summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-08-12Compute size of struct tcp_info instead of hardcoding it.Rahat Mahmood
PiperOrigin-RevId: 263040624
2019-08-12Fix netstack build error on non-AMD64.Ian Gudger
This stub had the wrong function signature. PiperOrigin-RevId: 262992682
2019-08-09netlink: return an error in nlmsgerrAndrei Vagin
Now if a process sends an unsupported netlink requests, an error is returned from the send system call. The linux kernel works differently in this case. It returns errors in the nlmsgerr netlink message. Reported-by: syzbot+571d99510c6f935202da@syzkaller.appspotmail.com PiperOrigin-RevId: 262690453
2019-08-09Create tests for common.Search().Brett Landau
Using the path_test.go file built by the Golang devs as a base, tests have been created to verify the functionality of common.Search(). A mock file system is created and fake test files are generated to see if they get picked up by common.Search(). Also included in this CL is a bug fix for proctor-nodejs that was discovered using this test. proctor-nodejs used to allow multiple "-" in its test name filter. The regex has been updated to prevent this. PiperOrigin-RevId: 262647263
2019-08-09Add congestion control states to sender.Bhasker Hariharan
This change just introduces different congestion control states and ensures the sender.state is updated to reflect the current state of the connection. It is not used for any decisions yet but this is required before algorithms like Eiffel/PRR can be implemented. Fixes #394 PiperOrigin-RevId: 262638292
2019-08-09Add initial ptrace stub and syscall support for arm64.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I1dbd23bb240cca71d0cc30fc75ca5be28cb4c37c PiperOrigin-RevId: 262619519
2019-08-09ext: Move to pkg/sentry/fsimpl.Ayush Ranjan
fsimpl is the keeper of all filesystem implementations in VFS2. PiperOrigin-RevId: 262617869
2019-08-08ext: Benchmark tests.Ayush Ranjan
Added benchmark tests which emulate memfs benchmarks. Stat benchmarks BenchmarkVFS2Ext4fsStat/1-12 10000000 145 ns/op BenchmarkVFS2Ext4fsStat/2-12 10000000 170 ns/op BenchmarkVFS2Ext4fsStat/3-12 10000000 202 ns/op BenchmarkVFS2Ext4fsStat/8-12 3000000 374 ns/op BenchmarkVFS2Ext4fsStat/64-12 500000 2159 ns/op BenchmarkVFS2Ext4fsStat/100-12 300000 3459 ns/op BenchmarkVFS1TmpfsStat/1-12 5000000 348 ns/op BenchmarkVFS1TmpfsStat/2-12 3000000 487 ns/op BenchmarkVFS1TmpfsStat/3-12 2000000 655 ns/op BenchmarkVFS1TmpfsStat/8-12 1000000 1365 ns/op BenchmarkVFS1TmpfsStat/64-12 200000 9565 ns/op BenchmarkVFS1TmpfsStat/100-12 100000 15158 ns/op BenchmarkVFS2MemfsStat/1-12 10000000 133 ns/op BenchmarkVFS2MemfsStat/2-12 10000000 155 ns/op BenchmarkVFS2MemfsStat/3-12 10000000 182 ns/op BenchmarkVFS2MemfsStat/8-12 5000000 310 ns/op BenchmarkVFS2MemfsStat/64-12 1000000 1659 ns/op BenchmarkVFS2MemfsStat/100-12 500000 2787 ns/op Mount Stat benchmarks BenchmarkVFS2ExtfsMountStat/1-12 5000000 245 ns/op BenchmarkVFS2ExtfsMountStat/2-12 5000000 266 ns/op BenchmarkVFS2ExtfsMountStat/3-12 5000000 304 ns/op BenchmarkVFS2ExtfsMountStat/8-12 3000000 456 ns/op BenchmarkVFS2ExtfsMountStat/64-12 500000 2308 ns/op BenchmarkVFS2ExtfsMountStat/100-12 300000 3482 ns/op BenchmarkVFS1TmpfsMountStat/1-12 3000000 488 ns/op BenchmarkVFS1TmpfsMountStat/2-12 2000000 658 ns/op BenchmarkVFS1TmpfsMountStat/3-12 2000000 806 ns/op BenchmarkVFS1TmpfsMountStat/8-12 1000000 1514 ns/op BenchmarkVFS1TmpfsMountStat/64-12 100000 10037 ns/op BenchmarkVFS1TmpfsMountStat/100-12 100000 15280 ns/op BenchmarkVFS2MemfsMountStat/1-12 10000000 212 ns/op BenchmarkVFS2MemfsMountStat/2-12 5000000 232 ns/op BenchmarkVFS2MemfsMountStat/3-12 5000000 264 ns/op BenchmarkVFS2MemfsMountStat/8-12 3000000 390 ns/op BenchmarkVFS2MemfsMountStat/64-12 1000000 1813 ns/op BenchmarkVFS2MemfsMountStat/100-12 500000 2812 ns/op PiperOrigin-RevId: 262477158
