summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-02-19Fix clone(CLONE_NEWUSER).Jamie Liu
- Use new user namespace for namespace creation checks. - Ensure userns is never nil since it's used by other namespaces. PiperOrigin-RevId: 234673175 Change-Id: I4b9d9d1e63ce4e24362089793961a996f7540cd9
2019-02-19Break /proc/[pid]/{uid,gid}_map's dependence on seqfile.Jamie Liu
In addition to simplifying the implementation, this fixes two bugs: - seqfile.NewSeqFile unconditionally creates an inode with mode 0444, but {uid,gid}_map have mode 0644. - idMapSeqFile.Write implements fs.FileOperations.Write ... but it doesn't implement any other fs.FileOperations methods and is never used as fs.FileOperations. idMapSeqFile.GetFile() => seqfile.SeqFile.GetFile() uses seqfile.seqFileOperations instead, which rejects all writes. PiperOrigin-RevId: 234638212 Change-Id: I4568f741ab07929273a009d7e468c8205a8541bc
2019-02-15Implement IP_MULTICAST_IF.Ian Gudger
This allows setting a default send interface for IPv4 multicast. IPv6 support will come later. PiperOrigin-RevId: 234251379 Change-Id: I65922341cd8b8880f690fae3eeb7ddfa47c8c173
2019-02-15Internal change.Googler
PiperOrigin-RevId: 234237297 Change-Id: Ic9b7a37db831556d2c2cf733a6e27fba27afee0b
2019-02-15Move SO_TIMESTAMP from different transport endpoints to epsocket.Kevin Krakauer
SO_TIMESTAMP is reimplemented in ping and UDP sockets (and needs to be added for TCP), but can just be implemented in epsocket for simplicity. This will also make SIOCGSTAMP easier to implement. PiperOrigin-RevId: 234179300 Change-Id: Ib5ea0b1261dc218c1a8b15a65775de0050fe3230
2019-02-15Internal change.Googler
PiperOrigin-RevId: 234169795 Change-Id: I3c576ae6ad460e2c0e3f142a2671dc18d34a07ef
2019-02-15Redirect FIXME to more appropriate bugFabricio Voznika
PiperOrigin-RevId: 234147487 Change-Id: I779a6012832bb94a6b89f5bcc7d821b40ae969cc
2019-02-14Don't allow writing or reading to TTY unless process group is in foreground.Nicolas Lacasse
If a background process tries to read from a TTY, linux sends it a SIGTTIN unless the signal is blocked or ignored, or the process group is an orphan, in which case the syscall returns EIO. See drivers/tty/n_tty.c:n_tty_read()=>job_control(). If a background process tries to write a TTY, set the termios, or set the foreground process group, linux then sends a SIGTTOU. If the signal is ignored or blocked, linux allows the write. If the process group is an orphan, the syscall returns EIO. See drivers/tty/tty_io.c:tty_check_change(). PiperOrigin-RevId: 234044367 Change-Id: I009461352ac4f3f11c5d42c43ac36bb0caa580f9
2019-02-14Internal change.Googler
PiperOrigin-RevId: 234011346 Change-Id: Ic69375ddb3794dd0d3d6e62ee4dc60fdf4baf2c7
2019-02-13gvisor/kokoro: run apt-get update before apt-get installAndrei Vagin
We need to update the package lists, otherwise apt-get install can request an old package which has been removed from repositories. PiperOrigin-RevId: 233879031 Change-Id: I2e1b3afd9d01008f774f10efd8852fd3f5e1c882
2019-02-13Add support for using PACKET_RX_RING to receive packets.Bhasker Hariharan
PACKET_RX_RING allows the use of an mmapped buffer to receive packets from the kernel. This should cut down the number of host syscalls that need to be made to receive packets when the underlying fd is a socket of the AF_PACKET type. PiperOrigin-RevId: 233834998 Change-Id: I8060025c6ced206986e94cc46b8f382b81bfa47f
2019-02-13Improve safecopy sanity checks.Jamie Liu
- Fix CopyIn/CopyOut/ZeroOut range checks. - Include the faulting signal number in the panic message. PiperOrigin-RevId: 233829501 Change-Id: I8959ead12d05dbd4cd63c2b908cddeb2a27eb513
2019-02-13Internal change.Googler
PiperOrigin-RevId: 233802562 Change-Id: I40e1b13fd571daaf241b00f8df4bcedd034dc3f1
2019-02-13Expose XSAVES in /proc/cpuinfoMichael Pratt
Linux started doing this in b8be15d588060a03569ac85dc4a0247460988f5b ("x86/fpu/xstate: Re-enable XSAVES"), which first appeared in 4.8. PiperOrigin-RevId: 233800931 Change-Id: Icac2c2b03ccf1a91f3070431efb5152ca619fca3
2019-02-11gvisor: check that ptrace properly handles int3Andrei Vagin
PiperOrigin-RevId: 233516412 Change-Id: I7a0f1443de7eeebb5d8ad59e4759ca2e036a3c4d
2019-02-11gvisor: Run syscall tests in kokoro on the rbe clusterAndrei Vagin
