summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-09-30Merge release-20190806.1-211-g61f6fbd (automated)gVisor bot
2019-09-30Fix bugs in PickEphemeralPort for TCP.Bhasker Hariharan
Netstack always picks a random start point everytime PickEphemeralPort is called. While this is required for UDP so that DNS requests go out through a randomized set of ports it is not required for TCP. Infact Linux explicitly hashes the (srcip, dstip, dstport) and a one time secret initialized at start of the application to get a random offset. But to ensure it doesn't start from the same point on every scan it uses a static hint that is incremented by 2 in every call to pick ephemeral ports. The reason for 2 is Linux seems to split the port ranges where active connects seem to use even ones while odd ones are used by listening sockets. This CL implements a similar strategy where we use a hash + hint to generate the offset to start the search for a free Ephemeral port. This ensures that we cycle through the available port space in order for repeated connects to the same destination and significantly reduces the chance of picking a recently released port. PiperOrigin-RevId: 272058370
2019-09-30Merge release-20190806.1-210-g3ad17ff (automated)gVisor bot
2019-09-30Force timestamps to update when set via InodeOperations.SetTimestamps.Nicolas Lacasse
The gofer's CachingInodeOperations implementation contains an optimization for the common open-read-close pattern when we have a host FD. In this case, the host kernel will update the timestamp for us to a reasonably close time, so we don't need an extra RPC to the gofer. However, when the app explicitly sets the timestamps (via futimes or similar) then we actually DO need to update the timestamps, because the host kernel won't do it for us. To fix this, a new boolean `forceSetTimestamps` was added to CachineInodeOperations.SetMaskedAttributes. It is only set by gofer.InodeOperations.SetTimestamps. PiperOrigin-RevId: 272048146
2019-09-30Only copy out remaining time on nanosleep successMichael Pratt
It looks like the old code attempted to do this, but didn't realize that err != nil even in the happy case. PiperOrigin-RevId: 272005887
2019-09-30Merge release-20190806.1-208-g0c4d080 (automated)gVisor bot
2019-09-29Ensure runsc is uploaded.Adin Scannell
One would reasonably assume that a field named "regex" would expect a regular expression. However, in this case, one would be wrong. The "regex" field actually requires "FileSet" [1] syntax. ?\_(?)_/? [1] http://ant.apache.org/manual/Types/fileset.html PiperOrigin-RevId: 271917356
2019-09-28Merge release-20190806.1-207-geebc38b (automated)gVisor bot
2019-09-27Merge pull request #882 from DarcySail:darcy_faster_CopyStringIngVisor bot
PiperOrigin-RevId: 271675009
2019-09-27Merge release-20190806.1-205-gc8bb208 (automated)gVisor bot
2019-09-27Automated rollback of changelist 256276198Adin Scannell
PiperOrigin-RevId: 271665517
2019-09-27Merge release-20190806.1-204-g6a54aa1 (automated)gVisor bot
2019-09-27Bump rules_go to 0.19.5 and Go to 1.13.1.Nicolas Lacasse
PiperOrigin-RevId: 271664207
2019-09-27Merge release-20190806.1-203-g8539abc (automated)gVisor bot
2019-09-27Merge pull request #864 from tanjianfeng:fix-861gVisor bot
PiperOrigin-RevId: 271649711
2019-09-27Merge release-20190806.1-201-gabbee56 (automated)gVisor bot
2019-09-27Implement SO_BINDTODEVICE sockoptgVisor bot
PiperOrigin-RevId: 271644926
2019-09-27Merge release-20190806.1-200-g7582385 (automated)gVisor bot
2019-09-27kokoro: don't pass KOKORO_REPO_KEY in presubmit jobsAndrei Vagin
We don't want to upload packages from the presubmit jobs. This will fix the error: [11:01:34][ERROR] Cannot inject environment variables into the build without allowed_env_vars regexes. PiperOrigin-RevId: 271622996
2019-09-27Merge release-20190806.1-199-gfa15fda (automated)gVisor bot
2019-09-27bazel: use rules_pkg from https://github.com/bazelbuild/Andrei Vagin
BUILD:85:1: in _pkg_deb rule //runsc:runsc-debian: target '//runsc:runsc-debian' depends on deprecated target '@bazel_tools//tools/build_defs/pkg:make_deb': The internal version of make_deb is deprecated. Please use the replacement for pkg_deb from https://github.com/bazelbuild/rules_pkg/blob/master/pkg. PiperOrigin-RevId: 271590386
2019-09-27Merge release-20190806.1-198-g8337e4f (automated)gVisor bot
2019-09-26Disallow opening of sockets if --fsgofer-host-uds=falseFabricio Voznika
Updates #235 PiperOrigin-RevId: 271475319
2019-09-26Merge release-20190806.1-197-g5434926 (automated)gVisor bot
