summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-01-02Automated rollback of changelist 225089593Michael Pratt
PiperOrigin-RevId: 227595007 Change-Id: If14cc5aab869c5fd7a4ebd95929c887ab690e94c
2019-01-02Add /proc/net/psched contentFabricio Voznika
FIO reads this file and expects it to be well formed. PiperOrigin-RevId: 227554483 Change-Id: Ia48ae2377626dd6a2daf17b5b4f5119f90ece55b
2018-12-28Simplify synchronization between runsc and sandbox processFabricio Voznika
Make 'runsc create' join cgroup before creating sandbox process. This removes the need to synchronize platform creation and ensure that sandbox process is charged to the right cgroup from the start. PiperOrigin-RevId: 227166451 Change-Id: Ieb4b18e6ca0daf7b331dc897699ca419bc5ee3a2
2018-12-28Implement SO_REUSEPORT for TCP and UDP socketsAndrei Vagin
This option allows multiple sockets to be bound to the same port. Incoming packets are distributed to sockets using a hash based on source and destination addresses. This means that all packets from one sender will be received by the same server socket. PiperOrigin-RevId: 227153413 Change-Id: I59b6edda9c2209d5b8968671e9129adb675920cf
2018-12-28Extract go_merge into its own packageTamir Duberstein
This change is needed to support building gvisor for Fuchsia, which uses Chromium's GN build system; at the time of writing, Fuchsia's Go support does not include explicit enumeration of files, assuming instead that Go binaries are always built from all Go source files in a given package. Rather than extending Fuchsia's Go support, it is easier simply to extract a separate package here. PiperOrigin-RevId: 227133402 Change-Id: I1c64fff286d9c014b4bd1183b76023b35b60c720
2018-12-27Fix deadlock between epoll_wait and getdentsFabricio Voznika
epoll_wait acquires EventPoll.listsMu (in EventPoll.ReadEvents) and then calls Inotify.Readiness which tries to acquire Inotify.evMu. getdents acquires Inotify.evMu (in Inotify.queueEvent) and then calls readyCallback.Callback which tries to acquire EventPoll.listsMu. The fix is to release Inotify.evMu before calling Queue.Notify. Queue is thread-safe and doesn't require Inotify.evMu to be held. Closes #121 PiperOrigin-RevId: 227066695 Change-Id: Id29364bb940d1727f33a5dff9a3c52f390c15761
2018-12-26Plumb IP_MULTICAST_TTL to netstack.Ian Gudger
PiperOrigin-RevId: 226993086 Change-Id: I71757f231436538081d494da32ca69f709bc71c7
2018-12-26Add EventChannel messages for uncaught signals.Brian Geffon
PiperOrigin-RevId: 226936778 Change-Id: I2a6dda157c55d39d81e1b543ab11a58a0bfe5c05
2018-12-21Stub out SO_OOBINLINE.Ian Gudger
We don't explicitly support out-of-band data and treat it like normal in-band data. This is equilivent to SO_OOBINLINE being enabled, so always report that it is enabled. PiperOrigin-RevId: 226572742 Change-Id: I4c30ccb83265e76c30dea631cbf86822e6ee1c1b
2018-12-21Kokoro: Build all packages as part of presubmit.Nicolas Lacasse
We now build all packages (including //test/...) with RBE as part of the Kokoro presubmit. The tests do not yet use RBE, because there are some failures. The Golang unit, integration, and image tests still run locally. The syscall test suite needs even more work to make it pass on RBE. Those will be enabled in follow-up CLs. They currently are not enabled at all on Kokoro. PiperOrigin-RevId: 226562208 Change-Id: Idd2b81b3e8f07bf300c77e68990493ba97d16e23
2018-12-21Configure Kokoro build with RBE.Nicolas Lacasse
PiperOrigin-RevId: 226552586 Change-Id: I078502d46e2e4a8252ef0477309af8d3ffbbf88d
2018-12-21Remove gunit_no_heapcheck from depsAndrei Vagin
heapcheck works fine now. PiperOrigin-RevId: 226552252 Change-Id: Ifcf17a377b3d6512a576f54462dd81c1d4c7b17c
2018-12-21Internal ChangeMichael Pratt
PiperOrigin-RevId: 226542979 Change-Id: Ife11ebd0a85b8a63078e6daa71b4a99a82080ac9
2018-12-21Implement SO_KEEPALIVE, TCP_KEEPIDLE, and TCP_KEEPINTVL.Ian Gudger
Within gVisor, plumb new socket options to netstack. Within netstack, fix GetSockOpt and SetSockOpt return value logic. PiperOrigin-RevId: 226532229 Change-Id: If40734e119eed633335f40b4c26facbebc791c74
2018-12-21Fix test util testsMichael Pratt
We actually need to include test main! PiperOrigin-RevId: 226524447 Change-Id: I9d9e631611183c7c1fbae1c20a222c9aeef269b2
