Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 263040624
|
|
This stub had the wrong function signature.
PiperOrigin-RevId: 262992682
|
|
Now if a process sends an unsupported netlink requests,
an error is returned from the send system call.
The linux kernel works differently in this case. It returns errors in the
nlmsgerr netlink message.
Reported-by: syzbot+571d99510c6f935202da@syzkaller.appspotmail.com
PiperOrigin-RevId: 262690453
|
|
Using the path_test.go file built by the Golang
devs as a base, tests have been created to verify
the functionality of common.Search().
A mock file system is created and fake test files
are generated to see if they get picked up by
common.Search().
Also included in this CL is a bug fix for
proctor-nodejs that was discovered using this test.
proctor-nodejs used to allow multiple "-" in its
test name filter. The regex has been updated to
prevent this.
PiperOrigin-RevId: 262647263
|
|
This change just introduces different congestion control states and
ensures the sender.state is updated to reflect the current state
of the connection.
It is not used for any decisions yet but this is required before
algorithms like Eiffel/PRR can be implemented.
Fixes #394
PiperOrigin-RevId: 262638292
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I1dbd23bb240cca71d0cc30fc75ca5be28cb4c37c
PiperOrigin-RevId: 262619519
|
|
fsimpl is the keeper of all filesystem implementations in VFS2.
PiperOrigin-RevId: 262617869
|
|
Added benchmark tests which emulate memfs benchmarks.
Stat benchmarks
BenchmarkVFS2Ext4fsStat/1-12 10000000 145 ns/op
BenchmarkVFS2Ext4fsStat/2-12 10000000 170 ns/op
BenchmarkVFS2Ext4fsStat/3-12 10000000 202 ns/op
BenchmarkVFS2Ext4fsStat/8-12 3000000 374 ns/op
BenchmarkVFS2Ext4fsStat/64-12 500000 2159 ns/op
BenchmarkVFS2Ext4fsStat/100-12 300000 3459 ns/op
BenchmarkVFS1TmpfsStat/1-12 5000000 348 ns/op
BenchmarkVFS1TmpfsStat/2-12 3000000 487 ns/op
BenchmarkVFS1TmpfsStat/3-12 2000000 655 ns/op
BenchmarkVFS1TmpfsStat/8-12 1000000 1365 ns/op
BenchmarkVFS1TmpfsStat/64-12 200000 9565 ns/op
BenchmarkVFS1TmpfsStat/100-12 100000 15158 ns/op
BenchmarkVFS2MemfsStat/1-12 10000000 133 ns/op
BenchmarkVFS2MemfsStat/2-12 10000000 155 ns/op
BenchmarkVFS2MemfsStat/3-12 10000000 182 ns/op
BenchmarkVFS2MemfsStat/8-12 5000000 310 ns/op
BenchmarkVFS2MemfsStat/64-12 1000000 1659 ns/op
BenchmarkVFS2MemfsStat/100-12 500000 2787 ns/op
Mount Stat benchmarks
BenchmarkVFS2ExtfsMountStat/1-12 5000000 245 ns/op
BenchmarkVFS2ExtfsMountStat/2-12 5000000 266 ns/op
BenchmarkVFS2ExtfsMountStat/3-12 5000000 304 ns/op
BenchmarkVFS2ExtfsMountStat/8-12 3000000 456 ns/op
BenchmarkVFS2ExtfsMountStat/64-12 500000 2308 ns/op
BenchmarkVFS2ExtfsMountStat/100-12 300000 3482 ns/op
BenchmarkVFS1TmpfsMountStat/1-12 3000000 488 ns/op
BenchmarkVFS1TmpfsMountStat/2-12 2000000 658 ns/op
BenchmarkVFS1TmpfsMountStat/3-12 2000000 806 ns/op
BenchmarkVFS1TmpfsMountStat/8-12 1000000 1514 ns/op
BenchmarkVFS1TmpfsMountStat/64-12 100000 10037 ns/op
BenchmarkVFS1TmpfsMountStat/100-12 100000 15280 ns/op
BenchmarkVFS2MemfsMountStat/1-12 10000000 212 ns/op
BenchmarkVFS2MemfsMountStat/2-12 5000000 232 ns/op
BenchmarkVFS2MemfsMountStat/3-12 5000000 264 ns/op
BenchmarkVFS2MemfsMountStat/8-12 3000000 390 ns/op
BenchmarkVFS2MemfsMountStat/64-12 1000000 1813 ns/op
BenchmarkVFS2MemfsMountStat/100-12 500000 2812 ns/op
PiperOrigin-RevId: 262477158
|
|
Previously we were representing socket addresses as an interface{},
which allowed any type which could be binary.Marshal()ed to be used as
a socket address. This is fine when the address is passed to userspace
via the linux ABI, but is problematic when used from within the sentry
such as by networking procfs files.
