summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-04-19Merge release-20210412.0-34-g20b1c3c63 (automated)gVisor bot
2021-04-19Move runsc reference leak checking to better locations.Dean Deng
In the previous spot, there was a roughly 50% chance that leak checking would actually run. Move it to the waitContainer() call on the root container, where it is guaranteed to run before the sandbox process is terminated. Add it to runsc/cli/main.go as well for good measure, in case the sandbox exit path does not involve waitContainer(). PiperOrigin-RevId: 369329796
2021-04-19De-duplicate TCP state in TCPEndpointState vs tcp.endpointNick Brown
This change replaces individual private members in tcp.endpoint with a single private TCPEndpointState member. Some internal substructures within endpoint (receiver, sender) have been broken into a public substructure (which is then copied into the TCPEndpointState returned from completeState()) alongside other private fields. Fixes #4466 PiperOrigin-RevId: 369329514
2021-04-19Merge release-20210412.0-32-g276ff149a (automated)gVisor bot
2021-04-19Add MultiGetAttr message to 9PFabricio Voznika
While using remote-validation, the vast majority of time spent during FS operations is re-walking the path to check for modifications and then closing the file given that in most cases it has not been modified externally. This change introduces a new 9P message called MultiGetAttr which bulks query attributes of several files in one shot. The returned attributes are then used to update cached dentries before they are walked. File attributes are updated for files that still exist. Dentries that have been deleted are removed from the cache. And negative cache entries are removed if a new file/directory was created externally. Similarly, synthetic dentries are replaced if a file/directory is created externally. The bulk update needs to be carefull not to follow symlinks, cross mount points, because the gofer doesn't know how to resolve symlinks and where mounts points are located. It also doesn't walk to the parent ("..") to avoid deadlocks. Here are the results: Workload VFS1 VFS2 Change bazel action 115s 70s 28.8s Stat/100 11,043us 7,623us 974us Updates #1638 PiperOrigin-RevId: 369325957
2021-04-19Merge release-20210412.0-31-g8ad6657a2 (automated)gVisor bot
2021-04-19Fix TCP RACK flaky unit tests.Nayana Bidari
- Added delay to increase the RTT: In DSACK tests with RACK enabled and low RTT, TLP can be detected before sending ACK and the tests flake. Increasing the RTT will ensure that TLP does not happen before the ACK is sent. - Fix TestRACKOnePacketTailLoss: The ACK does not contain DSACK, which means either the original or retransmission (probe) was lost and SACKRecovery count must be incremented. Before: http://sponge2/c9bd51de-f72f-481c-a7f3-e782e7524883 After: http://sponge2/1307a796-103a-4a45-b699-e8d239220ed1 PiperOrigin-RevId: 369305720
2021-04-19Merge release-20210412.0-30-gb0333d33a (automated)gVisor bot
2021-04-19Optimize safemem.ZeroAndrei Vagin
There is a loop that fills a byte array with zero-s. Let's use copy() instead of setting elements one by one. The new implementation is two time faster than the previous one and it is more than 10x faster with the race detector. Reported-by: syzbot+5f57d988a5f929af5a91@syzkaller.appspotmail.com PiperOrigin-RevId: 369283919
2021-04-17Merge release-20210408.0-48-g9b4cc3d43 (automated)gVisor bot
2021-04-17Avoid ignoring incoming packet by demuxer on endpoint lookup failureMithun Iyer
This fixes a race that occurs while the endpoint is being unregistered and the transport demuxer attempts to match the incoming packet to any endpoint. The race specifically occurs when the unregistration (and deletion of the endpoint) occurs, after a successful endpointsByNIC lookup and before the endpoints map is further looked up with ingress NICID of the packet. The fix is to notify the caller of lookup-with-NICID failure, so that the logic falls through to handling unknown destination packets. For TCP this can mean replying back with RST. The syscall test in this CL catches this race as the ACK completing the handshake could get silently dropped on a listener close, causing no RST sent to the peer and timing out the poll waiting for POLLHUP. Fixes #5850 PiperOrigin-RevId: 369023779
2021-04-17Merge release-20210408.0-47-g3b685753b (automated)gVisor bot
2021-04-16[perf] Reduce contention due to renameMu in gofer client.Ayush Ranjan
