Age | Commit message (Collapse) | Author |
|
The self-admittedly arbitrary threshold of 20% of alarms being sent to the main
thread was being breached. I saw a run of of ~20-23% [1]. We should allow for a
little more breathing room.
1 - https://buildkite.com/gvisor/pipeline/builds/7400
PiperOrigin-RevId: 386503482
|
|
The benchmark check fails if any of the socket syscalls fail with
EINTR. We see this manifest in S/R lifecycles since S/R has a high
probability of aborting these syscalls with EINTR.
PiperOrigin-RevId: 386480365
|
|
...and rename the library to socket_util.
PiperOrigin-RevId: 386348306
|
|
We opted to move forward with FUSE instead.
PiperOrigin-RevId: 386344258
|
|
CR0.NE enables internal x87 floating point error reporting when set, else
enables PC style x87 error detection.
On AMD, the #MF exception isn't generated if CR0.NE isn't set.
PiperOrigin-RevId: 386340269
|
|
* First, we don't need to poll child processes.
* Second, the 5 seconds timeout is too small if a host is overloaded.
* Third, this can hide bugs in the code when we wait a process that
isn't going to exit.
PiperOrigin-RevId: 386337586
|
|
PiperOrigin-RevId: 386323389
|
|
Rather than re-downloading and installing Go for each pipeline run, we should
just do it at boot.
PiperOrigin-RevId: 386320005
|
|
PiperOrigin-RevId: 386312456
|
|
- Creates new metric "/tcp/segments_acked_with_dsack" to count the number of
segments acked with DSACK.
- Added check to verify the metric is getting incremented when a DSACK is sent
in the unit tests.
PiperOrigin-RevId: 386135949
|
|
#6322 tried to update Go to 1.16, but existing nodes fail to upgrade due to the
presence of old Go [1]. Specifically when trying to add Go to `/usr/bin`:
```
ln: failed to create symbolic link '/usr/bin/go': File exists
```
Also:
- Removing `golang-go` also removes apt installs of `gcc` and `pkg-config`, so
those are installed explicitly.
- Add `-c` to wget, which will prevent re-downloading Go for each run.
- Disable GO111MODULE when building cri-tools and containerd, since we're using
pre-module versions of each.
1 - https://buildkite.com/gvisor/pipeline/builds/7285#3593244c-e411-472d-804a-9c7fbbd24762
PiperOrigin-RevId: 386106881
|
|
PiperOrigin-RevId: 386093826
|
|
Reported-by: syzbot+59550b48e06cc0d3b638@syzkaller.appspotmail.com
PiperOrigin-RevId: 386075453
|
|
PiperOrigin-RevId: 385944428
|
|
PiperOrigin-RevId: 385940836
|
|
PiperOrigin-RevId: 385937353
|
|
The gofer session is killed when a gofer backed volume is unmounted. The
gofer monitor catches the disconnect and kills the container. This changes
the gofer monitor to only care about the rootfs connections, which cannot
be unmounted.
Fixes #6259
PiperOrigin-RevId: 385929039
|
|
PiperOrigin-RevId: 385919423
|
|
PiperOrigin-RevId: 385894869
|
|
Fixes #6300
PiperOrigin-RevId: 385840917
|
|
PiperOrigin-RevId: 385200993
|
|
fs.renameMu is released and reacquired in `dentry.destroyLocked()` allowing
a dentry to be in `fs.syncableDentries` with a negative reference count.
Fixes #5263
PiperOrigin-RevId: 385054337
|
|
PiperOrigin-RevId: 385051420
|
|
We're currently on 1.13, which can cause build issues with code targeting later
versions.
PiperOrigin-RevId: 385029528
|
|
TCP is fully supported. As with SO_RCVBUF, other transport protocols perform
no-ops per DefaultSocketOptionsHandler.OnSetReceiveBufferSize.
