summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-01-26runsc: check for nested cgroup when generating croup pathsDaniel Dao
in nested container, we see paths from host in /proc/self/cgroup, so we need to re-process that path to get a relative path to be used inside the container. Without it, runsc generates ugly paths that may trip other cgroup watchers that expect clean paths. An example of ugly path is: ``` /sys/fs/cgroup/memory/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93/cgroupPath ``` Notice duplication of `docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93` `/proc/1/cgroup` looks like ``` 12:perf_event:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 11:blkio:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 10:freezer:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 9:hugetlb:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 8:devices:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 7:rdma:/ 6:pids:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 5:cpuset:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 4:cpu,cpuacct:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 3:memory:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 2:net_cls,net_prio:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 1:name=systemd:/docker/e383892b29290ae8005d535f2dadc4a583bb354d5bb1ba8c10bf900d92c4db93 0::/system.slice/containerd.service ``` This is not necessary when the parent container was created with cgroup namespace, but that setup is not very common right now. Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2021-01-17Do not use a stack-wide queue of pending packetsGhanan Gowripalan
Packets may be pending on link resolution to complete before being sent. Link resolution is performed for neighbors which are unique to a NIC so hold link resolution related state under the NIC, not the stack. Note, this change may result in more queued packets but that is okay as RFC 4861 section 7.2.2 recommends that the stack maintain a queue of packets for each neighbor that is waiting for link resolution to complete, not a fixed limit per stack. PiperOrigin-RevId: 352322155
2021-01-15Resolve known link address on route creationGhanan Gowripalan
If a Route is being created through a link that requires link address resolution and a remote address that has a known mapping to a link address, populate the link address when the route is created. This removes the need for neighbor/link address caches to perform this check. Fixes #5149 PiperOrigin-RevId: 352122401
2021-01-15Support GetLinkAddress with neighborCacheGhanan Gowripalan
Test: integration_test.TestGetLinkAddress PiperOrigin-RevId: 352119404
2021-01-15Only pass stack.Route's fields to LinkEndpointsGhanan Gowripalan
stack.Route is used to send network packets and resolve link addresses. A LinkEndpoint does not need to do either of these and only needs the route's fields at the time of the packet write request. Since LinkEndpoints only need the route's fields when writing packets, pass a stack.RouteInfo instead. PiperOrigin-RevId: 352108405
2021-01-15Remove count argument from tcpip.Endpoint.ReadTamir Duberstein
The same intent can be specified via the io.Writer. PiperOrigin-RevId: 352098747
2021-01-15[rack] Retransmit the probe segment after the probe timer expires.Ayush Ranjan
This change implements TLP details enumerated in https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.5.2. Fixes #5084 PiperOrigin-RevId: 352093473
2021-01-15Correctly return EMSGSIZE when packet is too big in raw socket.Ting-Yu Wang
IPv4 previously accepts the packet, while IPv6 panics. Neither is the behavior in Linux. splice() in Linux has different behavior than in gVisor. This change documents it in the SpliceTooLong test. Reported-by: syzbot+b550e78e5c24d1d521f2@syzkaller.appspotmail.com PiperOrigin-RevId: 352091286
2021-01-15Populate EgressRoute, GSO, Netproto for batch writesGhanan Gowripalan
We loop over the list of packets anyways so setting these aren't expensive. Now that they are populated only by the link endpoint that uses them, TCP does not need to. PiperOrigin-RevId: 352090853
2021-01-15Add fsstress testsFabricio Voznika
Updates #5273 PiperOrigin-RevId: 352088736
2021-01-15Combine reference count logs into one message.Dean Deng
Otherwise, races can occur between concurrent logs. PiperOrigin-RevId: 352086914
2021-01-15Support TEST_PREMATURE_EXIT_FILE in syscall testsFabricio Voznika
PiperOrigin-RevId: 352068182
2021-01-15Add sanity check on return values from WriteTing-Yu Wang
io.Writer.Write requires err to be non-nil if n < len(v). We could allow this but it will be irreversible if users depend on this behavior. Ported the test that discovered this. PiperOrigin-RevId: 352065946