Runsc build benchmark's mutex profile shows that we are wasting roughly 25-30 seconds waiting for filesystem.renameMu to get unlocked. Earlier checkCachingLocked required the renameMu to be locked for writing. This is a filesystem wide lock which puts all other filesystem operations on hold and hence is really expensive. Something to note is that all path resolution operations hold renameMu for reading. With this change, we allow to check for caching without even holding renameMu. This change introduces more fine grained locks (fs.cacheMu and dentry.cachingMu) which protect the cache (removing the requirement to hold renameMu for writing to modify the cache) and synchronize concurrent dentry caching attempts on a per dentry basis. We still require to hold renameMu for writing while destroying dentries and evicting from the cache but this still significantly reduces the write locking critical section. Local benchmarking showed that this improved runsc build benchmark time by 4-5%. Across 6 runs, without this change it took 310.9025 seconds to build runsc while with this change it took 296.127 seconds. Runsc build benchmark's mutex profile: https://gvisor.dev/profile/gvisor-buildkite/78a3f968-36ca-4944-93f7-77a8792d56b4/28a1d260-790b-4a9e-94da-a4daede08ee3/tmp/profile/ptrace/BenchmarkBuildRunsc/page_cache.clean/filesystem.bindfs/benchmarks/runsc/mutex.pprof/flamegraph PiperOrigin-RevId: 368958136
2021-04-17Merge release-20210408.0-46-g0c3e8daf5 (automated)gVisor bot
2021-04-16Allow runsc to generate coverage reports.Dean Deng
Add a coverage-report flag that will cause the sandbox to generate a coverage report (with suffix .cov) in the debug log directory upon exiting. For the report to be generated, runsc must have been built with the following Bazel flags: `--collect_code_coverage --instrumentation_filter=...`. With coverage reports, we should be able to aggregate results across all tests to surface code coverage statistics for the project as a whole. The report is simply a text file with each line representing a covered block as `file:start_line.start_col,end_line.end_col`. Note that this is similar to the format of coverage reports generated with `go test -coverprofile`, although we omit the count and number of statements, which are not useful for us. Some simple ways of getting coverage reports: bazel test <some_test> --collect_code_coverage \ --instrumentation_filter=//pkg/... bazel build //runsc --collect_code_coverage \ --instrumentation_filter=//pkg/... runsc -coverage-report=dir/ <other_flags> do ... PiperOrigin-RevId: 368952911
2021-04-16[lisa] Make go_marshal pass correctly sized buffers to safecopy.Ayush Ranjan
gohacks.Memmove() takes in the number of bytes to move. The current generated code passes len(src) and len(dst) as the number of bytes to move. However, the marshal.Marshallable interface allows passing in larger buffers. The stated precondition is that the buffer should be "at least" SizeBytes() in length but it is allowed to be larger. This change now correctly calls Memmove with the argument for the number of bytes to move as type.SizeBytes(). This was caught when I made lisafs use the Unsafe marshalling API and got a lot of memory violations. PiperOrigin-RevId: 368952642
2021-04-16Merge release-20210408.0-44-g32c18f443 (automated)gVisor bot
2021-04-16Enlarge port range and fix integer overflowKevin Krakauer
Also count failed TCP port allocations PiperOrigin-RevId: 368939619
2021-04-16Merge release-20210408.0-43-g6241f89f4 (automated)gVisor bot
2021-04-16Include logs for packetimpact tests that are expected to failZeling Feng
PiperOrigin-RevId: 368938936
2021-04-16Merge release-20210408.0-42-g81ff6bd92 (automated)gVisor bot
2021-04-16Use size_t instead of C integer types.Dean Deng
PiperOrigin-RevId: 368919557
2021-04-16Merge release-20210408.0-41-g025cff180 (automated)gVisor bot
2021-04-16Internal changeZach Koopmans
PiperOrigin-RevId: 368919504
2021-04-16Merge release-20210408.0-40-g064a849f3 (automated)gVisor bot
2021-04-16[op] Split nogo target out of unit tests.Ayush Ranjan
Building nogo targets takes a very long time. This change extracts it into its own BuildKite job. This change also additionally speeds up other targets that were using the bazel flag --test_tag_filters. Without --build_tag_filters, the filter is not applied while building the specified targets and so we might end up building targets that are not actually tested. PiperOrigin-RevId: 368918211
2021-04-16Merge release-20210408.0-39-gc980fe573 (automated)gVisor bot
2021-04-15Add verity ioctl test for mount with root hashChong Cai
PiperOrigin-RevId: 368779532
2021-04-16Merge release-20210408.0-38-g14b7d775c (automated)gVisor bot
2021-04-15Add field support to the sentry metrics.Nayana Bidari
Fields allow counter metrics to have multiple tabular values. At most one field is supported at the moment. PiperOrigin-RevId: 368767040
2021-04-16Merge release-20210408.0-37-g82dc881db (automated)gVisor bot
2021-04-15Disable failing socket_ipv4_udp_unbound_loopback_test_linux tests.Dean Deng
PiperOrigin-RevId: 368749894
2021-04-16Merge release-20210408.0-36-g19dfc4f7a (automated)gVisor bot
2021-04-15Reduce tcp_x_test runtime and memory usageKevin Krakauer
Reduce the ephemeral port range, which decreases the calls to makeEP. PiperOrigin-RevId: 368748379
2021-04-16Merge release-20210408.0-35-g2e5022974 (automated)gVisor bot
2021-04-15Add S/R logic for host.ConnectedEndpointFabricio Voznika
