summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-07-21Add ARM64 support to pkg/sentry/loaderBin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2019-07-18net/tcp/setockopt: impelment setsockopt(fd, SOL_TCP, TCP_INQ)Andrei Vagin
PiperOrigin-RevId: 258859507
2019-07-18Sentry virtual filesystem, v2Jamie Liu
Major differences from the current ("v1") sentry VFS: - Path resolution is Filesystem-driven (FilesystemImpl methods call vfs.ResolvingPath methods) rather than VFS-driven (fs package owns a Dirent tree and calls fs.InodeOperations methods to populate it). This drastically improves performance, primarily by reducing overhead from inefficient synchronization and indirection. It also makes it possible to implement remote filesystem protocols that translate FS system calls into single RPCs, rather than having to make (at least) one RPC per path component, significantly reducing the latency of remote filesystems (especially during cold starts and for uncacheable shared filesystems). - Mounts are correctly represented as a separate check based on contextual state (current mount) rather than direct replacement in a fs.Dirent tree. This makes it possible to support (non-recursive) bind mounts and mount namespaces. Included in this CL is fsimpl/memfs, an incomplete in-memory filesystem that exists primarily to demonstrate intended filesystem implementation patterns and for benchmarking: BenchmarkVFS1TmpfsStat/1-6 3000000 497 ns/op BenchmarkVFS1TmpfsStat/2-6 2000000 676 ns/op BenchmarkVFS1TmpfsStat/3-6 2000000 904 ns/op BenchmarkVFS1TmpfsStat/8-6 1000000 1944 ns/op BenchmarkVFS1TmpfsStat/64-6 100000 14067 ns/op BenchmarkVFS1TmpfsStat/100-6 50000 21700 ns/op BenchmarkVFS2MemfsStat/1-6 10000000 197 ns/op BenchmarkVFS2MemfsStat/2-6 5000000 233 ns/op BenchmarkVFS2MemfsStat/3-6 5000000 268 ns/op BenchmarkVFS2MemfsStat/8-6 3000000 477 ns/op BenchmarkVFS2MemfsStat/64-6 500000 2592 ns/op BenchmarkVFS2MemfsStat/100-6 300000 4045 ns/op BenchmarkVFS1TmpfsMountStat/1-6 2000000 679 ns/op BenchmarkVFS1TmpfsMountStat/2-6 2000000 912 ns/op BenchmarkVFS1TmpfsMountStat/3-6 1000000 1113 ns/op BenchmarkVFS1TmpfsMountStat/8-6 1000000 2118 ns/op BenchmarkVFS1TmpfsMountStat/64-6 100000 14251 ns/op BenchmarkVFS1TmpfsMountStat/100-6 100000 22397 ns/op BenchmarkVFS2MemfsMountStat/1-6 5000000 317 ns/op BenchmarkVFS2MemfsMountStat/2-6 5000000 361 ns/op BenchmarkVFS2MemfsMountStat/3-6 5000000 387 ns/op BenchmarkVFS2MemfsMountStat/8-6 3000000 582 ns/op BenchmarkVFS2MemfsMountStat/64-6 500000 2699 ns/op BenchmarkVFS2MemfsMountStat/100-6 300000 4133 ns/op From this we can infer that, on this machine: - Constant cost for tmpfs stat() is ~160ns in VFS2 and ~280ns in VFS1. - Per-path-component cost is ~35ns in VFS2 and ~215ns in VFS1, a difference of about 6x. - The cost of crossing a mount boundary is about 80ns in VFS2 (MemfsMountStat/1 does approximately the same amount of work as MemfsStat/2, except that it also crosses a mount boundary). This is an inescapable cost of the separate mount lookup needed to support bind mounts and mount namespaces. PiperOrigin-RevId: 258853946
2019-07-17Take copyMu in RevalidateMichael Pratt
copyMu is required to read child.overlay.upper. PiperOrigin-RevId: 258662209
2019-07-17Separate O_DSYNC and O_SYNC.Jamie Liu
PiperOrigin-RevId: 258657913
2019-07-17ext: disklayout: extents support.Ayush Ranjan
PiperOrigin-RevId: 258657776
2019-07-17Merge pull request #504 from matthyx:mastergVisor bot
PiperOrigin-RevId: 258654826
2019-07-17ext: Filesystem init implementation.Ayush Ranjan
PiperOrigin-RevId: 258645957
2019-07-17Merge pull request #355 from zhuangel:mastergVisor bot
PiperOrigin-RevId: 258643966
2019-07-17Fix race in FDTable.GetFDs().Bhasker Hariharan