2019-08-08Return a well-defined socket address type from socket funtions.Rahat Mahmood
Previously we were representing socket addresses as an interface{}, which allowed any type which could be binary.Marshal()ed to be used as a socket address. This is fine when the address is passed to userspace via the linux ABI, but is problematic when used from within the sentry such as by networking procfs files. PiperOrigin-RevId: 262460640
2019-08-08netstack: Don't start endpoint goroutines too soon on restore.Rahat Mahmood
Endpoint protocol goroutines were previously started as part of loading the endpoint. This is potentially too soon, as resources used by these goroutine may not have been loaded. Protocol goroutines may perform meaningful work as soon as they're started (ex: incoming connect) which can cause them to indirectly access resources that haven't been loaded yet. This CL defers resuming all protocol goroutines until the end of restore. PiperOrigin-RevId: 262409429
2019-08-08Merge pull request #653 from xiaobo55x:devgVisor bot
PiperOrigin-RevId: 262402929
2019-08-08memfs fixes.Jamie Liu
- Unexport Filesystem/Dentry/Inode. - Support SEEK_CUR in directoryFD.Seek(). - Hold Filesystem.mu before touching directoryFD.off in directoryFD.Seek(). - Remove deleted Dentries from their parent directory.childLists. - Remove invalid FIXMEs. PiperOrigin-RevId: 262400633
2019-08-07ext: Seek unit tests.Ayush Ranjan
PiperOrigin-RevId: 262264674
2019-08-07ext: StatAt unit tests.Ayush Ranjan
PiperOrigin-RevId: 262249166
2019-08-07ext: Read unit tests.Ayush Ranjan
PiperOrigin-RevId: 262242410
2019-08-07ext: IterDirent unit tests.Ayush Ranjan
PiperOrigin-RevId: 262226761
2019-08-07ext: vfs.FileDescriptionImpl and vfs.FilesystemImpl implementations.Ayush Ranjan
- This also gets rid of pipes for now because pipe does not have vfs2 specific support yet. - Added file path resolution logic. - Fixes testing infrastructure. - Does not include unit tests yet. PiperOrigin-RevId: 262213950
2019-08-07Set gofer's OOM score adjustmentFabricio Voznika
Updates #512 PiperOrigin-RevId: 262195448
2019-08-07Set target address in ARP ReplyTamir Duberstein
PiperOrigin-RevId: 262163794
2019-08-06Make loading container in a sandbox more robustFabricio Voznika
PiperOrigin-RevId: 262071646
2019-08-06Fix for a panic due to writing to a closed accept channel.Bhasker Hariharan
This can happen because endpoint.Close() closes the accept channel first and then drains/resets any accepted but not delivered connections. But there can be connections that are connected but not delivered to the channel as the channel was full. But closing the channel can cause these writes to fail with a write to a closed channel. The correct solution is to abort any connections in SYN-RCVD state and drain/abort all completed connections before closing the accept channel. PiperOrigin-RevId: 261951132
2019-08-06Require pread/pwrite for splice file offsetsMichael Pratt
If there is an offset, the file must support pread/pwrite. See fs/splice.c:do_splice. PiperOrigin-RevId: 261944932
2019-08-05Alter Dockerfiles to include common.go and use a prebuilt JDK.Samantha Sample
After the refactoring of the proctor binaries, the Dockerfiles for each language must be altered to copy the common folder into their image. Additionally, Java has been changed to use the pre-built version of JDK-11 from Ubuntu, instead of building it from the source. This allows for a smaller image and faster test execution within the container. PiperOrigin-RevId: 261805158
2019-08-05Expand runtimes test suite to include Go, Java, PHP, and Python.Samantha Sample
