summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-08-03Merge release-20210726.0-20-gceab3327c (automated)gVisor bot
2021-08-03Add verity open_read_close benchmark testChong Cai
PiperOrigin-RevId: 388494554
2021-08-02Merge release-20210726.0-19-g4f6c1f309 (automated)gVisor bot
2021-08-01Merge pull request #6350 from sudo-sturbia:cgroupfsgVisor bot
PiperOrigin-RevId: 388129112
2021-07-30Merge release-20210726.0-17-g979d6e7d7 (automated)gVisor bot
2021-07-30Support RTM_DELLINKZeling Feng
This change will allow us to remove the default link in a packetimpact test so we can reduce indeterministic behaviors as required in https://fxbug.dev/78430. This will also help with testing #1388. Updates #578, #1388. PiperOrigin-RevId: 387896847
2021-07-30Merge release-20210726.0-16-gc9aac64e0 (automated)gVisor bot
2021-07-30Merge pull request #6257 from zhlhahaha:2193-1gVisor bot
PiperOrigin-RevId: 387885663
2021-07-30Merge release-20210726.0-12-g62ea5c0a2 (automated)gVisor bot
2021-07-30checklinkname: rudimentary type-checking of linkname directivesMichael Pratt
This CL introduces a 'checklinkname' analyzer, which provides rudimentary type-checking that verifies that function signatures on the local and remote sides of //go:linkname directives match expected values. If the Go standard library changes the definitions of any of these function, checklinkname will flag the change as a finding, providing an error informing the gVisor team to adapt to the upstream changes. This allows us to eliminate the majority of gVisor's forward-looking negative build tags, as we can catch mismatches in testing [1]. The remaining forward-looking negative build tags are covering shared struct definitions, which I hope to add to checklinkname in a future CL. [1] Of course, semantics/requirements can change without the signature changing, so we still must be careful, but this covers the common case. PiperOrigin-RevId: 387873847
2021-07-29Merge release-20210720.0-45-g095b0d834 (automated)gVisor bot
2021-07-28Explicitly encode the pcap packet headers to reduce CPU cost of pcap generation.gVisor bot
PiperOrigin-RevId: 387513118
2021-07-28Merge release-20210720.0-44-g72c2b74ac (automated)gVisor bot
2021-07-28Add Uid/Gid/Groups fields to VFS2 /proc/[pid]/status.Jamie Liu
For comparison: ``` $ docker run --rm -it ubuntu:focal bash -c 'cat /proc/self/status' Name: cat Umask: 0022 State: R (running) Tgid: 1 Ngid: 0 Pid: 1 PPid: 0 TracerPid: 0 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 64 Groups: NStgid: 1 NSpid: 1 NSpgid: 1 NSsid: 1 VmPeak: 2660 kB VmSize: 2660 kB VmLck: 0 kB VmPin: 0 kB VmHWM: 528 kB VmRSS: 528 kB ... $ docker run --runtime=runsc-vfs2 --rm -it ubuntu:focal bash -c 'cat /proc/self/status' Name: cat State: R (running) Tgid: 1 Pid: 1 PPid: 0 TracerPid: 0 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 4 Groups: VmSize: 10708 kB VmRSS: 3124 kB VmData: 316 kB ... ``` Fixes #6374 PiperOrigin-RevId: 387465655
2021-07-28Merge release-20210720.0-43-g01f7dd442 (automated)gVisor bot
2021-07-28Merge pull request #6358 from zhlhahaha:2232gVisor bot
PiperOrigin-RevId: 387442805
2021-07-28Merge release-20210720.0-41-g6bf7d0514 (automated)gVisor bot
2021-07-28Add verity read benchmark testsChong Cai
PiperOrigin-RevId: 387431049
2021-07-28Merge release-20210720.0-40-g44efc282f (automated)gVisor bot
2021-07-28Lock gofer.dentry.dataMu before SetAttr RPC modifying file size.Jamie Liu
PiperOrigin-RevId: 387427887
2021-07-28tunning hasSlot function and fix store wrong value in usedSlotsHoward Zhang
Make hasSlot scan allocated slot, rather than the whole slice. It is supposed to store physicalStart in usedSlot. Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2021-07-28Merge release-20210720.0-39-g964fb3ca7 (automated)gVisor bot
2021-07-27Use go:build directives in generated files.Jamie Liu
Build constraints are now inferred from go:build directives rather than +build directives. +build directives are still emitted in generated files as required in Go 1.16 and earlier. Note that go/build/constraint was added in Go 1.16, so gVisor now requires Go 1.16. PiperOrigin-RevId: 387240779
2021-07-27Don't create an extra fd bitmap to allocate a new fd.Andrei Vagin
2021-07-26Merge release-20210720.0-38-g9a96e00f0 (automated)gVisor bot