PiperOrigin-RevId: 258635459
2019-07-17Add AF_UNIX, SOCK_RAW sockets, which exist for some reason.Kevin Krakauer
tcpdump creates these. PiperOrigin-RevId: 258611829
2019-07-17Merge pull request #533 from kevinGC:stub-dev-ttygVisor bot
PiperOrigin-RevId: 258607547
2019-07-17Properly invalidate cache in rename and removeMichael Pratt
We were invalidating the wrong overlayEntry in rename and missing invalidation in rename and remove if lower exists. PiperOrigin-RevId: 258604685
2019-07-16Merge pull request #474 from zhuangel:proctasksgVisor bot
PiperOrigin-RevId: 258479216
2019-07-16test/integration: wait a background processAndrei Vagin
Otherwise this process can be killed before it prints the test message. PiperOrigin-RevId: 258448204
2019-07-16Internal change.gVisor bot
PiperOrigin-RevId: 258424489
2019-07-15Support /proc/net/devJianfeng Tan
This proc file reports the stats of interfaces. We could use ifconfig command to check the result. Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Change-Id: Ia7c1e637f5c76c30791ffda68ee61e861b6ef827 COPYBARA_INTEGRATE_REVIEW=https://gvisor-review.googlesource.com/c/gvisor/+/18282/ PiperOrigin-RevId: 258303936
2019-07-15kvm: wake up all waiter of vCPU.stateAndrei Vagin
Now we call FUTEX_WAKE with ^uintptr(0) of waiters, but in this case only one waiter will be waked up. If we want to wake up all of them, the number of waiters has to be set to math.MaxInt32. PiperOrigin-RevId: 258285286
2019-07-15Replace vector of arrays with array of arrays.Kevin Krakauer
C++ does not like vectors of arrays (because arrays are not copy-constructable). PiperOrigin-RevId: 258270980
2019-07-15Fix initialization of badhandler_low_water_mark in SigaltstackTest.Neel Natu
It is now correctly initialized to the top of the signal stack. Previously it was initialized to the address of 'stack.ss_sp' on the main thread stack. PiperOrigin-RevId: 258248363
2019-07-12Add IPPROTO_RAW, which allows raw sockets to write IP headers.Kevin Krakauer
iptables also relies on IPPROTO_RAW in a way. It opens such a socket to manipulate the kernel's tables, but it doesn't actually use any of the functionality. Blegh. PiperOrigin-RevId: 257903078
2019-07-12Check that IP headers contain correct versionTamir Duberstein
PiperOrigin-RevId: 257888338
2019-07-12Merge pull request #350 from kshithijiyer:patch-1gVisor bot
PiperOrigin-RevId: 257887940
2019-07-12Add permission, char device, and uid checks.Kevin Krakauer
Change-Id: I8307bfb390a56424aaa651285a218aad277c4aed
2019-07-12CONTRIBUTING: add logs access instructions.Adin Scannell
PiperOrigin-RevId: 257870018
2019-07-12Stub out support for TCP_MAXSEG.Bhasker Hariharan
Adds support to set/get the TCP_MAXSEG value but does not really change the segment sizes emitted by netstack or alter the MSS advertised by the endpoint. This is currently being added only to unblock iperf3 on gVisor. Plumbing this correctly requires a bit more work which will come in separate CLs. PiperOrigin-RevId: 257859112
2019-07-12Take a reference on the already-mounted inode before re-mounting it.Nicolas Lacasse
PiperOrigin-RevId: 257855777
2019-07-12Merge pull request #282 from zhangningdlut:chris_test_procgVisor bot
PiperOrigin-RevId: 257855479
2019-07-12Don't emit an event for extended attribute syscalls.Nicolas Lacasse
These are filesystem-specific, and filesystems are allowed to return ENOTSUP if they are not supported. PiperOrigin-RevId: 257813477
2019-07-12go_generics: treat the Sel part of an ast.SelectorExprMatthias Bertschy
2019-07-11Fix license year and remove Read.Kevin
2019-07-11Add a stub for /dev/tty.Kevin
Actual implementation to follow, but this will satisfy applications that want it to just exist.