This change adds functionality for running more languages using the runtimes test suite. It divides the languages into separate test functions, which each call the helper testLang function in the runtimes_test.go file. This allows them to be run individually or as a group. PiperOrigin-RevId: 261791935
2019-08-05Change syscall.EPOLLET to unix.EPOLLETHaibo Xu
syscall.EPOLLET has been defined with different values on amd64 and arm64(-0x80000000 on amd64, and 0x80000000 on arm64), while unix.EPOLLET has been unified this value to 0x80000000(golang/go#5328). ref #63 Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: Id97d075c4e79d86a2ea3227ffbef02d8b00ffbb8
2019-08-02Remove stale TODOFabricio Voznika
This was done in commit 04cbb13ce9b151cf906f42e3f18ce3a875f01f63 PiperOrigin-RevId: 261414748
2019-08-02Plumbing for iptables sockopts.Kevin Krakauer
PiperOrigin-RevId: 261413396
2019-08-02Job control: controlling TTYs and foreground process groups.Kevin Krakauer
(Don't worry, this is mostly tests.) Implemented the following ioctls: - TIOCSCTTY - set controlling TTY - TIOCNOTTY - remove controlling tty, maybe signal some other processes - TIOCGPGRP - get foreground process group. Also enables tcgetpgrp(). - TIOCSPGRP - set foreground process group. Also enabled tcsetpgrp(). Next steps are to actually turn terminal-generated control characters (e.g. C^c) into signals to the proper process groups, and to send SIGTTOU and SIGTTIN when appropriate. PiperOrigin-RevId: 261387276
2019-08-02Stops container if gofer is killedFabricio Voznika
Each gofer now has a goroutine that polls on the FDs used to communicate with the sandbox. The respective gofer is destroyed if any of the FDs is closed. Closes #601 PiperOrigin-RevId: 261383725
2019-08-02Automated rollback of changelist 261191548Rahat Mahmood
PiperOrigin-RevId: 261373749
2019-08-02Remove kernel.mounts.Nicolas Lacasse
We can get the mount namespace from the CreateProcessArgs in all cases where we need it. This also gets rid of kernel.Destroy method, since the only thing it was doing was DecRefing the mounts. Removing the need to call kernel.SetRootMountNamespace also allowed for some more simplifications in the container fs setup code. PiperOrigin-RevId: 261357060
2019-08-01Refactor ListTests() to common.Search().Brett Landau
This change removes the filepath.Walk() function from proctor- go, php, and nodejs. The filepath.Walk() is now defined in common.go in Search(). Each proctor binary passes root directory and testFilter arguments to Search(). proctor-python.go no longer uses filepath.Walk() to search for tests. There is a built-in list test function within python's language test suite so that is being used instead. PiperOrigin-RevId: 261242897
2019-08-01Set sandbox oom_score_adjIan Lewis
Set /proc/self/oom_score_adj based on oomScoreAdj specified in the OCI bundle. When new containers are added to the sandbox oom_score_adj for the sandbox and all other gofers are adjusted so that oom_score_adj is equal to the lowest oom_score_adj of all containers in the sandbox. Fixes #512 PiperOrigin-RevId: 261242725
2019-08-01Drop reference on fs.Inode if Mount goes wrong.Nicolas Lacasse
PiperOrigin-RevId: 261203674
2019-08-01tmpfs and ramfs Dirs should drop references on children in Release().Nicolas Lacasse
This is the source of many warnings like: AtomicRefCount 0x7f5ff84e3500 owned by "fs.Inode" garbage collected with ref count of 1 (want 0) PiperOrigin-RevId: 261197093
2019-08-01Implement getsockopt(TCP_INFO).Rahat Mahmood
Export some readily-available fields for TCP_INFO and stub out the rest. PiperOrigin-RevId: 261191548
2019-07-31Basic support for 'ip route'Ian Lewis
Implements support for RTM_GETROUTE requests for netlink sockets. Fixes #507 PiperOrigin-RevId: 261051045
2019-07-31Fix test execution bugs in proctor-go and proctor-python.Brett Landau