2018-12-21inotify notifies watchers when control events bit are setFabricio Voznika
The code that matches the event being published with events watchers was wronly matching all watchers in case any of the control event bits were set. Issue #121 PiperOrigin-RevId: 226521230 Change-Id: Ie2c42bc4366faaf59fbf80a74e9297499bd93f9e
2018-12-21Update rules_go, gazelle, and GoMichael Pratt
PiperOrigin-RevId: 226511383 Change-Id: I3a42572d44582d5713841799ec1fd9695d050938
2018-12-21Automated rollback of changelist 226224230Jamie Liu
PiperOrigin-RevId: 226493053 Change-Id: Ia98d1cb6dd0682049e4d907ef69619831de5c34a
2018-12-20Deflake gofer_test.Nicolas Lacasse
We must wait for all lazy resources to be released before closing the rootFile. PiperOrigin-RevId: 226419499 Change-Id: I1d4d961a92b3816e02690cf3eaf0a88944d730cc
2018-12-20Make read and write respect SO_RCVTIMEO and SO_SNDTIMEOIan Gudger
PiperOrigin-RevId: 226387521 Change-Id: I0579ab262320fde6c72d2994dd38437f01a99ea5
2018-12-20Rename limits.MemoryPagesLocked to limits.MemoryLocked.Jamie Liu
"RLIMIT_MEMLOCK: This is the maximum number of bytes of memory that may be locked into RAM." - getrlimit(2) PiperOrigin-RevId: 226384346 Change-Id: Iefac4a1bb69f7714dc813b5b871226a8344dc800
2018-12-20test: deflake socket_inet_loopback.Zhaozhong Ni
PiperOrigin-RevId: 226350590 Change-Id: Idff080705f644f8f78ce92b53c77eecc37e002e7
2018-12-19Automated rollback of changelist 225861605Googler
PiperOrigin-RevId: 226224230 Change-Id: Id24c7d3733722fd41d5fe74ef64e0ce8c68f0b12
2018-12-19Implement pwritev2.Zach Koopmans
Implement pwritev2 and associated unit tests. Clean up preadv2 unit tests. Tag RWF_ flags in both preadv2 and pwritev2 with associated bug tickets. PiperOrigin-RevId: 226222119 Change-Id: Ieb22672418812894ba114bbc88e67f1dd50de620
2018-12-18Fix mremap expansion with mm.checkInvariants = true.Jamie Liu
Also remove useless RSS changes in mm.movePMAsLocked(). PiperOrigin-RevId: 226052996 Change-Id: If59fd259b93238fb2f15c1c8ebfeda14cb590a87
2018-12-18Allow PosixErrorOr<T> to be implicitly constructible from copyable T.Jamie Liu
PiperOrigin-RevId: 226037787 Change-Id: I5fb5f55f68b67dd86bbff46349b46e3e8e6b9d1b
2018-12-18Truncate ar before calling mm.breakCopyOnWriteLocked().Jamie Liu
... as required by the latter's precondition. PiperOrigin-RevId: 226033824 Change-Id: I6bc46d0e100c61cc58cb5fc69e70c4ca905cd92d
2018-12-18Deflake socket testsGoogler
PiperOrigin-RevId: 226029237 Change-Id: I6fcdb241d635468beb6d6c173f2e7f96d715bf26
2018-12-18Add BPFAction type with StringerFabricio Voznika
PiperOrigin-RevId: 226018694 Change-Id: I98965e26fe565f37e98e5df5f997363ab273c91b
2018-12-18Correctly handle filenames containing spaces in ParseProcMapsLine.Jamie Liu
PiperOrigin-RevId: 225992500 Change-Id: Icc8b1675f1cb625fc5e8ef7389beb42fa7bfaa13
2018-12-17Fix recv blocking for connectionless Unix sockets.Ian Gudger
Connectionless Unix sockets (DGRAM Unix sockets created with the socket system call) inherently only have a read queue. They do not establish bidirectional connections, instead, the connect system call only sets a default send location. Writes give the data to the other endpoint which has its own read queue. To simplify the code, connectionless Unix sockets still get read and write queues, but the write queue is a dummy and never waited on. The read queue is the connectionless endpoint's queue. This change fixes a bug where the dummy queue was incorrectly set as the read queue and the endpoint's queue was incorrectly set as the write queue. This meant that read notifications went to the dummy queue and were black holed. PiperOrigin-RevId: 225921042 Change-Id: I8d9059def787a2c3c305185b92d05093fbd2be2a
2018-12-17Expose internal testing flagMichael Pratt
Never to used outside of runsc tests! PiperOrigin-RevId: 225919013 Change-Id: Ib3b14aa2a2564b5246fb3f8933d95e01027ed186
2018-12-17Enable recently-fixed test case for shm_test.Rahat Mahmood
PiperOrigin-RevId: 225887356 Change-Id: Iee000dcfc9e0168c2566edf41c66108be9b68cd6
2018-12-17Turn off kokoro key-fetching until the key is available.Nicolas Lacasse
PiperOrigin-RevId: 225883292 Change-Id: I7e7f139d5865914c51866ea1d23220fcf221748c
2018-12-17overlayBoundEndpoint must be recursive if there is an overlay in the lower.Nicolas Lacasse
