summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-01-11Internal change.Googler
PiperOrigin-RevId: 228979583 Change-Id: I69bd82def48ceb19bc8558c890622b8528d98764
2019-01-11Clean up some uses of fork() in tests.Jamie Liu
- Fix a few cases where async-signal-unsafe code is executed in a forked process pre-execve. - Ensure that the return value of fork() is always checked. PiperOrigin-RevId: 228949310 Change-Id: I3096cb7d7394b8d9ab81b0e0245f2060713ef589
2019-01-11Require CAP_SYS_CHROOT in ChrootTest.ProcMountsMountinfoNoEscape.Jamie Liu
PiperOrigin-RevId: 228949227 Change-Id: I8f47bcd56aab706081218ec7498af8049ccd6d63
2019-01-11Make syscall_test_runner binary testonly.Nicolas Lacasse
PiperOrigin-RevId: 228945914 Change-Id: Idfa0a3c27434655b5f9ac241f1726e0bc9ef0392
2019-01-11Update readme to say that 'kubectl cp' worksFabricio Voznika
PiperOrigin-RevId: 228904169 Change-Id: I948f417d1336cb69c5733b142c53850507432fda
2019-01-11runsc: Collect zombies of sandbox and gofer processesAndrei Vagin
And we need to wait a gofer process before cgroup.Uninstall, because it is running in the sandbox cgroups. PiperOrigin-RevId: 228904020 Change-Id: Iaf8826d5b9626db32d4057a1c505a8d7daaeb8f9
2019-01-10Define name earlierMichael Pratt
PiperOrigin-RevId: 228805981 Change-Id: I4f4c4a5d8de325dff38f6dfb92108fc848d823fd
2019-01-10Fixing select call to not enforce RLIMIT_NOFILE.Zach Koopmans
Removing check to RLIMIT_NOFILE in select call. Adding unit test to select suite to document behavior. Moving setrlimit class from mlock to a util file for reuse. Fixing flaky test based on comments from Jamie. PiperOrigin-RevId: 228726131 Change-Id: Ie9dbe970bbf835ba2cca6e17eec7c2ee6fadf459
2019-01-09Minor memevent fixes.Jamie Liu
- Call MemoryEvents.done.Add(1) outside of MemoryEvents.run() so that if MemoryEvents.Stop() => MemoryEvents.done.Wait() is called before the goroutine starts running, it still waits for the goroutine to stop. - Use defer to call MemoryEvents.done.Done() in MemoryEvents.run() so that it's called even if the goroutine panics. PiperOrigin-RevId: 228623307 Change-Id: I1b0459e7999606c1a1a271b16092b1ca87005015
2019-01-09Avoid $(location) in syscall tests.Nicolas Lacasse
Instead just find the syscall_test_runner binary in the shell script. PiperOrigin-RevId: 228621230 Change-Id: I274ee0874e47d53f59474b1ac730ee45e3dff977
2019-01-09Make CooperativeSaveEnabled() async-signal-safe(r).Jamie Liu
The static local variable `enabled` in CooperativeSaveEnabled() is not initialized until the first call to CooperativeSaveEnabled(), per the C++14 standard, section 6.7 ("Declaration statement"), paragraph 4. This initialization is thread-safe as of C++11, but it is *not* required to be async-signal-safe. Use a namespace-scope variable instead, since this is guaranteed to be zero-initialized before main() by section 3.6.2 ("Initialization of non-local variables"). getenv() is technically not async-signal-safe either, hence the hedging in the change summary line. However, glibc's implementation of getenv() appears to be async-signal-safe in the absence of calls to setenv(). PiperOrigin-RevId: 228588617 Change-Id: I669f555d1c91352d55c606970bb237ec888fa7ca
2019-01-09Allow to specify a custom path to runsc for syscall-test-runnerAndrei Vagin
PiperOrigin-RevId: 228574092 Change-Id: Id93abcca1ce964eb595907df9355702d469bc33b
2019-01-09Fix lock order violation.Nicolas Lacasse
overlayFileOperations.Readdir was holding overlay.copyMu while calling DirentReaddir, which then attempts to take take the corresponding Dirent.mu, causing a lock order violation. (See lock order documentation in fs/copy_up.go.) We only actually need to hold copyMu during readdirEntries(), so holding the lock is moved in there, thus avoiding the lock order violation. A new lock was added to protect overlayFileOperations.dirCache. We were inadvertently relying on copyMu to protect this. There is no reason it should not have its own lock. PiperOrigin-RevId: 228542473 Change-Id: I03c3a368c8cbc0b5a79d50cc486fc94adaddc1c2
2019-01-09Restore to original cgroup after sandbox and gofer processes are createdFabricio Voznika