PiperOrigin-RevId: 385023239
|
|
PiperOrigin-RevId: 385019550
|
|
PiperOrigin-RevId: 384823097
|
|
PiperOrigin-RevId: 384796852
|
|
PiperOrigin-RevId: 384776517
|
|
Tested via:
```
bazel test \
//test/syscalls:socket_ipv4_udp_unbound_loopback_nogotsan_test_runsc_ptrace
--runs_per_test=2000
```
PiperOrigin-RevId: 384773477
|
|
|
|
PiperOrigin-RevId: 384586164
|
|
Remove the hack in gVisor vfs that allows verity to bypass the O_PATH
check, since ioctl is not allowed on fds opened with O_PATH in linux.
Verity still opens the lowerFD with O_PATH to open it as a symlink, but
the API no longer expects O_PATH to open a fd to be verity enabled.
Now only O_FOLLOW should be specified when opening and enabling verity
features.
PiperOrigin-RevId: 384567833
|
|
Add support for msgget, and msgctl(IPC_RMID), and enable msgqueue
syscall tests.
Updates #135
|
|
Remove implements the behaviour or msgctl(IPC_RMID).
Updates #135
|
|
FindOrCreate implements the behaviour of msgget(2).
Updates #135
|
|
Create package msgqueue, define primitives to be used for message
queues, and add a msgqueue.Registry to IPCNamespace.
Updates #135
|
|
Updates #135
|
|
Updates #135
|
|
Create ipc.Registry to hold fields, and define functionality common to
all SysV registries, and have registries use it.
|
|
Create ipc.Object to define fields and functionality used in SysV
mechanisms, and have them use it.
|
|
It was confusing to find functions relating to root and non-root
containers. Replace "non-root" and "subcontainer" and make naming
consistent in Sandbox and controller.
PiperOrigin-RevId: 384512518
|
|
Previously, two calls to set the send or receive buffer size could have raced
and left state wherein:
- The actual size depended on one call
- The value returned by getsockopt() depended on the other
PiperOrigin-RevId: 384508720
|
|
Before this change, transmission of the first router solicitation races
with the adding of an IPv6 link-local address. This change creates the
NIC in the disabled state and is only enabled after the address is added
(if required) to avoid this race.
PiperOrigin-RevId: 384493553
|
|
- Keeps Linux-specific behavior out of //pkg/tcpip
- Makes it clearer that clamping is done only for setsockopt calls from users
- Removes code duplication
PiperOrigin-RevId: 384389809
|
|
Kernfs provides an internal mechanism to defer calls to `DecRef()` because
on the last reference `Filesystem.mu` must be held and most places that
need to call `DecRef()` are inside the lock. The same can be true for
filesystems that extend kernfs. procfs needs to look up files and `DecRef()`
them inside the `kernfs.Filesystem.mu`. If the files happen to be procfs
files, it can deadlock trying to decrement if it's the last reference.
This change extends the mechanism to external callers to defer DecRefs
to `vfs.FileDescription` and `vfs.VirtualDentries`.
PiperOrigin-RevId: 384361647
|
|
Instead, roll the output scraping into the main runner. Pass a perf flag to
the runner in order to control leak checking, apply tags via the macro and
appropriately disable logging. This may be removed in the future.
PiperOrigin-RevId: 384348035
|
|
Set stdio ownership based on the container's user to ensure the
user can open/read/write to/from stdios.
1. stdios in the host are changed to have the owner be the same
uid/gid of the process running the sandbox. This ensures that the
sandbox has full control over it.
2. stdios owner owner inside the sandbox is changed to match the
container's user to give access inside the container and make it
behave the same as runc.
Fixes #6180
PiperOrigin-RevId: 384347009
|
|
PiperOrigin-RevId: 384344990
|
|
Update the following from syserror to the linuxerr equivalent:
EEXIST
EFAULT
ENOTDIR
ENOTTY
EOPNOTSUPP
ERANGE
ESRCH
PiperOrigin-RevId: 384329869
|