PiperOrigin-RevId: 233458853 Change-Id: I92c734b8075aa31e040fe7b4770bcf608e271e7a
2019-02-11Do not drop packets w/ missing TCP timestamps.Bhasker Hariharan
RFC7323 recommends that if the timestamp option was negotiated then all packets should carry a TCP Timestamp and any packets that do not should be dropped. Netstack implemented this behaviour. Linux OTOH does not and will accept such packets. This change makes Netstack behaviour compatible with Linux. Also now that we allow such packets, we do need to update RTO calculations based on these packets even if timestamp option is enabled. PiperOrigin-RevId: 233432268 Change-Id: I9f4742ae6b63930ac3b5e37d8c238761e6a4b29f
2019-02-08Use socket address functions in unbound IPv4 UDP tests.Ian Gudger
Also switch to the correct casing style for local address variables. PiperOrigin-RevId: 233161128 Change-Id: Ibc4a10a5d3ab04c40907aa885e8237b255c65a79
2019-02-08Add fs.AsyncWithContext and call it in fs/gofer/inodeOperations.Release.Nicolas Lacasse
fs/gofer/inodeOperations.Release does some asynchronous work. Previously it was calling fs.Async with an anonymous function, which caused the function to be allocated on the heap. Because Release is relatively hot, this results in a lot of small allocations and increased GC pressure, noticeable in perf profiles. This CL adds a new function, AsyncWithContext, which is just like Async, but passes a context to the async function. It avoids the need for an extra anonymous function in fs/gofer/inodeOperations.Release. The Async function itself still requires a single anonymous function. PiperOrigin-RevId: 233141763 Change-Id: I1dce4a883a7be9a8a5b884db01e654655f16d19c
2019-02-08Encode stat to bytes manually, instead of calling CopyObjectOut.Nicolas Lacasse
CopyObjectOut grows its destination byte slice incrementally, causing many small slice allocations on the heap. This leads to increased GC and noticeably slower stat calls. PiperOrigin-RevId: 233140904 Change-Id: Ieb90295dd8dd45b3e56506fef9d7f86c92e97d97
2019-02-08Fix build error.Ian Gudger
PiperOrigin-RevId: 233139020 Change-Id: I2e7089fa25d20e5662eb941054a684d41f5d3e12
2019-02-08Internal change.Christopher Koch
PiperOrigin-RevId: 233124342 Change-Id: Id4b4857af89815ffb9254cc30df4244b2768d9f2
2019-02-08CopyObjectOut should allocate a byte slice the size of the encoded object.Nicolas Lacasse
This adds an extra Reflection call to CopyObjectOut, but avoids many small slice allocations if the object is large, since without this we grow the backing slice incrementally as we encode more data. PiperOrigin-RevId: 233110960 Change-Id: I93569af55912391e5471277f779139c23f040147
2019-02-08Keep FilePayloads open on server side until after RPC completed.Christopher Koch
Prevents URPC FDs from being closed mid-call, especially if they are used as raw FDs. PiperOrigin-RevId: 233087955 Change-Id: I815a2ff32cc5f03774605aef0b35a32862f8e633
2019-02-07Plumb IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP to netstack.Ian Gudger
Also includes a few fixes for IPv4 multicast support. IPv6 support is coming in a followup CL. PiperOrigin-RevId: 233008638 Change-Id: If7dae6222fef43fda48033f0292af77832d95e82
2019-02-07gvisor/tests: save runsc logs for each container in a separate directoryAndrei Vagin
PiperOrigin-RevId: 232990964 Change-Id: Icfa426d5e83c7d3e56b0b92e6a9e1229bcb8361b
2019-02-07Implement /proc/net/unix.Rahat Mahmood
PiperOrigin-RevId: 232948478 Change-Id: Ib830121e5e79afaf5d38d17aeef5a1ef97913d23
2019-02-07Make context.Background return a global background context.Nicolas Lacasse
It currently allocates a new context on the heap each time it is called. Some of these are in relatively hot paths like signal delivery and releasing gofer inodes. It is also called very commonly in afterLoad. All of these should benefit from fewer heap allocations. PiperOrigin-RevId: 232938873 Change-Id: I53cec0ca299f56dcd4866b0b4fd2ec4938526849
2019-02-07Internal change.Googler
PiperOrigin-RevId: 232937200 Change-Id: I5c3709cc8f1313313ff618a45e48c14a3a111cb4
2019-02-07Implement semctl(2) SETALL and GETALLFabricio Voznika
PiperOrigin-RevId: 232914984 Change-Id: Id2643d7ad8e986ca9be76d860788a71db2674cda
2019-02-06Internal change.Googler
PiperOrigin-RevId: 232776481 Change-Id: Ic19d4aa6322fef71621bad0e9fb8bdedf6694114