Otherwise ConnectedEndpoint.sndbuf will be restored as 0 and writes to the socket will fail with EAGAIN. PiperOrigin-RevId: 368746660
2021-04-15Merge release-20210408.0-34-gb5919d306 (automated)gVisor bot
2021-04-15Generate notification when closing host fd.Dean Deng
Thanks ianlewis@ for discovering the bug/fix! PiperOrigin-RevId: 368740744
2021-04-15Merge release-20210408.0-33-g10de8978f (automated)gVisor bot
2021-04-15Use nicer formatting for IP addresses in testsKevin Krakauer
This was semi-automated -- there are many addresses that were not replaced. Future commits should clean those up. Parse4 and Parse6 were given their own package because //pkg/test can introduce dependency cycles, as it depends transitively on //pkg/tcpip and some other netstack packages. PiperOrigin-RevId: 368726528
2021-04-14Merge release-20210408.0-32-g108410638 (automated)gVisor bot
2021-04-14Use assembly stub to take the address of assembly functionsMichael Pratt
Go 1.17 is adding a new register-based calling convention [1] ("ABIInternal"), which used is when calling between Go functions. Assembly functions are still written using the old ABI ("ABI0"). That is, they still accept arguments on the stack, and pass arguments to other functions on the stack. The call rules look approximately like this: 1. Direct call from Go function to Go function: compiler emits direct ABIInternal call. 2. Indirect call from Go function to Go function: compiler emits indirect ABIInternal call. 3. Direct call from Go function to assembly function: compiler emits direct ABI0 call. 4. Indirect call from Go function to assembly function: compiler emits indirect ABIInternal call to ABI conversion wrapper function. 5. Direct or indirect call from assembly function to assembly function: assembly/linker emits call to original ABI0 function. 6. Direct or indirect call from assembly function to Go function: assembly/linker emits ABI0 call to ABI conversion wrapper function. Case 4 is the interesting one here. Since the compiler can't know the ABI of an indirect call, all indirect calls are made with ABIInternal. In order to support indirect ABI0 assembly function calls, a wrapper is generated that translates ABIInternal arguments to ABI0 arguments, calls the target function, and then converts results back. When the address of an ABI0 function is taken from Go code, it evaluates to the address of this wrapper function rather than the target function so that later indirect calls will work as expected. This is normally fine, but gVisor does more than just call some of the assembly functions we take the address of: either noting the start and end address for future reference from a signal handler (safecopy), or copying the function text to a new mapping (platforms). Both of these fail with wrappers enabled (currently, this is Go tip with GOEXPERIMENT=regabiwrappers) because these operations end up operating on the wrapper instead of the target function. We work around this issue by taking advantage of case 5: references to assembly symbols from other assembly functions resolve directly to the desired target symbol. Thus, rather than using reflect to get the address of a Go reference to the functions, we create assembly stubs that return the address of the function. This approach works just as well on current versions of Go, so the change can be made immediately and doesn't require any build tags. [1] https://go.googlesource.com/go/+/refs/heads/master/src/cmd/compile/abi-internal.md PiperOrigin-RevId: 368505655
2021-04-14Merge release-20210408.0-31-g272d2e116 (automated)gVisor bot
2021-04-14Make the generated test binary name match the target nameTing-Yu Wang
PiperOrigin-RevId: 368495641
2021-04-14Merge release-20210408.0-30-g5c1052b6b (automated)gVisor bot
2021-04-14[syserror] Remove syserror from go_marshalZach Koopmans
PiperOrigin-RevId: 368470656
2021-04-14Merge release-20210408.0-29-g36dbd3b97 (automated)gVisor bot
2021-04-14Automatically enforce limited netstack dependenciesKevin Krakauer
Netstack is supposed to be somewhat independent of the rest of gVisor, and others should be able to use it without pulling in excessive dependencies. Currently, there is no way to fight dependency creep besides careful code review. This change introduces a test rule `netstack_deps_check` that ensures the target only relies on gVisor targets and a short allowlist of external dependencies. Users who add a dependency will see an error and have to manually update the allowlist. The set of packages to test comes from //runsc, as it uses packages we would expect users to commonly rely on. It was generated via: $ find ./runsc -name BUILD | xargs grep tcpip | awk '{print $2}' | sort | uniq (Note: We considered giving //pkg/tcpip it's own go.mod, but this breaks go tooling.) PiperOrigin-RevId: 368456711
2021-04-13Merge release-20210408.0-28-ge83cc06f1 (automated)gVisor bot
2021-04-13Remove _NoRandomSave tests.Adin Scannell
We do not currently run random save tests. PiperOrigin-RevId: 368309921