Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 261373749
|
|
We can get the mount namespace from the CreateProcessArgs in all cases where we
need it. This also gets rid of kernel.Destroy method, since the only thing it
was doing was DecRefing the mounts.
Removing the need to call kernel.SetRootMountNamespace also allowed for some
more simplifications in the container fs setup code.
PiperOrigin-RevId: 261357060
|
|
This change removes the filepath.Walk() function from
proctor- go, php, and nodejs. The filepath.Walk() is
now defined in common.go in Search(). Each proctor binary
passes root directory and testFilter arguments to Search().
proctor-python.go no longer uses filepath.Walk() to search
for tests. There is a built-in list test function within
python's language test suite so that is being used instead.
PiperOrigin-RevId: 261242897
|
|
Set /proc/self/oom_score_adj based on oomScoreAdj specified in the OCI bundle.
When new containers are added to the sandbox oom_score_adj for the sandbox and
all other gofers are adjusted so that oom_score_adj is equal to the lowest
oom_score_adj of all containers in the sandbox.
Fixes #512
PiperOrigin-RevId: 261242725
|
|
PiperOrigin-RevId: 261203674
|
|
This is the source of many warnings like:
AtomicRefCount 0x7f5ff84e3500 owned by "fs.Inode" garbage collected with ref count of 1 (want 0)
PiperOrigin-RevId: 261197093
|
|
Export some readily-available fields for TCP_INFO and stub out the rest.
PiperOrigin-RevId: 261191548
|
|
Implements support for RTM_GETROUTE requests for netlink sockets.
Fixes #507
PiperOrigin-RevId: 261051045
|
|
proctor-go had a bug where it would incorrectly identify
a tool test as a disk test. Instead of searching for the
test on disk as the identification method, we now check if
the test name ends in ".go". If the test ends in ".go" it
is run as a disk test, otherwise the test is run as a tool test.
Python tests need to be run from within the directory they exist.
Functionality to split the test name from it's parent directory
has been added and a cmd.Dir argument has been set.
PiperOrigin-RevId: 261021693
|
|
Note that some of these changes affect the protocol in
backward-incompatible ways.
- Replace use of "initially-active" and "initially-inactive" with
"client" and "server" respectively for clarity.
- Fix a race condition involving Endpoint.Shutdown() by repeatedly
invoking FUTEX_WAKE until it is confirmed that no local thread is
blocked in FUTEX_WAIT.
- Drop flipcall.ControlMode.
PiperOrigin-RevId: 260981382
|
|
This is initialized lazily on the first unimplemented
syscall. Without the sync.Once, this is racy.
PiperOrigin-RevId: 260971758
|
|
Shared code among proctor-*.go files has been refactored
into common/common.go. The common package is imported in
each proctor binary and a struct is created to implement
the testRunner interface defined in common.go. This allows
for the proctor binaries to be updated without having to
copy/paste the same code across all files. There are no
usage or functionality changes.
PiperOrigin-RevId: 260967080
|
|
The checksum was not being reset before being re-calculated and sent out.
This caused the sent checksum to always be `0x0800`.
Fixes #605.
PiperOrigin-RevId: 260965059
|
|
This doesn't currently pass on gVisor.
While I'm here, fix a bug where connecting to the v6-mapped v4 address doesn't
work in gVisor.
PiperOrigin-RevId: 260923961
|
|
PiperOrigin-RevId: 260851452
|
|
It gets rid of holding state of the io.Reader offset (which is anyways held by
the vfs.FileDescriptor struct. It is also odd using a io.Reader becuase we
using io.ReaderAt to interact with the device. So making a io.ReaderAt wrapper
makes more sense.
Most importantly, it gets rid of the complexity of extracting the file reader
from a regular file implementation and then using it. Now we can just use the
regular file implementation as a reader which is more intuitive.
PiperOrigin-RevId: 260846927
|
|
Also adds stress tests for block map reader and intensifies extent reader tests.
PiperOrigin-RevId: 260838177
|
|
PiperOrigin-RevId: 260824989
|
|
PiperOrigin-RevId: 260803517
|
|
PiperOrigin-RevId: 260783254
|
|
Adds feature to launch from an open host FD instead of a binary_path.
The FD should point to a valid executable and most likely be statically
compiled. If the executable is not statically compiled, the loader will
search along the interpreter paths, which must be able to be resolved in
the Sandbox's file system or start will fail.
