summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-08-08Resend packets back to netstack if destined to itselfFabricio Voznika
Add option to redirect packet back to netstack if it's destined to itself. This fixes the problem where connecting to the local NIC address would not work, e.g.: echo bar | nc -l -p 8080 & echo foo | nc 192.168.0.2 8080 PiperOrigin-RevId: 207995083 Change-Id: I17adc2a04df48bfea711011a5df206326a1fb8ef
2018-08-08Protect PCIDs with a mutex.Adin Scannell
Because the Drop method may be called across vCPUs, it is necessary to protect the PCID database with a mutex to prevent concurrent modification. The PCID is assigned prior to entersyscall, so it's safe to block. PiperOrigin-RevId: 207992864 Change-Id: I8b36d55106981f51e30dcf03e12886330bb79d67
2018-08-08Fix data race in unix.BoundEndpoint.UnidirectionalConnect.Ian Gudger
Data race is: Read: (*connectionlessEndpoint).UnidirectionalConnect: writeQueue: e.receiver.(*queueReceiver).readQueue, Write: (*connectionlessEndpoint).Close: e.receiver = nil The problem is that (*connectionlessEndpoint).UnidirectionalConnect assumed that baseEndpoint.receiver is immutable which is explicitly not the case. Fixing this required two changes: 1. Add synchronization around access of baseEndpoint.receiver in (*connectionlessEndpoint).UnidirectionalConnect. 2. Check for baseEndpoint.receiver being nil in (*connectionlessEndpoint).UnidirectionalConnect. PiperOrigin-RevId: 207984402 Change-Id: Icddeeb43805e777fa3ef874329fa704891d14181
2018-08-08Bump rules_go and gazelle to 0.14.0Michael Pratt
PiperOrigin-RevId: 207977844 Change-Id: I980c1ad76339e9e4e8ea6d58c1caf5245befa18a
2018-08-08Enable SACK in runscFabricio Voznika
SACK is disabled by default and needs to be manually enabled. It not only improves performance, but also fixes hangs downloading files from certain websites. PiperOrigin-RevId: 207906742 Change-Id: I4fb7277b67bfdf83ac8195f1b9c38265a0d51e8b
2018-08-07Fix build break in testFabricio Voznika
integration_test runs manually and breakage wasn't detected. Added test to kokoro to ensure breakages are detected in the future. PiperOrigin-RevId: 207772835 Change-Id: Iada81b579b558477d4db3516b38366ef6a2e933d
2018-08-07Hold TaskSet.mu in Task.Parent.Jamie Liu
PiperOrigin-RevId: 207766238 Change-Id: Id3b66d8fe1f44c3570f67fa5ae7ba16021e35be1
2018-08-07Adds support to dump out cubic internal state.Bhasker Hariharan
PiperOrigin-RevId: 207754087 Change-Id: I83abce64348ea93f8692da81a881b364dae2158b
2018-08-07fs: Add new cache policy "remote_revalidate".Nicolas Lacasse
This CL adds a new cache-policy for gofer filesystems that uses the host page cache, but causes dirents to be reloaded on each Walk, and does not cache readdir results. This policy is useful when the remote filesystem may change out from underneath us, as any remote changes will be reflected on the next Walk. Importantly, this cache policy is only consistent if we do not use gVisor's internal page cache, since that page cache is tied to the Inode and may be thrown away upon Revalidation. This cache policy should only be used when the gofer supports donating host FDs, since then gVisor will make use of the host kernel page cache, which will be consistent for all open files in the gofer. In fact, a panic will be raised if a file is opened without a donated FD. PiperOrigin-RevId: 207752937 Change-Id: I233cb78b4695bbe00a4605ae64080a47629329b8
2018-08-07sentry: make epoll.pollEntry wait for the file operation in restore.Zhaozhong Ni
PiperOrigin-RevId: 207737935 Change-Id: I3a301ece1f1d30909715f36562474e3248b6a0d5
2018-08-07Netstack doesn't handle sending after SHUT_WR correctly.Brian Geffon
PiperOrigin-RevId: 207715032 Change-Id: I7b6690074c5be283145192895d706a92e921b22c
2018-08-06Disable KVM dimension because it's making the test flakyFabricio Voznika
PiperOrigin-RevId: 207642348 Change-Id: Iacec9f097ab93b91c0c8eea61b1347e864f57a8b