2019-02-05Change /proc/PID/cmdline to read environment vector.Zach Koopmans
- Change proc to return envp on overwrite of argv with limitations from upstream. - Add unit tests - Change layout of argv/envp on the stack so that end of argv is contiguous with beginning of envp. PiperOrigin-RevId: 232506107 Change-Id: I993880499ab2c1220f6dc456a922235c49304dec
2019-02-04Deflake unlink test.Kevin Krakauer
Multiple tests were creating the same directory before removing it, making it possible for concurrent tests to fail because the directory already exists. PiperOrigin-RevId: 232389814 Change-Id: I35d409fff4b3fd864b30fee742cb587b14975c23
2019-02-04Note //third_party in coding guidelinesMichael Pratt
PiperOrigin-RevId: 232375745 Change-Id: I26146ad65fac1dcdc5fcb4b11a1580133f9ca46d
2019-02-01gvisor/test: Remove gtest shard env variablesAndrei Vagin
PiperOrigin-RevId: 232071420 Change-Id: I5aa57f3dc4aac637d6f467445b4b3110fc08ac80
2019-02-01CachingInodeOperations was over-dirtying cached attributesFabricio Voznika
Dirty should be set only when the attribute is changed in the cache only. Instances where the change was also sent to the backing file doesn't need to dirty the attribute. Also remove size update during WriteOut as writing dirty page would naturaly grow the file if needed. RELNOTES: relnotes is needed for the parent CL. PiperOrigin-RevId: 232068978 Change-Id: I00ba54693a2c7adc06efa9e030faf8f2e8e7f188
2019-02-01Factor the subtargets method into a helper method with tests.Nicolas Lacasse
PiperOrigin-RevId: 232047515 Change-Id: I00f036816e320356219be7b2f2e6d5fe57583a60
2019-01-31Move package sync to third_partyMichael Pratt
PiperOrigin-RevId: 231889261 Change-Id: I482f1df055bcedf4edb9fe3fe9b8e9c80085f1a0
2019-01-31gvisor/gofer: Use pivot_root instead of chrootAndrei Vagin
PiperOrigin-RevId: 231864273 Change-Id: I8545b72b615f5c2945df374b801b80be64ec3e13
2019-01-31Fix commentMichael Pratt
PiperOrigin-RevId: 231861005 Change-Id: I134d4e20cc898d44844219db0a8aacda87e11ef0
2019-01-31Add syscall test dimension for --file_access=sharedFabricio Voznika
PiperOrigin-RevId: 231856279 Change-Id: I175db87374890a62a3a3c2ddef727668ff854ce4
2019-01-31Invalidate COW mappings when file is truncatedFabricio Voznika
This changed required making fsutil.HostMappable use a backing file to ensure the correct FD would be used for read/write operations. RELNOTES: relnotes is needed for the parent CL. PiperOrigin-RevId: 231836164 Change-Id: I8ae9639715529874ea7d80a65e2c711a5b4ce254
2019-01-31Don't mask out sticky bit to/from goferFabricio Voznika
RELNOTES: sticky bit propagates to gofers now. PiperOrigin-RevId: 231822453 Change-Id: I73426170b9457350480a3b144a2baf937e7cb477
2019-01-31Remove license commentsMichael Pratt
Nothing reads them and they can simply get stale. Generated with: $ sed -i "s/licenses(\(.*\)).*/licenses(\1)/" **/BUILD PiperOrigin-RevId: 231818945 Change-Id: Ibc3f9838546b7e94f13f217060d31f4ada9d4bf0
2019-01-31runsc: check whether a container is deleted or not before setupContainerFSAndrei Vagin
PiperOrigin-RevId: 231811387 Change-Id: Ib143fb9a4d0fa1f105d1a3a3bd533dfc44e792af
2019-01-30Add muldiv/rd_tsc support for arm64 platform.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: If35459be78e023346a140184401172f8e023c7f9 PiperOrigin-RevId: 231638020
2019-01-29Fix IsLost check to match the description in RFC6675.Bhasker Hariharan
quoting what "rscheff@gmx.at" pointed out over email. "IsLost in RFC3517 is defined as >= (DupThresh * SMSS) while RFC6675 improves upon this, and defines IsLost as > ((DupThresh - 1) * SMSS + 1). The latter addresses situations where partial segments (size < MSS) are sent (eg. last segment of a http protocol message sent with PSH being less than MSS is common)." PiperOrigin-RevId: 231512331 Change-Id: I1addd4a92e3e7baeb0bdda46463ebfae435da958
2019-01-29Bump rules_go to v0.17.0, and go toolchain to v1.11.5.Nicolas Lacasse
PiperOrigin-RevId: 231506385 Change-Id: I739ca24a152b32130ab4c6cdd200242d2fb37e31
2019-01-29runsc: reap a sandbox process only in sandbox.Wait()Andrei Vagin
PiperOrigin-RevId: 231504064 Change-Id: I585b769aef04a3ad7e7936027958910a6eed9c8d
2019-01-29Fix NIC endpoint forwarding.Ian Gudger
Also adds a test for regular NIC forwarding. PiperOrigin-RevId: 231495279 Change-Id: Ic7edec249568e9ad0280cea77eac14478c9073e1