proctor-go had a bug where it would incorrectly identify a tool test as a disk test. Instead of searching for the test on disk as the identification method, we now check if the test name ends in ".go". If the test ends in ".go" it is run as a disk test, otherwise the test is run as a tool test. Python tests need to be run from within the directory they exist. Functionality to split the test name from it's parent directory has been added and a cmd.Dir argument has been set. PiperOrigin-RevId: 261021693
2019-07-31Flipcall refinements.Jamie Liu
Note that some of these changes affect the protocol in backward-incompatible ways. - Replace use of "initially-active" and "initially-inactive" with "client" and "server" respectively for clarity. - Fix a race condition involving Endpoint.Shutdown() by repeatedly invoking FUTEX_WAKE until it is confirmed that no local thread is blocked in FUTEX_WAIT. - Drop flipcall.ControlMode. PiperOrigin-RevId: 260981382
2019-07-31Initialize kernel.unimplementedSyscallEmitter with a sync.Once.Nicolas Lacasse
This is initialized lazily on the first unimplemented syscall. Without the sync.Once, this is racy. PiperOrigin-RevId: 260971758
2019-07-31Refactor proctor binaries to implement testRunner interface.Brett Landau
Shared code among proctor-*.go files has been refactored into common/common.go. The common package is imported in each proctor binary and a struct is created to implement the testRunner interface defined in common.go. This allows for the proctor binaries to be updated without having to copy/paste the same code across all files. There are no usage or functionality changes. PiperOrigin-RevId: 260967080
2019-07-31Fix ICMPv4 EchoReply packet checksumAustin Kiekintveld
The checksum was not being reset before being re-calculated and sent out. This caused the sent checksum to always be `0x0800`. Fixes #605. PiperOrigin-RevId: 260965059
2019-07-31Test connecting UDP sockets to the ANY addressTamir Duberstein
This doesn't currently pass on gVisor. While I'm here, fix a bug where connecting to the v6-mapped v4 address doesn't work in gVisor. PiperOrigin-RevId: 260923961
2019-07-30Cache pages in CachingInodeOperations.Read when memory evictions are delayed.Jamie Liu
PiperOrigin-RevId: 260851452
2019-07-30ext: Migrate from using fileReader custom interface to using io.Reader.Ayush Ranjan
It gets rid of holding state of the io.Reader offset (which is anyways held by the vfs.FileDescriptor struct. It is also odd using a io.Reader becuase we using io.ReaderAt to interact with the device. So making a io.ReaderAt wrapper makes more sense. Most importantly, it gets rid of the complexity of extracting the file reader from a regular file implementation and then using it. Now we can just use the regular file implementation as a reader which is more intuitive. PiperOrigin-RevId: 260846927
2019-07-30ext: block map file reader implementation.Ayush Ranjan
Also adds stress tests for block map reader and intensifies extent reader tests. PiperOrigin-RevId: 260838177
2019-07-30Remove unused const variablesIan Lewis
PiperOrigin-RevId: 260824989
2019-07-30Pass ProtocolAddress instead of its fieldsTamir Duberstein
PiperOrigin-RevId: 260803517
2019-07-30Merge pull request #607 from DarcySail:mastergVisor bot
PiperOrigin-RevId: 260783254
2019-07-30Add feature to launch Sentry from an open host FD.Zach Koopmans
Adds feature to launch from an open host FD instead of a binary_path. The FD should point to a valid executable and most likely be statically compiled. If the executable is not statically compiled, the loader will search along the interpreter paths, which must be able to be resolved in the Sandbox's file system or start will fail. PiperOrigin-RevId: 260756825