2021-01-15Add tests for cases of ARP failures on TCP connectMithun Iyer
Also fix test expectation for UDP sendto() case in tuntap syscall test. Fixes #5155 PiperOrigin-RevId: 352056612
2021-01-15Merge pull request #5237 from travigd:add-containerd-pausegVisor bot
PiperOrigin-RevId: 352032380
2021-01-14Simplify the pipe implementation.Jamie Liu
- Remove the pipe package's dependence on the buffer package, which becomes unused as a result. The buffer package is currently intended to serve two use cases, pipes and temporary buffers, and does neither optimally as a result; this change facilitates retooling the buffer package to better serve the latter. - Pass callbacks taking safemem.BlockSeq to the internal pipe I/O methods, which makes most callbacks trivial. - Fix VFS1's splice() and tee() to immediately return if a pipe returns a partial write. PiperOrigin-RevId: 351911375
2021-01-14Don't run profiles on runc.Zach Koopmans
PiperOrigin-RevId: 351906812
2021-01-14Add stats for ARPArthur Sfez
Fixes #4963 Startblock: has LGTM from sbalana and then add reviewer ghanan PiperOrigin-RevId: 351886320
2021-01-14Check for existence before permissionsFabricio Voznika
Return EEXIST when overwritting a file as long as the caller has exec permission on the parent directory, even if the caller doesn't have write permission. Also reordered the mount write check, which happens before permission is checked. Closes #5164 PiperOrigin-RevId: 351868123
2021-01-14Remove impossible errorsTamir Duberstein
Commit 25b5ec7 moved link address resolution out of the transport layer; special handling of link address resolution is no longer necessary in tcp. PiperOrigin-RevId: 351839254
2021-01-13Clear neighbor table on NIC downGhanan Gowripalan
Note, this includes static entries to match linux's behaviour. ``` $ ip neigh show dev eth0 192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE $ sudo ip neigh add 192.168.42.172 lladdr 22:33:44:55:66:77 dev eth0 $ ip neigh show dev eth0 192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE 192.168.42.172 lladdr 22:33:44:55:66:77 PERMANENT $ sudo ifconfig eth0 down $ ip neigh show dev eth0 $ sudo ifconfig eth0 up $ ip neigh show dev eth0 ``` Test: stack_test.TestClearNeighborCacheOnNICDisable PiperOrigin-RevId: 351696306
2021-01-13Do not resolve remote link address at transport layerGhanan Gowripalan
Link address resolution is performed at the link layer (if required) so we can defer it from the transport layer. When link resolution is required, packets will be queued and sent once link resolution completes. If link resolution fails, the transport layer will receive a control message indicating that the stack failed to route the packet. tcpip.Endpoint.Write no longer returns a channel now that writes do not wait for link resolution at the transport layer. tcpip.ErrNoLinkAddress is no longer used so it is removed. Removed calls to stack.Route.ResolveWith from the transport layer so that link resolution is performed when a route is created in response to an incoming packet (e.g. to complete TCP handshakes or send a RST). Tests: - integration_test.TestForwarding - integration_test.TestTCPLinkResolutionFailure Fixes #4458 RELNOTES: n/a PiperOrigin-RevId: 351684158
2021-01-13Switch uses of os.Getenv that check for empty string to os.LookupEnv.Dean Deng
Whether the variable was found is already returned by syscall.Getenv. os.Getenv drops this value while os.Lookupenv passes it along. PiperOrigin-RevId: 351674032
2021-01-13testutil: Create a `multiLogger` that logs to multiple `Loggers`.Etienne Perot
This is useful when using the shell library in order to log to both the test log and the standard logs. PiperOrigin-RevId: 351673465
2021-01-13Fix code review issuesTravis DePrato
2021-01-13Add support for pause/restore in containerd shimTravis DePrato
2021-01-13Merge pull request #4792 from lubinszARM:pr_kvm_testgVisor bot
PiperOrigin-RevId: 351638451
2021-01-13Split container tests from unit tests.Adin Scannell
PiperOrigin-RevId: 351632484
2021-01-13Clean up the dummy network interface used by UDP testsArthur Sfez
It is now composed by a NetworkInterface interface which lets us delete the methods we don't need. PiperOrigin-RevId: 351613267
2021-01-13Fix minor typosMichael Pratt
PiperOrigin-RevId: 351606635
2021-01-13Human-readable metric emit logsMichael Pratt