2018-08-06Tiny reordering to network codeFabricio Voznika
PiperOrigin-RevId: 207581723 Change-Id: I6e4eb1227b5ed302de5e6c891040b670955f1eea
2018-08-06Make ramfs.File savableMichael Pratt
In other news, apparently proc.fdInfo is the last user of ramfs.File. PiperOrigin-RevId: 207564572 Change-Id: I5a92515698cc89652b80bea9a32d309e14059869
2018-08-06Fix a bug in PCIDs.AssignShiruRen
Store the new assigned pcid in p.cache[pt]. Signed-off-by: ShiruRen <renshiru2000@gmail.com> Change-Id: I4aee4e06559e429fb5e90cb9fe28b36139e3b4b6 PiperOrigin-RevId: 207563833
2018-08-03Cubic implementation for Netstack.Bhasker Hariharan
This CL implements CUBIC as described in https://tools.ietf.org/html/rfc8312. PiperOrigin-RevId: 207353142 Change-Id: I329cbf3277f91127e99e488f07d906f6779c6603
2018-08-03stateify: make explicit mode no longer optional.Zhaozhong Ni
PiperOrigin-RevId: 207303405 Change-Id: I17b6433963d78e3631a862b7ac80f566c8e7d106
2018-08-02Copy creds in accessMichael Pratt
PiperOrigin-RevId: 207181631 Change-Id: Ic6205278715a9260fb970efb414fc758ea72c4c6
2018-08-02Update comment referenceMichael Pratt
PiperOrigin-RevId: 207180809 Change-Id: I08c264812919e81b2c56fdd4a9ef06924de8b52f
2018-08-02Isolate image pulling time from container startupFabricio Voznika
mysql image test is timing out sporadically and it's hard to tell where the slow down in coming from. PiperOrigin-RevId: 207147237 Change-Id: I05a4d2c116292695d63cf861f3b89cd1c54b6106
2018-08-02Automated rollback of changelist 207037226Zhaozhong Ni
PiperOrigin-RevId: 207125440 Change-Id: I6c572afb4d693ee72a0c458a988b0e96d191cd49
2018-08-02Add seccomp(2) support.Brian Geffon
Add support for the seccomp syscall and the flag SECCOMP_FILTER_FLAG_TSYNC. PiperOrigin-RevId: 207101507 Change-Id: I5eb8ba9d5ef71b0e683930a6429182726dc23175
2018-08-01Move stack clock to options structIan Gudger
PiperOrigin-RevId: 207039273 Change-Id: Ib8f55a6dc302052ab4a10ccd70b07f0d73b373df
2018-08-01Automated rollback of changelist 207007153Michael Pratt
PiperOrigin-RevId: 207037226 Change-Id: I8b5f1a056d4f3eab17846f2e0193bb737ecb5428
2018-08-01stateify: convert all packages to use explicit mode.Zhaozhong Ni
PiperOrigin-RevId: 207007153 Change-Id: Ifedf1cc3758dc18be16647a4ece9c840c1c636c9
2018-08-01New conditional for adding key/value pairs to maps.Brielle Broder
When adding MultiDeviceKeys and their values into MultiDevice maps, make sure the keys and values have not already been added. This ensures that preexisting key/value pairs are not overridden. PiperOrigin-RevId: 206942766 Change-Id: I9d85f38eb59ba59f0305e6614a52690608944981
2018-07-31Use backoff package for retry logicFabricio Voznika
PiperOrigin-RevId: 206834838 Change-Id: I9a44c6fa5f4766a01f86e90810f025cefecdf2d4
2018-07-31Drop dup2 filterMichael Pratt
It is unused. PiperOrigin-RevId: 206798328 Change-Id: I2d7d27c0e4a0ef51264b900f14f1b3fdad17f2c4
2018-07-31proc: show file flags in fdinfoAndrei Vagin
Currently, there is an attempt to print FD flags, but they are not decoded into a number, so we see something like this: /criu # cat /proc/self/fdinfo/0 flags: {%!o(bool=000false)} Actually, fdinfo has to contain file flags. Change-Id: Idcbb7db908067447eb9ae6f2c3cfb861f2be1a97 PiperOrigin-RevId: 206794498
2018-07-30Cleans up files created if there is a failure.Brielle Broder
PiperOrigin-RevId: 206674267 Change-Id: Ifc4eb19e0882e8bed566e9c553af910925fe6ae2
2018-07-30netstack: support disconnect-on-save option per fdbased link.Zhaozhong Ni
PiperOrigin-RevId: 206659972 Change-Id: I5e0e035f97743b6525ad36bed2c802791609beaf
2018-07-27Make runsc visibility public.Adin Scannell
(Why not?) PiperOrigin-RevId: 206401282 Change-Id: Iadcb7fb8472de7aef7c4bf5182e9a1d339e4d259
2018-07-27Simplify Kokoro configuration.Adin Scannell
PiperOrigin-RevId: 206401009 Change-Id: I26644d1fe637b5a40db013fedf9fc063cc87ce6a
2018-07-27Added the O_LARGEFILE flag.Justine Olshan