PiperOrigin-RevId: 262460640
|
|
Endpoint protocol goroutines were previously started as part of
loading the endpoint. This is potentially too soon, as resources used
by these goroutine may not have been loaded. Protocol goroutines may
perform meaningful work as soon as they're started (ex: incoming
connect) which can cause them to indirectly access resources that
haven't been loaded yet.
This CL defers resuming all protocol goroutines until the end of
restore.
PiperOrigin-RevId: 262409429
|
|
PiperOrigin-RevId: 262402929
|
|
- Unexport Filesystem/Dentry/Inode.
- Support SEEK_CUR in directoryFD.Seek().
- Hold Filesystem.mu before touching directoryFD.off in
directoryFD.Seek().
- Remove deleted Dentries from their parent directory.childLists.
- Remove invalid FIXMEs.
PiperOrigin-RevId: 262400633
|
|
PiperOrigin-RevId: 262264674
|
|
PiperOrigin-RevId: 262249166
|
|
PiperOrigin-RevId: 262242410
|
|
PiperOrigin-RevId: 262226761
|
|
- This also gets rid of pipes for now because pipe does not have vfs2 specific
support yet.
- Added file path resolution logic.
- Fixes testing infrastructure.
- Does not include unit tests yet.
PiperOrigin-RevId: 262213950
|
|
Updates #512
PiperOrigin-RevId: 262195448
|
|
PiperOrigin-RevId: 262163794
|
|
PiperOrigin-RevId: 262071646
|
|
This can happen because endpoint.Close() closes the accept channel first and
then drains/resets any accepted but not delivered connections. But there can be
connections that are connected but not delivered to the channel as the channel
was full. But closing the channel can cause these writes to fail with a write to
a closed channel.
The correct solution is to abort any connections in SYN-RCVD state and
drain/abort all completed connections before closing the accept channel.
PiperOrigin-RevId: 261951132
|
|
If there is an offset, the file must support pread/pwrite. See
fs/splice.c:do_splice.
PiperOrigin-RevId: 261944932
|
|
After the refactoring of the proctor binaries, the Dockerfiles for each
language must be altered to copy the common folder into their image.
Additionally, Java has been changed to use the pre-built version of
JDK-11 from Ubuntu, instead of building it from the source. This allows
for a smaller image and faster test execution within the container.
PiperOrigin-RevId: 261805158
|
|
This change adds functionality for running more languages using
the runtimes test suite. It divides the languages into separate
test functions, which each call the helper testLang function in the
runtimes_test.go file. This allows them to be run individually
or as a group.
PiperOrigin-RevId: 261791935
|
|
syscall.EPOLLET has been defined with different values on amd64 and
arm64(-0x80000000 on amd64, and 0x80000000 on arm64), while unix.EPOLLET
has been unified this value to 0x80000000(golang/go#5328). ref #63
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: Id97d075c4e79d86a2ea3227ffbef02d8b00ffbb8
|
|
This was done in commit 04cbb13ce9b151cf906f42e3f18ce3a875f01f63
PiperOrigin-RevId: 261414748
|
|
PiperOrigin-RevId: 261413396
|
|
(Don't worry, this is mostly tests.)
Implemented the following ioctls:
- TIOCSCTTY - set controlling TTY
- TIOCNOTTY - remove controlling tty, maybe signal some other processes
- TIOCGPGRP - get foreground process group. Also enables tcgetpgrp().
- TIOCSPGRP - set foreground process group. Also enabled tcsetpgrp().
Next steps are to actually turn terminal-generated control characters (e.g. C^c)
into signals to the proper process groups, and to send SIGTTOU and SIGTTIN when
appropriate.
PiperOrigin-RevId: 261387276
|
|
Each gofer now has a goroutine that polls on the FDs used
to communicate with the sandbox. The respective gofer is
destroyed if any of the FDs is closed.