Rather than dumping metrics on a single line, nearly unrelated textproto, print them in alphabetical order, each on their own line. e.g., D0108 17:42:42.198216 3382465 metric.go:253] Emitting metrics: D0108 17:42:42.198240 3382465 metric.go:255] /fs/opens: &{Uint64Value:22} D0108 17:42:42.198271 3382465 metric.go:255] /fs/read_wait: &{Uint64Value:0} D0108 17:42:42.198294 3382465 metric.go:255] /fs/reads: &{Uint64Value:26} D0108 17:42:42.198319 3382465 metric.go:255] /gofer/opened_write_execute_file: &{Uint64Value:0} D0108 17:42:42.198327 3382465 metric.go:255] /gofer/opens_9p: &{Uint64Value:0} D0108 17:42:42.198340 3382465 metric.go:255] /gofer/opens_host: &{Uint64Value:20} ... PiperOrigin-RevId: 351590340
2021-01-13[rack] TLP: Recovery detection.Ayush Ranjan
This change implements TLP details enumerated in https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.6 Fixes #5131 PiperOrigin-RevId: 351558449
2021-01-12Don't remove release directory.Adin Scannell
If the release directory is a parent directory (for reasons), then this causes a few problems (to say the least). PiperOrigin-RevId: 351515882
2021-01-12Fix Go branch building.Adin Scannell
Files removed from the working tree were not being properly removed from the branch, leading to symbol conflicts while building. This requires the change to 'git add --all' in the tools/go_branch.sh script. But why was this not caught by CI? The "git clean -f" command by default only cleans files in the current working directory. In order to clean the whole tree recursively, we need to specify a pathspec, which is ".". In addition to these fixes, re-add the "go tests" command to help prevent this from happening again, since merges on the Go branch will happen in GitHub actions for simplicity. The Go test is retained in BuildKite. PiperOrigin-RevId: 351503804
2021-01-12Drop TransportEndpointID from HandleControlPacketGhanan Gowripalan
When a control packet is delivered, it is delivered to a transport endpoint with a matching stack.TransportEndpointID so there is no need to pass the ID to the endpoint as it already knows its ID. PiperOrigin-RevId: 351497588
2021-01-12Remove unnecessary closureTamir Duberstein
PiperOrigin-RevId: 351491836
2021-01-12Remove useless cached stateTamir Duberstein
Simplify some logic while I'm here. PiperOrigin-RevId: 351491593
2021-01-12Delete shim v1Fabricio Voznika
gvisor-containerd-shim is not compatible with containerd 1.1 or earlier. Starting from containerd 1.2, shim v2 is the preferred interface. PiperOrigin-RevId: 351485556
2021-01-12Drop shutdown in docker run.Adin Scannell
This can race and cause issues. Instead, a manual shutdown can be done via 'bazel-shutdown' if required for specific cases. The ARM64 builds are now done using cross-compilation, so this hack is not necessary. PiperOrigin-RevId: 351477908
2021-01-12[rack] Set up TLP timer and configure timeout.Ayush Ranjan
This change implements TLP details enumerated in https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.5.1. Fixes #5083 PiperOrigin-RevId: 351467357
2021-01-12Fix simple mistakes identified by goreportcard.Adin Scannell
These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971
2021-01-11Fix Go branch for arm64.Adin Scannell
This requires several changes: * Templates must preserve relevant tags. * Pagetables templates are split into two targets, each preserving tags. * The binary VDSO is similarly split into two targets, with some juggling. * The top level tools/go_branch.sh now does a crossbuild of ARM64 as well, and checks and merges the results of the two branches together. Fixes #5178 PiperOrigin-RevId: 351304330
2021-01-11Make segment range type split safe.Adin Scannell
This allows for use in restricted contexts. Updates #5039 PiperOrigin-RevId: 351265378
2021-01-11Add additional required packages.Adin Scannell
PiperOrigin-RevId: 351263241
2021-01-11OCI spec may contain duplicate environment variablesFabricio Voznika
Closes #5226 PiperOrigin-RevId: 351259576
2021-01-11Make ilist split safe.Adin Scannell
This allows for use in restricted contexts. Updates #5039 PiperOrigin-RevId: 351220385
2021-01-11Fix rules_go checksums.Adin Scannell
The release was changed by bazel ಠ_ಠ: https://github.com/bazelbuild/rules_go/issues/2779 Updates #5188 PiperOrigin-RevId: 351185440
2021-01-08Support releasing aarch64 builds.Adin Scannell
This change works around an issue in rules_pkg, described here: https://github.com/bazelbuild/rules_pkg/pull/263 PiperOrigin-RevId: 350869030
2021-01-08Merge pull request #4933 from lubinszARM:pr_kvm_el0_exceptionsgVisor bot
PiperOrigin-RevId: 350862699
2021-01-08Create console test library.Etienne Perot
This creates a TTY pair and runs `/bin/sh` in interactive mode within it. It provides useful helper functions to interact with the shell and read the output of commands run within it. This is meant to be used for testing upcoming changes allowing `runsc exec` to work in `-detach=false -tty=true` mode. PiperOrigin-RevId: 350841006