The original code assumed that it was safe to join and not restore cgroup, but Container.Run will not exit after calling start, making cgroup cleanup fail because there were still processes inside the cgroup. PiperOrigin-RevId: 228529199 Change-Id: I12a48d9adab4bbb02f20d71ec99598c336cbfe51
2019-01-08Allow MSG_OOB and MSG_DONTROUTE to be no-ops on recvmsg(2).Brian Geffon
PiperOrigin-RevId: 228428223 Change-Id: I433ba5ffc15ea4c2706ec944901b8269b1f364f8
2019-01-08Enable proc/self/fd test on linux and disable only on gvisor.Brian Geffon
PiperOrigin-RevId: 228403149 Change-Id: Iab212e49d9eb27d785bddc9fd447835ce8c485ae
2019-01-08Improve loader related error messages returned to users.Brian Geffon
PiperOrigin-RevId: 228382827 Change-Id: Ica1d30e0df826bdd77f180a5092b2b735ea5c804
2019-01-08Grant no initial capabilities to non-root UIDs.Jamie Liu
See modified comment in auth.NewUserCredentials(); compare to the behavior of setresuid(2) as implemented by //pkg/sentry/kernel/task_identity.go:kernel.Task.setKUIDsUncheckedLocked(). PiperOrigin-RevId: 228381765 Change-Id: I45238777c8f63fcf41b99fce3969caaf682fe408
2019-01-08Implement Stringer for tcpip.StatCounterBert Muthalaly
This enables formatting tcpip.Stats readably with %+v. PiperOrigin-RevId: 228379088 Change-Id: I6a9876454a22f151ee752cf94589b4188729458f
2019-01-07Undo changes in case of failure to create file/dir/symlinkFabricio Voznika
File/dir/symlink creation is multi-step and may leave state behind in case of failure in one of the steps. Added best effort attempt to clean up. PiperOrigin-RevId: 228286612 Change-Id: Ib03c27cd3d3e4f44d0352edc6ee212a53412d7f1
2019-01-07Add usermem support for arm64 platform.Jamie Liu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> PiperOrigin-RevId: 228249611 Change-Id: I1046e70bec4274f18b9948eefd6b0d546e4c48bb
2019-01-07Implement /proc/[pid]/smaps.Jamie Liu
PiperOrigin-RevId: 228245523 Change-Id: I5a4d0a6570b93958e51437e917e5331d83e23a7e
2019-01-07Default syscall_test shard_count to 5.Jamie Liu
PiperOrigin-RevId: 228243120 Change-Id: I2726d580f4f9fad0ecc6a912e0e576ed9e08ce72
2019-01-03Allow creating syserr.Errors at runtime.Ian Gudger
Not allowing this was an oversight. PiperOrigin-RevId: 227757813 Change-Id: I845800ab69028b7320afca36d832c477ff17c5ce
2019-01-03Apply chroot for --network=host tooFabricio Voznika
PiperOrigin-RevId: 227747566 Change-Id: Ide9df4ac1391adcd1c56e08d6570e0d149d85bc4
2019-01-03Rename linux.Errno.Error to linux.Errno.String.Ian Gudger
Using linux.Errno as an error doesn't work very well as none of the sentry code expects error to contain a linux.Errno. This moves using syserr.Error.ToLinux as an error in a syscall handler from a runtime error to a compile error. PiperOrigin-RevId: 227744312 Change-Id: Iea63108a5b198296c908614e09c01733dd684da0
2019-01-03Add test for reopening socketpair end via procfs.Brian Geffon
PiperOrigin-RevId: 227738801 Change-Id: Ic0c5d10c3b1f21b3f85ff9a661a55db77fab77b0
2019-01-02Automated rollback of changelist 225089593Michael Pratt
PiperOrigin-RevId: 227595007 Change-Id: If14cc5aab869c5fd7a4ebd95929c887ab690e94c
2019-01-02Add /proc/net/psched contentFabricio Voznika
FIO reads this file and expects it to be well formed. PiperOrigin-RevId: 227554483 Change-Id: Ia48ae2377626dd6a2daf17b5b4f5119f90ece55b
2018-12-28Simplify synchronization between runsc and sandbox processFabricio Voznika
Make 'runsc create' join cgroup before creating sandbox process. This removes the need to synchronize platform creation and ensure that sandbox process is charged to the right cgroup from the start. PiperOrigin-RevId: 227166451 Change-Id: Ieb4b18e6ca0daf7b331dc897699ca419bc5ee3a2
2018-12-28Implement SO_REUSEPORT for TCP and UDP socketsAndrei Vagin
This option allows multiple sockets to be bound to the same port. Incoming packets are distributed to sockets using a hash based on source and destination addresses. This means that all packets from one sender will be received by the same server socket. PiperOrigin-RevId: 227153413 Change-Id: I59b6edda9c2209d5b8968671e9129adb675920cf
2018-12-28Extract go_merge into its own packageTamir Duberstein
This change is needed to support building gvisor for Fuchsia, which uses Chromium's GN build system; at the time of writing, Fuchsia's Go support does not include explicit enumeration of files, assuming instead that Go binaries are always built from all Go source files in a given package. Rather than extending Fuchsia's Go support, it is easier simply to extract a separate package here. PiperOrigin-RevId: 227133402 Change-Id: I1c64fff286d9c014b4bd1183b76023b35b60c720
