier without the error return value. Also simplify MountDisconnected which would immediately drop the refs taken by NewDisconnectedMount. Instead make it directly call newMount. PiperOrigin-RevId: 405767966
2021-10-26Merge release-20211019.0-43-gf54a25c1f (automated)gVisor bot
2021-10-26Validate an icmp header before accessing itAndrei Vagin
A header can't be smaller than header.ICMPv4MinimumSize. Reported-by: syzbot+57b68b14b4f6a58bf985@syzkaller.appspotmail.com PiperOrigin-RevId: 405748438
2021-10-26Merge release-20211019.0-42-g722d7ca74 (automated)gVisor bot
2021-10-26platform/kvm: map vdso and vvar into a guest address spaceAndrei Vagin
Right now, each vdso call triggers vmexit. VDSO and VVAR pages are mapped with VM_IO and get_user_pages fails for such vma-s. KVM was not able to handle this case up to the v4.8 kernel. This problem was fixed by add6a0cd1c5ba ("KVM: MMU: try to fix up page faults before giving up"). For some unknown reasons, it still doesn't work in case of nested virtualization. Before: BenchmarkKernelVDSO-6 252519 4598 ns/op After: BenchmarkKernelVDSO-6 34431957 34.91 ns/op PiperOrigin-RevId: 405715941