summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-09-29Merge release-20200921.0-72-g6ae83404a (automated)gVisor bot
2020-09-29Don't allow broadcast/multicast source addressGhanan Gowripalan
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and multicast addresses are not allowed. Currently checks for these are done at the transport layer, but since it is explicitly forbidden at the IP layers, check for them there. This change also removes the UDP.InvalidSourceAddress stat since there is no longer a need for it. Test: ip_test.TestSourceAddressValidation PiperOrigin-RevId: 334490971
2020-09-29Merge release-20200921.0-71-g4a428b13b (automated)gVisor bot
2020-09-29Add /proc/[pid]/cwdFabricio Voznika
PiperOrigin-RevId: 334478850
2020-09-29Merge release-20200921.0-70-g7fbb45e8e (automated)gVisor bot
2020-09-29iptables: refactor to make targets extendableKevin Krakauer
Like matchers, targets should use a module-like register/lookup system. This replaces the brittle switch statements we had before. The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it much easier to add IPv6 redirect in the next change. Updates #3549. PiperOrigin-RevId: 334469418
2020-09-29Merge release-20200921.0-69-g1d88bce55 (automated)gVisor bot
2020-09-29Don't generate link-local IPv6 for loopbackGhanan Gowripalan
Linux doesn't generate a link-local address for the loopback interface. Test: integration_test.TestInitialLoopbackAddresses PiperOrigin-RevId: 334453182
2020-09-29Merge release-20200921.0-68-g994c90e2d (automated)gVisor bot
2020-09-29Add nogo check annotations to GitHub.Adin Scannell
When nogo checks are violated, they will automatically posted as annotations on the specific GitHub commit. This allows us to ensure analysis & style rules and have them called out. PiperOrigin-RevId: 334447285
2020-09-29Merge release-20200921.0-67-g44c7d5507 (automated)gVisor bot
2020-09-29Support embedded fields in go-marshal.Rahat Mahmood
PiperOrigin-RevId: 334437990
2020-09-29Merge release-20200921.0-66-g7d64bc1fd (automated)gVisor bot
2020-09-29Merge pull request #3875 from btw616:fix/issue-3874gVisor bot
PiperOrigin-RevId: 334428344
2020-09-29Merge release-20200921.0-63-gf15182243 (automated)gVisor bot
2020-09-29Discard IP fragments as soon as it expiresToshi Kikuchi
Currently expired IP fragments are discarded only if another fragment for the same IP datagram is received after timeout or the total size of the fragment queue exceeded a predefined value. Test: fragmentation.TestReassemblingTimeout Fixes #3960 PiperOrigin-RevId: 334423710
2020-09-29Merge release-20200921.0-62-gb6fb11a29 (automated)gVisor bot
2020-09-29Migrates uses of deprecated map types to recommended types.gVisor bot
PiperOrigin-RevId: 334419854
2020-09-29Merge release-20200921.0-61-g5075d0342 (automated)gVisor bot
2020-09-29Trim Network/Transport Endpoint/ProtocolGhanan Gowripalan
* Remove Capabilities and NICID methods from NetworkEndpoint. * Remove linkEP and stack parameters from NetworkProtocol.NewEndpoint. The LinkEndpoint can be fetched from the NetworkInterface. The stack is passed to the NetworkProtocol when it is created so the NetworkEndpoint can get it from its protocol. * Remove stack parameter from TransportProtocol.NewEndpoint. Like the NetworkProtocol/Endpoint, the stack is passed to the TransportProtocol when it is created. PiperOrigin-RevId: 334332721
2020-09-29Merge release-20200921.0-60-g48915bded (automated)gVisor bot
2020-09-29Move IP state from NIC to NetworkEndpoint/ProtocolGhanan Gowripalan
* Add network address to network endpoints. Hold network-specific state in the NetworkEndpoint instead of the stack. This results in the stack no longer needing to "know" about the network endpoints and special case certain work for various endpoints (e.g. IPv6 DAD). * Provide NetworkEndpoints with an NetworkInterface interface. Instead of just passing the NIC ID of a NIC, pass an interface so the network endpoint may query other information about the NIC such as whether or not it is a loopback device. * Move NDP code and state to the IPv6 package. NDP is IPv6 specific so there is no need for it to live in the stack. * Control forwarding through NetworkProtocols instead of Stack Forwarding should be controlled on a per-network protocol basis so forwarding configurations are now controlled through network protocols. * Remove stack.referencedNetworkEndpoint. Now that addresses are exposed via AddressEndpoint and only one NetworkEndpoint is created per interface, there is no need for a referenced NetworkEndpoint. * Assume network teardown methods are infallible. Fixes #3871, #3916 PiperOrigin-RevId: 334319433
2020-09-29Merge release-20200921.0-59-g028e045da (automated)gVisor bot
2020-09-28Fix 1 zero window advertisement bug and a TCP test flake.Bhasker Hariharan