2018-12-27Fix deadlock between epoll_wait and getdentsFabricio Voznika
epoll_wait acquires EventPoll.listsMu (in EventPoll.ReadEvents) and then calls Inotify.Readiness which tries to acquire Inotify.evMu. getdents acquires Inotify.evMu (in Inotify.queueEvent) and then calls readyCallback.Callback which tries to acquire EventPoll.listsMu. The fix is to release Inotify.evMu before calling Queue.Notify. Queue is thread-safe and doesn't require Inotify.evMu to be held. Closes #121 PiperOrigin-RevId: 227066695 Change-Id: Id29364bb940d1727f33a5dff9a3c52f390c15761
2018-12-26Plumb IP_MULTICAST_TTL to netstack.Ian Gudger
PiperOrigin-RevId: 226993086 Change-Id: I71757f231436538081d494da32ca69f709bc71c7
2018-12-26Add EventChannel messages for uncaught signals.Brian Geffon
PiperOrigin-RevId: 226936778 Change-Id: I2a6dda157c55d39d81e1b543ab11a58a0bfe5c05
2018-12-21Stub out SO_OOBINLINE.Ian Gudger
We don't explicitly support out-of-band data and treat it like normal in-band data. This is equilivent to SO_OOBINLINE being enabled, so always report that it is enabled. PiperOrigin-RevId: 226572742 Change-Id: I4c30ccb83265e76c30dea631cbf86822e6ee1c1b
2018-12-21Kokoro: Build all packages as part of presubmit.Nicolas Lacasse
We now build all packages (including //test/...) with RBE as part of the Kokoro presubmit. The tests do not yet use RBE, because there are some failures. The Golang unit, integration, and image tests still run locally. The syscall test suite needs even more work to make it pass on RBE. Those will be enabled in follow-up CLs. They currently are not enabled at all on Kokoro. PiperOrigin-RevId: 226562208 Change-Id: Idd2b81b3e8f07bf300c77e68990493ba97d16e23
2018-12-21Configure Kokoro build with RBE.Nicolas Lacasse
PiperOrigin-RevId: 226552586 Change-Id: I078502d46e2e4a8252ef0477309af8d3ffbbf88d
2018-12-21Remove gunit_no_heapcheck from depsAndrei Vagin
heapcheck works fine now. PiperOrigin-RevId: 226552252 Change-Id: Ifcf17a377b3d6512a576f54462dd81c1d4c7b17c
2018-12-21Internal ChangeMichael Pratt
PiperOrigin-RevId: 226542979 Change-Id: Ife11ebd0a85b8a63078e6daa71b4a99a82080ac9
2018-12-21Implement SO_KEEPALIVE, TCP_KEEPIDLE, and TCP_KEEPINTVL.Ian Gudger
Within gVisor, plumb new socket options to netstack. Within netstack, fix GetSockOpt and SetSockOpt return value logic. PiperOrigin-RevId: 226532229 Change-Id: If40734e119eed633335f40b4c26facbebc791c74
2018-12-21Fix test util testsMichael Pratt
We actually need to include test main! PiperOrigin-RevId: 226524447 Change-Id: I9d9e631611183c7c1fbae1c20a222c9aeef269b2
2018-12-21inotify notifies watchers when control events bit are setFabricio Voznika
The code that matches the event being published with events watchers was wronly matching all watchers in case any of the control event bits were set. Issue #121 PiperOrigin-RevId: 226521230 Change-Id: Ie2c42bc4366faaf59fbf80a74e9297499bd93f9e
2018-12-21Update rules_go, gazelle, and GoMichael Pratt
PiperOrigin-RevId: 226511383 Change-Id: I3a42572d44582d5713841799ec1fd9695d050938
2018-12-21Automated rollback of changelist 226224230Jamie Liu
PiperOrigin-RevId: 226493053 Change-Id: Ia98d1cb6dd0682049e4d907ef69619831de5c34a
2018-12-20Deflake gofer_test.Nicolas Lacasse
We must wait for all lazy resources to be released before closing the rootFile. PiperOrigin-RevId: 226419499 Change-Id: I1d4d961a92b3816e02690cf3eaf0a88944d730cc
2018-12-20Make read and write respect SO_RCVTIMEO and SO_SNDTIMEOIan Gudger
PiperOrigin-RevId: 226387521 Change-Id: I0579ab262320fde6c72d2994dd38437f01a99ea5
2018-12-20Rename limits.MemoryPagesLocked to limits.MemoryLocked.Jamie Liu
"RLIMIT_MEMLOCK: This is the maximum number of bytes of memory that may be locked into RAM." - getrlimit(2) PiperOrigin-RevId: 226384346 Change-Id: Iefac4a1bb69f7714dc813b5b871226a8344dc800
2018-12-20test: deflake socket_inet_loopback.Zhaozhong Ni
PiperOrigin-RevId: 226350590 Change-Id: Idff080705f644f8f78ce92b53c77eecc37e002e7
2018-12-19Automated rollback of changelist 225861605Googler
PiperOrigin-RevId: 226224230 Change-Id: Id24c7d3733722fd41d5fe74ef64e0ce8c68f0b12