This flag will always be true for gVisor files. PiperOrigin-RevId: 206355963 Change-Id: I2f03d2412e2609042df43b06d1318cba674574d0
2018-07-27stateify: support explicit annotation mode; convert refs and stack packages.Zhaozhong Ni
We have been unnecessarily creating too many savable types implicitly. PiperOrigin-RevId: 206334201 Change-Id: Idc5a3a14bfb7ee125c4f2bb2b1c53164e46f29a8
2018-07-27Replace sleeps with waits in tests - part IIFabricio Voznika
PiperOrigin-RevId: 206333130 Change-Id: Ic85874dbd53c5de2164a7bb75769d52d43666c2a
2018-07-26Don't copy-up extended attributes that specifically configure a lower overlay.Nicolas Lacasse
When copying-up files from a lower fs to an upper, we also copy the extended attributes on the file. If there is a (nested) overlay inside the lower, some of these extended attributes configure the lower overlay, and should not be copied-up to the upper. In particular, whiteout attributes in the lower fs overlay should not be copied-up, since the upper fs may actually contain the file. PiperOrigin-RevId: 206236010 Change-Id: Ia0454ac7b99d0e11383f732a529cb195ed364062
2018-07-26Add "github.com/cenkalti/backoff" dependency to WORKSPACE file.Nicolas Lacasse
PiperOrigin-RevId: 206193369 Change-Id: I70b67848f498f48c3ff809b60dd08b67001c9324
2018-07-25Replace sleeps with waits in tests - part IFabricio Voznika
PiperOrigin-RevId: 206084473 Change-Id: I44e1b64b9cdd2964357799dca27cc0cbc19ce07d
2018-07-25Format openat flagsMichael Pratt
PiperOrigin-RevId: 206021774 Change-Id: I447b6c751c28a8d8d4d78468b756b6ad8c61e169
2018-07-25runsc: Fix "exec" command when called without --pid-file.Nicolas Lacasse
When "exec" command is called without the "--detach" flag, we spawn a second "exec" command and wait for that one to start. We use the pid file passed in --pid-file to detect when this second command has started running. However if "exec" is called with no --pid-file flag, this system breaks down, as we don't have a pid file to wait for. This CL ensures that the second instance of the "exec" command always writes a pid-file, so the wait is successful. PiperOrigin-RevId: 206002403 Change-Id: If9f2be31eb6e831734b1b833f25054ec71ab94a6
2018-07-24Typo fix.Kevin Krakauer
PiperOrigin-RevId: 205880843 Change-Id: If2272b25f08a18ebe9b6309a1032dd5cdaa59866
2018-07-23Refactor new reno congestion control logic out of sender.Bhasker Hariharan
This CL also puts the congestion control logic behind an interface so that we can easily swap it out for say CUBIC in the future. PiperOrigin-RevId: 205732848 Change-Id: I891cdfd17d4d126b658b5faa0c6bd6083187944b
2018-07-23Created a docker integration test for a tomcat image.Justine Olshan
PiperOrigin-RevId: 205718733 Change-Id: I200b23af064d256f157baf9da5005ab16cc55928
2018-07-23Add KVM and overlay dimensions to container_testFabricio Voznika
PiperOrigin-RevId: 205714667 Change-Id: I317a2ca98ac3bdad97c4790fcc61b004757d99ef
2018-07-20Removed a now incorrect reference to restoreFile.Justine Olshan
PiperOrigin-RevId: 205470108 Change-Id: I226878a887fe1133561005357a9e3b09428b06b6
2018-07-20Format getcwd pathMichael Pratt
PiperOrigin-RevId: 205440332 Change-Id: I2a838f363e079164c83da88e1b0b8769844fe79b
2018-07-19runsc: copy gateway from the pod network interface.Lantao Liu
PiperOrigin-RevId: 205334841 Change-Id: Ia60d486f9aae70182fdc4af50cf7c915986126d7
2018-07-19kernel: mutations on creds now require a copy.Adin Scannell
PiperOrigin-RevId: 205315612 Change-Id: I9a0a1e32c8abfb7467a38743b82449cc92830316
2018-07-19fs: Pass context to Revalidate() function.Nicolas Lacasse
The current revalidation logic is very simple and does not do much introspection of the dirent being revalidated (other than looking at the type of file). Fancier revalidation logic is coming soon, and we need to be able to look at the cached and uncached attributes of a given dirent, and we need a context to perform some of these operations. PiperOrigin-RevId: 205307351 Change-Id: If17ea1c631d8f9489c0e05a263e23d7a8a3bf159