2021-07-26Merge pull request #6292 from btw616:local-timezonegVisor bot
PiperOrigin-RevId: 386988406
2021-07-26Merge release-20210720.0-35-ga42d3fd0a (automated)gVisor bot
2021-07-26Fix per-analyzer overrides of default-disabled groupsMichael Pratt
Currently behavior of config groups with `default: false` is buggy. The intention is that adding an empty suppression section for that group to a specific analyzer config should enable reporting for that analyzer. i.e., ``` groups: - name: foo regex: "^foo/" default: false global: ... analyzers: asmdecl: foo: # Enabled. ``` This should enable the foo group only for asmdecl. Unfortunately, today the actual behavior depends on the contents of the `global:` section. If `global:` contains an entry for foo, then it will work as described. If `global:` does _not_ contain an entry for foo, then the group default (disabled) always applies and the individual analyzer options have no effect. The cause of this is confusion in `AnalyzerConfig.shouldReport`, which doesn't distinguish between explicit suppression via a global suppression/exclude and simply having no configuration at all. Make this more explicit, so that the no configuration case can continue to per-analyzer configuration before falling back to the group default. The last test case in the added test fails without this change. This re-enables several opted-in analyzers for external dependencies, which have gained a few more false positives to suppress. PiperOrigin-RevId: 386904725
2021-07-24Merge release-20210712.0-61-g9ba8c40a3 (automated)gVisor bot
2021-07-23Clean up logic for when a VFS2 gofer regular file close causes a flushf.Jamie Liu
PiperOrigin-RevId: 386577891
2021-07-23Merge release-20210712.0-60-gd24793836 (automated)gVisor bot
2021-07-23Add verity open benchmark testChong Cai
PiperOrigin-RevId: 386533065
2021-07-23Merge release-20210712.0-59-g3d0a93000 (automated)gVisor bot
2021-07-23Don't panic on user-controlled state in semaphore syscalls.Rahat Mahmood
Reported-by: syzbot+beb099a67f670386a367@syzkaller.appspotmail.com PiperOrigin-RevId: 386521361
2021-07-23Merge release-20210712.0-58-g0eea96057 (automated)gVisor bot
2021-07-23Add support for SIOCGIFCONF ioctl in hostinet.Lucas Manning
PiperOrigin-RevId: 386511818
2021-07-23Merge release-20210712.0-57-gdc000e7b7 (automated)gVisor bot
2021-07-23update bug number in loopback testsKevin Krakauer
PiperOrigin-RevId: 386511209
2021-07-23Merge release-20210712.0-56-gea0d9a8f4 (automated)gVisor bot
2021-07-23buildkite: deflake itimer testKevin Krakauer
The self-admittedly arbitrary threshold of 20% of alarms being sent to the main thread was being breached. I saw a run of of ~20-23% [1]. We should allow for a little more breathing room. 1 - https://buildkite.com/gvisor/pipeline/builds/7400 PiperOrigin-RevId: 386503482
2021-07-23Merge release-20210712.0-55-gc3c5c55d1 (automated)gVisor bot
2021-07-23Handle EINTR from socket syscalls in send/recv benchmark.Rahat Mahmood
The benchmark check fails if any of the socket syscalls fail with EINTR. We see this manifest in S/R lifecycles since S/R has a high probability of aborting these syscalls with EINTR. PiperOrigin-RevId: 386480365
2021-07-22Merge release-20210712.0-54-gaa2698170 (automated)gVisor bot
2021-07-22Move socket_test_util to //test/utilGhanan Gowripalan
...and rename the library to socket_util. PiperOrigin-RevId: 386348306
2021-07-22Merge release-20210712.0-53-g24487496a (automated)gVisor bot
2021-07-22VFS2: remove ext codeKevin Krakauer
We opted to move forward with FUSE instead. PiperOrigin-RevId: 386344258
2021-07-22Merge release-20210712.0-52-g0690c25e0 (automated)gVisor bot
2021-07-22kvm: set CR0.NE = 1Andrei Vagin
CR0.NE enables internal x87 floating point error reporting when set, else enables PC style x87 error detection. On AMD, the #MF exception isn't generated if CR0.NE isn't set. PiperOrigin-RevId: 386340269
2021-07-22Merge release-20210712.0-51-g47f025461 (automated)gVisor bot
2021-07-22runsc: Wait child processes without timeoutsAndrei Vagin
* First, we don't need to poll child processes. * Second, the 5 seconds timeout is too small if a host is overloaded. * Third, this can hide bugs in the code when we wait a process that isn't going to exit. PiperOrigin-RevId: 386337586