The old overlayBoundEndpoint assumed that the lower is not an overlay. It should check if the lower is an overlay and handle that case. PiperOrigin-RevId: 225882303 Change-Id: I60660c587d91db2826e0719da0983ec8ad024cb8
2018-12-17Refactor kokoro/run_tests.shNicolas Lacasse
This will make it easier to add RBE to bazel. PiperOrigin-RevId: 225865250 Change-Id: I530b5e09875267c18dc6e7e16590fe9e128253ac
2018-12-17Implement mlock(), kind of.Jamie Liu
Currently mlock() and friends do nothing whatsoever. However, mlocking is directly application-visible in a number of ways; for example, madvise(MADV_DONTNEED) and msync(MS_INVALIDATE) both fail on mlocked regions. We handle this inconsistently: MADV_DONTNEED is too important to not work, but MS_INVALIDATE is rejected. Change MM to track mlocked regions in a manner consistent with Linux. It still will not actually pin pages into host physical memory, but: - mlock() will now cause sentry memory management to precommit mlocked pages. - MADV_DONTNEED and MS_INVALIDATE will interact with mlocked pages as described above. PiperOrigin-RevId: 225861605 Change-Id: Iee187204979ac9a4d15d0e037c152c0902c8d0ee
2018-12-17Use more descriptive service account key name.Nicolas Lacasse
PiperOrigin-RevId: 225854218 Change-Id: I7843e9e04c58a87d3a7e20d43e64c677ad9c961b
2018-12-16Allow sending of multicast and IPv6 link-local packets w/o route.Chris Kuiper
Same as with broadcast packets, sending of a multicast packet shouldn't require accessing the route table. The same applies to IPv6 link-local addresses, which aren't routable at all (they don't belong to any subnet by definition). PiperOrigin-RevId: 225775870 Change-Id: Ic53e6560c125a83be2be9c3d112e66b36e8dfe7b
2018-12-14Add blocking recv testsIan Gudger
PiperOrigin-RevId: 225646045 Change-Id: Ic712ebc627587ef4a9486f0b39fe8c96100f10ff
2018-12-14Use containerd at HEAD until better tagged version is available.Nicolas Lacasse
Go 1.11.3 has a bug: https://github.com/golang/go/issues/29241 This is fixed/workarounded in containerd: https://github.com/containerd/containerd/commit/52de3717005eb20141c305bd93ff0d6ee5dfecb6 Until that commit has made it into a tagged version, we will use containerd at head. PiperOrigin-RevId: 225636987 Change-Id: I7e32beb7751f566f5b41682a29a14442c1aa56c2
2018-12-14Adds Code of ConductAnne Bertucio
Adds a code of conduct to the gVisor project that follows the Google Open Source Office recommended CoC. Change-Id: Iec85e93991765177aa681c4179ed0e4f2eb7b4d5 PiperOrigin-RevId: 225633127
2018-12-14Move fdnotifier package to reduce internal confusion.Adin Scannell
PiperOrigin-RevId: 225632398 Change-Id: I909e7e2925aa369adc28e844c284d9a6108e85ce
2018-12-14Mark sync.Mutex in TTYFileOperations as nosaveAndrei Vagin
PiperOrigin-RevId: 225621767 Change-Id: Ie3a42cdf0b0de22a020ff43e307bf86409cff329
2018-12-14Implement SO_SNDTIMEOIan Gudger
PiperOrigin-RevId: 225620490 Change-Id: Ia726107b3f58093a5f881634f90b071b32d2c269
2018-12-14Give Kokoro access to RBE service.Nicolas Lacasse
PiperOrigin-RevId: 225599728 Change-Id: I70cd9f9d7375e56ae8d0a531ad4efb41418e7402
2018-12-14Shard the syscall tests.Nicolas Lacasse
PiperOrigin-RevId: 225574278 Change-Id: If5060a37e8a9b0120bec2b5de4037354f0eaba16
2018-12-13Bump rules_go to v0.16.4 and go toolchain to v1.11.3.Nicolas Lacasse
PiperOrigin-RevId: 225465835 Change-Id: Iee467e493e5df0a9e149b131f54b0af84d221051
2018-12-13Remove unused variable.Nicolas Lacasse
PiperOrigin-RevId: 225455503 Change-Id: I327fc6e7ba26532b628f343dece3bd9fc4d3b524
2018-12-13container.Destroy should clean up container metadata even if other cleanups failNicolas Lacasse
If the sandbox process is dead (because of a panic or some other problem), container.Destroy will never remove the container metadata file, since it will always fail when calling container.stop(). This CL changes container.Destroy() to always perform the three necessary cleanup operations: * Stop the sandbox and gofer processes. * Remove the container fs on the host. * Delete the container metadata directory. Errors from these three operations will be concatenated and returned from Destroy(). PiperOrigin-RevId: 225448164 Change-Id: I99c6311b2e4fe5f6e2ca991424edf1ebeae9df32