PiperOrigin-RevId: 260756825
|
|
syscall.POLL is not supported on arm64, using syscall.PPOLL
to support both the x86 and arm64. refs #63
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I2c81a063d3ec4e7e6b38fe62f17a0924977f505e
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/543 from xiaobo55x:master ba598263fd3748d1addd48e4194080aa12085164
PiperOrigin-RevId: 260752049
|
|
This provides the following benefits:
- We can now use pkg/fd package which does not take ownership
of the file descriptor. So it does not close the fd when garbage collected.
This reduces scope of errors from unexpected garbage collection of io.File.
- It enforces the offset parameter in every read call.
It does not affect the fd offset nor is it affected by it. Hence reducing
scope of error of using stale offsets when reading.
- We do not need to serialize the usage of any global file descriptor anymore.
So this drops the mutual exclusion req hence reducing complexity and
congestion.
PiperOrigin-RevId: 260635174
|
|
Allocate a larger memory buffer and combine multiple copies into one copy,
to reduce the number of copies from kernel memory to user memory.
Signed-off-by: Hang Su <darcy.sh@antfin.com>
|
|
PiperOrigin-RevId: 260629559
|
|
PiperOrigin-RevId: 260624470
|
|
PiperOrigin-RevId: 260613864
|
|
This introduces two new types of Emitters:
1. MultiEmitter, which will forward events to other registered Emitters, and
2. RateLimitedEmitter, which will forward events to a wrapped Emitter, subject
to given rate limits.
The methods in the eventchannel package itself act like a multiEmitter, but is
not actually an Emitter. Now we have a DefaultEmitter, and the methods in
eventchannel simply forward calls to the DefaultEmitter.
The unimplemented syscall handler now uses a RateLimetedEmitter that wraps the
DefaultEmitter.
PiperOrigin-RevId: 260612770
|
|
This test flaked on my current CL. Linux makes no guarantee
that two inodes will consecutive (overflows happen).
https://github.com/avagin/linux-task-diag/blob/master/fs/inode.c#L880
PiperOrigin-RevId: 260608240
|
|
PiperOrigin-RevId: 260577765
|
|
Unfortunately, Linux's ip_tables.h header doesn't compile in C++ because it
implicitly converts from void* to struct xt_entry_target*. C allows this, but
C++ does not. So we have to re-implement many types ourselves.
Relevant code here:
https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter_ipv4/ip_tables.h#L222
PiperOrigin-RevId: 260565570
|
|
PiperOrigin-RevId: 260239119
|
|
This allows published binary to be debugged if needed.
PiperOrigin-RevId: 260228367
|
|
PiperOrigin-RevId: 260220279
|
|
By following the directions in the README file, these Dockerfiles can be
built and used to run native language tests for their respective runtimes.
PiperOrigin-RevId: 260174430
|
|
PiperOrigin-RevId: 260047477
|
|
PiperOrigin-RevId: 259865366
|
|
PiperOrigin-RevId: 259856442
|
|
PiperOrigin-RevId: 259835948
|
|
This allows the user code to add a network address with a subnet prefix length.
The prefix length value is stored in the network endpoint and provided back to
the user in the ProtocolAddress type.
PiperOrigin-RevId: 259807693
|
|
The different containers in a sandbox used only one pid
namespace before. This results in that a container can see
the processes in another container in the same sandbox.
This patch use different pid namespace for different containers.
Signed-off-by: chris.zn <chris.zn@antfin.com>
|
|
PiperOrigin-RevId: 259666476
|
|
PiperOrigin-RevId: 259657917
|
|
PiperOrigin-RevId: 259628657
|
|
This keeps all container filesystem completely separate from eachother
(including from the root container filesystem), and allows us to get rid of the
"__runsc_containers__" directory.
It also simplifies container startup/teardown as we don't have to muck around
in the root container's filesystem.
PiperOrigin-RevId: 259613346
|
|
This change has the listTests() function return
a string slice of all the tests. Originally, I
planned not to modify the listTests() function
and instead capture the output of it and then
iterate through the captured output. I decided
against this approach as most of the test binaries
already produce a slice as they collect tests
through filepath.Walk(). Now I use this slice
and return it so that I can iterate through in
runAllTests() and also when printing out the tests.
PiperOrigin-RevId: 259599782
|
|
This fixes a bug introduced in cl/251934850 that caused
connect-accept-close-connect races to result in the second connect call
failiing when it should have succeeded.
PiperOrigin-RevId: 259584525
|
|
PiperOrigin-RevId: 259437060
|
|
PiperOrigin-RevId: 259427074
|
|
m.available.Signal() has to be called under m.mu.RLock, otherwise it can
race with machine.Get:
m.Get | m.Put
-------------------------------------
m.mu.Lock() |
Seatching available vcpu|
| m.available.Signal()
m.available.Wait |
PiperOrigin-RevId: 259394051
|