2019-09-26Make raw socket tests pass in environments with or without CAP_NET_RAW.Kevin Krakauer
PiperOrigin-RevId: 271442321
2019-09-26Merge release-20190806.1-196-g3221e83 (automated)gVisor bot
2019-09-26kokoro: don't force to use python2Andrei Vagin
https://github.com/bazelbuild/bazel/issues/7899 was fixed and we don't need this hack anymore. PiperOrigin-RevId: 271434565
2019-09-25Merge release-20190806.1-195-gdd0e5ee (automated)gVisor bot
2019-09-25Merge pull request #765 from trailofbits:uds_supportgVisor bot
PiperOrigin-RevId: 271235134
2019-09-25Merge release-20190806.1-184-g129c67d (automated)gVisor bot
2019-09-25Fix runsc log collection in kokoroFabricio Voznika
PiperOrigin-RevId: 271207152
2019-09-25Merge release-20190806.1-183-g59ccbb1 (automated)gVisor bot
2019-09-25Remove centralized registration of protocols.Kevin Krakauer
Also removes the need for protocol names. PiperOrigin-RevId: 271186030
2019-09-25Merge release-20190806.1-182-g99c86b8 (automated)gVisor bot
2019-09-25Merge pull request #863 from tanjianfeng:fix-862gVisor bot
PiperOrigin-RevId: 271168948
2019-09-25Merge release-20190806.1-180-g76ff194 (automated)gVisor bot
2019-09-24gvisor: change syscall.RawSyscall to syscall.RawSyscall6 where requiredgVisor bot
Before https://golang.org/cl/173160 syscall.RawSyscall would zero out the last three register arguments to the system call. That no longer happens. For system calls that take more than three arguments, use RawSyscall6 to ensure that we pass zero, not random data, for the additional arguments. PiperOrigin-RevId: 271062527
2019-09-25Merge release-20190806.1-179-g2fb34c8 (automated)gVisor bot
2019-09-24test: don't use designated initializersAndrei Vagin
This change fixes compile errors: pty.cc:1460:7: error: expected primary-expression before '.' token ... PiperOrigin-RevId: 271033729
2019-09-24Remove unecessary seccomp permission.Robert Tonic
This removes the F_DUPFD_CLOEXEC support for the gofer, previously required when depending on the STL net package.
2019-09-24Refactor command line options and remove the allowed terminology for udsRobert Tonic
2019-09-24Merge release-20190806.1-178-g502f8f2 (automated)gVisor bot
2019-09-24Stub out readahead implementation.Adin Scannell
Closes #261 PiperOrigin-RevId: 270973347
2019-09-24Merge release-20190806.1-177-g6704d62 (automated)gVisor bot
2019-09-24Return only primary addresses in Stack.NICInfo()Chris Kuiper
Non-primary addresses are used for endpoints created to accept multicast and broadcast packets, as well as "helper" endpoints (0.0.0.0) that allow sending packets when no proper address has been assigned yet (e.g., for DHCP). These addresses are not real addresses from a user point of view and should not be part of the NICInfo() value. Also see b/127321246 for more info. This switches NICInfo() to call a new NIC.PrimaryAddresses() function. To still allow an option to get all addresses (mostly for testing) I added Stack.GetAllAddresses() and NIC.AllAddresses(). In addition, the return value for GetMainNICAddress() was changed for the case where the NIC has no primary address. Instead of returning an error here, it now returns an empty AddressWithPrefix() value. The rational for this change is that it is a valid case for a NIC to have no primary addresses. Lastly, I refactored the code based on the new additions. PiperOrigin-RevId: 270971764
2019-09-24Merge release-20190806.1-176-g91abeb1 (automated)gVisor bot
2019-09-24Merge pull request #812 from lubinszARM:pr_dup3_armgVisor bot
PiperOrigin-RevId: 270957224
2019-09-24Merge release-20190806.1-174-gbbaaa1f (automated)gVisor bot
2019-09-24Simplify ICMPRateLimiterTamir Duberstein
https://github.com/golang/time/commit/c4c64ca added SetBurst upstream. PiperOrigin-RevId: 270925077
2019-09-24tty: fix sending SIGTTOU on tty writehenry.tjf
How to reproduce: $ echo "timeout 10 ls" > foo.sh $ chmod +x foo.sh $ ./foo.sh (will hang here for 10 secs, and the output of ls does not show) When "ls" process writes to stdout, it receives SIGTTOU signal, and hangs there. Until "timeout" process timeouts, and kills "ls" process. The expected result is: "ls" writes its output into tty, and terminates immdedately, then "timeout" process receives SIGCHLD and terminates. The reason for this failure is that we missed the check for TOSTOP (if set, background processes will receive the SIGTTOU signal when they do write). We use drivers/tty/n_tty.c:n_tty_write() as a reference. Fixes: #862 Reported-by: chris.zn <chris.zn@antfin.com> Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Signed-off-by: chenglang.hy <chenglang.hy@antfin.com>