In TestReceiveBufferAutoTuning we now send a keep-alive packet to measure the current window rather than a 1 byte segment as the returned window value in the latter case is reduced due to the 1 byte segment now being held in the receive buffer and can cause the test to flake if the segment overheads were to change. In getSendParams in rcv.go we were advertising a non-zero window even if available window space was zero after we received the previous segment. In such a case newWnd and curWnd will be the same and we end up advertising a tiny but non-zero window and this can cause the next segment to be dropped. PiperOrigin-RevId: 334314070
2020-09-28Merge release-20200921.0-57-g237b761f9 (automated)gVisor bot
2020-09-28Merge release-20200921.0-58-gba44298a3 (automated)gVisor bot
2020-09-28Don't leak dentries returned by sockfs.NewDentry().Jamie Liu
PiperOrigin-RevId: 334263322
2020-09-28Fix lingering of TCP socket in the initial state.Nayana Bidari
When the socket is set with SO_LINGER and close()'d in the initial state, it should not linger and return immediately. PiperOrigin-RevId: 334263149
2020-09-28Merge release-20200921.0-56-ga5acc0616 (automated)gVisor bot
2020-09-28Support creating protocol instances with Stack refGhanan Gowripalan
Network or transport protocols may want to reach the stack. Support this by letting the stack create the protocol instances so it can pass a reference to itself at protocol creation time. Note, protocols do not yet use the stack in this CL but later CLs will make use of the stack from protocols. PiperOrigin-RevId: 334260210
2020-09-28Merge release-20200921.0-55-ga0e0ba690 (automated)gVisor bot
2020-09-28Support inotify in overlayfs.Dean Deng
Fixes #1479, #317. PiperOrigin-RevId: 334258052
2020-09-27Merge release-20200921.0-54-gfa995da84 (automated)gVisor bot
2020-09-27Fix kernfs race condition.Dean Deng
Do not release dirMu between checking whether to create a child and actually inserting it. Also fixes a bug in fusefs which was causing it to deadlock under the new lock ordering. We do not need to call kernfs.Dentry.InsertChild from newEntry because it will always be called at the kernfs filesystem layer. Updates #1193. PiperOrigin-RevId: 334049264
2020-09-27Merge release-20200921.0-53-g2a60f9229 (automated)gVisor bot
2020-09-27Clean up kcov.Dean Deng
Previously, we did not check the kcov mode when performing task work. As a result, disabling kcov did not do anything. Also avoid expensive atomic RMW when consuming coverage data. We don't need the swap if the value is already zero (which is most of the time), and it is ok if there are slight inconsistencies due to a race between coverage data generation (incrementing the value) and consumption (reading a nonzero value and writing zero). PiperOrigin-RevId: 334049207
2020-09-27Merge release-20200921.0-52-ga376a0baf (automated)gVisor bot
2020-09-26Remove generic ICMP errorsGhanan Gowripalan
Generic ICMP errors were required because the transport dispatcher was given the responsibility of sending ICMP errors in response to transport packet delivery failures. Instead, the transport dispatcher should let network layer know it failed to deliver a packet (and why) and let the network layer make the decision as to what error to send (if any). Fixes #4068 PiperOrigin-RevId: 333962333
2020-09-26Merge release-20200921.0-51-gebc81fadf (automated)gVisor bot
2020-09-25Add openat() to list of permitted syscalls in gotsan runs.Bhasker Hariharan
PiperOrigin-RevId: 333853498
2020-09-25Merge release-20200921.0-50-gd79cf4808 (automated)gVisor bot
2020-09-25Disable flaky java11 tests.Jamie Liu
Regarding ThreadCpuTimeArray.java: The test starts 10 threads, each of which does some computation, then blocks. When all threads are blocked, the test sleeps for 200ms, then checks that less than 100ns of CPU time in userspace elapse over the course of the sleep; AFAICT, the 100ns of slop is because a thread indicates that it's in the WAITING state before it actually blocks, and because signals can cause threads to be temporarily woken. gVisor's CPU clocks have a granularity of 10ms (the interval of Kernel.cpuClockTicker is //pkg/abi/linux.ClockTick), so a single tick pushes the test over the threshold. PiperOrigin-RevId: 333830287
2020-09-25Merge release-20200921.0-49-gf2b469916 (automated)gVisor bot
2020-09-25Merge pull request #4077 from zhlhahaha:1973gVisor bot
PiperOrigin-RevId: 333805533
2020-09-25fix seccomp test for ARM64Howard Zhang
As open syscall is not support on ARM64, change syscall from 'open' to 'openat' in no_match_name_allow Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2020-09-25fix TestUserLog for multi-archHoward Zhang
based on arch, apply different syscall number for sched_rr_get_interval Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2020-09-24Merge release-20200914.0-162-g74870fc20 (automated)gVisor bot
2020-09-24Merge pull request #4018 from didier-durand:patch-1gVisor bot
PiperOrigin-RevId: 333611788
2020-09-24Merge release-20200914.0-159-gada4d8a33 (automated)gVisor bot
2020-09-24Remove useless endpoint constructionTamir Duberstein
PiperOrigin-RevId: 333591566