2019-07-11Added tiny ext4 image.Ayush Ranjan
The image is of size 64Kb which supports 64 1k blocks and 16 inodes. This is the smallest size mkfs.ext4 works with. Added README.md documenting how this was created and included all files on the device under assets. PiperOrigin-RevId: 257712672
2019-07-11Bump rules_go to v0.18.7 and go toolchain to v1.12.7.Nicolas Lacasse
PiperOrigin-RevId: 257703164
2019-07-11ext: boilerplate code.Ayush Ranjan
Renamed ext4 to ext since we are targeting ext(2/3/4). Removed fs.go since we are targeting VFS2. Added ext.go with filesystem struct. PiperOrigin-RevId: 257689775
2019-07-11kokoro: use bazel 2.27.1Andrei Vagin
The latest version 2.28.0 doesn't work: ./runsc/linux_amd64_pure_stripped/runsc: operation not permitted, want 0 PiperOrigin-RevId: 257663312
2019-07-09tss: block userspace access to all I/O ports.Liu Hua
A userspace process (CPL=3) can access an i/o port if the bit corresponding to the port is set to 0 in the I/O permission bitmap. Configure the I/O permission bitmap address beyond the last valid byte in the TSS so access to all i/o ports is blocked. Signed-off-by: Liu Hua <sdu.liu@huawei.com> Change-Id: I3df76980c3735491db768f7210e71703f86bb989 PiperOrigin-RevId: 257336518
2019-07-09ext4: disklayout: Directory Entry implementation.Ayush Ranjan
PiperOrigin-RevId: 257314911
2019-07-09build: add nogo for static validationAdin Scannell
PiperOrigin-RevId: 257297820
2019-07-09Cleanup straggling syscall dependencies.Adin Scannell
PiperOrigin-RevId: 257293198
2019-07-08Don't mask errors in createAt loop.Nicolas Lacasse
The error set in the loop in createAt was being masked by other errors declared with ":=". This allowed an ErrResolveViaReadlink error to escape, which can cause a sentry panic. Added test case which repros without the fix. PiperOrigin-RevId: 257061767
2019-07-08Internal change.gVisor bot
PiperOrigin-RevId: 257042681
2019-07-08Merge pull request #375 from jmgao:mastergVisor bot
PiperOrigin-RevId: 257041876
2019-07-08Don't try to execute a file that is not regular.Nicolas Lacasse
PiperOrigin-RevId: 257037608
2019-07-08ext4: disklayout: inode impl.Ayush Ranjan
PiperOrigin-RevId: 257010414
2019-07-03Avoid importing platforms from many source filesAndrei Vagin
PiperOrigin-RevId: 256494243
2019-07-03Fix syscall doc for getresgidIan Lewis
PiperOrigin-RevId: 256481284
2019-07-03futex: compare keys for equality when doing a FUTEX_UNLOCK_PI.Neel Natu
PiperOrigin-RevId: 256453827
2019-07-03netstack/udp: connect with the AF_UNSPEC address family means disconnectAndrei Vagin
PiperOrigin-RevId: 256433283
2019-07-03Merge pull request #493 from ahmetb:reticulating-splinesgVisor bot
PiperOrigin-RevId: 256319059