Closes #601
PiperOrigin-RevId: 261383725
|
|
PiperOrigin-RevId: 261373749
|
|
We can get the mount namespace from the CreateProcessArgs in all cases where we
need it. This also gets rid of kernel.Destroy method, since the only thing it
was doing was DecRefing the mounts.
Removing the need to call kernel.SetRootMountNamespace also allowed for some
more simplifications in the container fs setup code.
PiperOrigin-RevId: 261357060
|
|
This change removes the filepath.Walk() function from
proctor- go, php, and nodejs. The filepath.Walk() is
now defined in common.go in Search(). Each proctor binary
passes root directory and testFilter arguments to Search().
proctor-python.go no longer uses filepath.Walk() to search
for tests. There is a built-in list test function within
python's language test suite so that is being used instead.
PiperOrigin-RevId: 261242897
|
|
Set /proc/self/oom_score_adj based on oomScoreAdj specified in the OCI bundle.
When new containers are added to the sandbox oom_score_adj for the sandbox and
all other gofers are adjusted so that oom_score_adj is equal to the lowest
oom_score_adj of all containers in the sandbox.
Fixes #512
PiperOrigin-RevId: 261242725
|
|
PiperOrigin-RevId: 261203674
|
|
This is the source of many warnings like:
AtomicRefCount 0x7f5ff84e3500 owned by "fs.Inode" garbage collected with ref count of 1 (want 0)
PiperOrigin-RevId: 261197093
|
|
Export some readily-available fields for TCP_INFO and stub out the rest.
PiperOrigin-RevId: 261191548
|
|
Implements support for RTM_GETROUTE requests for netlink sockets.
Fixes #507
PiperOrigin-RevId: 261051045
|
|
proctor-go had a bug where it would incorrectly identify
a tool test as a disk test. Instead of searching for the
test on disk as the identification method, we now check if
the test name ends in ".go". If the test ends in ".go" it
is run as a disk test, otherwise the test is run as a tool test.
Python tests need to be run from within the directory they exist.
Functionality to split the test name from it's parent directory
has been added and a cmd.Dir argument has been set.
PiperOrigin-RevId: 261021693
|
|
Note that some of these changes affect the protocol in
backward-incompatible ways.
- Replace use of "initially-active" and "initially-inactive" with
"client" and "server" respectively for clarity.
- Fix a race condition involving Endpoint.Shutdown() by repeatedly
invoking FUTEX_WAKE until it is confirmed that no local thread is
blocked in FUTEX_WAIT.
- Drop flipcall.ControlMode.
PiperOrigin-RevId: 260981382
|
|
This is initialized lazily on the first unimplemented
syscall. Without the sync.Once, this is racy.
PiperOrigin-RevId: 260971758
|
|
Shared code among proctor-*.go files has been refactored
into common/common.go. The common package is imported in
each proctor binary and a struct is created to implement
the testRunner interface defined in common.go. This allows
for the proctor binaries to be updated without having to
copy/paste the same code across all files. There are no
usage or functionality changes.
PiperOrigin-RevId: 260967080
|
|
The checksum was not being reset before being re-calculated and sent out.
This caused the sent checksum to always be `0x0800`.
Fixes #605.
PiperOrigin-RevId: 260965059
|
|
This doesn't currently pass on gVisor.
While I'm here, fix a bug where connecting to the v6-mapped v4 address doesn't
work in gVisor.
PiperOrigin-RevId: 260923961
|
|
PiperOrigin-RevId: 260851452
|
|
It gets rid of holding state of the io.Reader offset (which is anyways held by
the vfs.FileDescriptor struct. It is also odd using a io.Reader becuase we
using io.ReaderAt to interact with the device. So making a io.ReaderAt wrapper
makes more sense.
Most importantly, it gets rid of the complexity of extracting the file reader
from a regular file implementation and then using it. Now we can just use the
regular file implementation as a reader which is more intuitive.
PiperOrigin-RevId: 260846927
|
|
Also adds stress tests for block map reader and intensifies extent reader tests.
PiperOrigin-RevId: 260838177
|
|
PiperOrigin-RevId: 260824989
|
|
PiperOrigin-RevId: 260803517
|
|
PiperOrigin-RevId: 260783254
|
|
Adds feature to launch from an open host FD instead of a binary_path.
The FD should point to a valid executable and most likely be statically
compiled. If the executable is not statically compiled, the loader will
search along the interpreter paths, which must be able to be resolved in
the Sandbox's file system or start will fail.
PiperOrigin-RevId: 260756825
|