summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-11-07Merge release-20201030.0-47-g3ac00fe9c (automated)gVisor bot
2020-11-06Implement command GETNCNT for semctl.Jing Chen
PiperOrigin-RevId: 341154192
2020-11-07Merge release-20201030.0-46-g5288e1941 (automated)gVisor bot
2020-11-06Trim link headers from buffer clone when sniffingGhanan Gowripalan
PiperOrigin-RevId: 341135083
2020-11-06Merge release-20201030.0-45-g6c93dc970 (automated)gVisor bot
2020-11-06Add pull image statment to benchmarks rule.Zach Koopmans
PiperOrigin-RevId: 341132662
2020-11-06Merge release-20201030.0-44-g9e82747d6 (automated)gVisor bot
2020-11-06Return early in walkSACK if segment has no SACK blocks.Bhasker Hariharan
This avoids a needless allocation. Updates #231 PiperOrigin-RevId: 341113160
2020-11-06Merge release-20201030.0-43-g949dc1d09 (automated)gVisor bot
2020-11-06[vfs] overlayfs: Do not unlink non-existing whiteout during file creation.Ayush Ranjan
We can reuse information about whether a whiteout exists on a given file path from stepLocked when creating a file at that path. This helps save an Unlink call to the upper filesystem if the whiteout does NOT exist (common case). Plumbs this information from lookupLocked() -> getChildLocked() -> stepLocked(). This also helped save a Lookup in RenameAt(). Fixes #1199 PiperOrigin-RevId: 341105351
2020-11-06Merge release-20201030.0-42-gbcd883f09 (automated)gVisor bot
2020-11-06Avoid extra DecRef on kernfs root for "kept" dentries.Dean Deng
The root dentry was not created through Inode.Lookup, so we should not release a reference even if inode.Keep() is true. PiperOrigin-RevId: 341103220
2020-11-06Merge release-20201030.0-41-g53eeb06ef (automated)gVisor bot
2020-11-06Fix infinite loop when splicing to pipes/eventfds.Nicolas Lacasse
Writes to pipes of size < PIPE_BUF are guaranteed to be atomic, so writes larger than that will return EAGAIN if the pipe has capacity < PIPE_BUF. Writes to eventfds will return EAGAIN if the write would cause the eventfd value to go over the max. In both such cases, calling Ready() on the FD will return true (because it is possible to write), but specific kinds of writes will in fact return EAGAIN. This CL fixes an infinite loop in splice and sendfile (VFS1 and VFS2) by forcing skipping the readiness check for the outfile in send, splice, and tee. PiperOrigin-RevId: 341102260
2020-11-06Merge release-20201030.0-40-g955e09dfb (automated)gVisor bot
2020-11-06Do not send to the zero portGhanan Gowripalan
Port 0 is not meant to identify any remote port so attempting to send a packet to it should return an error. PiperOrigin-RevId: 341009528
2020-11-06Merge release-20201030.0-39-g29683f359 (automated)gVisor bot
2020-11-06Cap iovec array length in //pkg/sentry/hostfd.Jamie Liu
PiperOrigin-RevId: 341001328
2020-11-06Merge release-20201030.0-38-g06e33cd73 (automated)gVisor bot
2020-11-05Cache addressEndpoint.addr.Subnet() to avoid allocations.Bhasker Hariharan
This change adds a Subnet() method to AddressableEndpoint so that we can avoid repeated calls to AddressableEndpoint.AddressWithPrefix().Subnet(). Updates #231 PiperOrigin-RevId: 340969877
2020-11-06Merge release-20201030.0-37-g0e8fdfd38 (automated)gVisor bot
2020-11-05Re-add start/stop container testsFabricio Voznika
Due to a type doDestroyNotStartedTest was being tested 2x instead of doDestroyStartingTest. PiperOrigin-RevId: 340969797
2020-11-06Merge release-20201030.0-36-g62b0e845b (automated)gVisor bot
2020-11-05Return failure when `runsc events` queries a stopped containerFabricio Voznika
This was causing gvisor-containerd-shim to crash because the command suceeded, but there was no stat present. PiperOrigin-RevId: 340964921
2020-11-06Merge release-20201030.0-35-gf27edcc70 (automated)gVisor bot
2020-11-05[runtime tests] Add partitions to runtime tests.Ayush Ranjan
This will allow us to run massive runtime tests live java to run in parallel across multiple jobs. PiperOrigin-RevId: 340956246
2020-11-06Merge release-20201030.0-34-g8c0701462 (automated)gVisor bot
2020-11-05Merge release-20201030.0-33-g7caefd68d (automated)gVisor bot
2020-11-05Use stack.Route exclusively for writing packetsGhanan Gowripalan
* Remove stack.Route from incoming packet path. There is no need to pass around a stack.Route during the incoming path of a packet. Instead, pass around the packet's link/network layer information in the packet buffer since all layers may need this information. * Support address bound and outgoing packet NIC in routes. When forwarding is enabled, the source address of a packet may be bound to a different interface than the outgoing interface. This change updates stack.Route to hold both NICs so that one can be used to write packets while the other is used to check if the route's bound address is valid. Note, we need to hold the address's interface so we can check if the address is a spoofed address. * Introduce the concept of a local route. Local routes are routes where the packet never needs to leave the stack; the destination is stack-local. We can now route between interfaces within a stack if the packet never needs to leave the stack, even when forwarding is disabled. * Always obtain a route from the stack before sending a packet. If a packet needs to be sent in response to an incoming packet, a route must be obtained from the stack to ensure the stack is configured to send packets to the packet's source from the packet's destination. * Enable spoofing if a stack may send packets from unowned addresses. This change required changes to some netgophers since previously, promiscuous mode was enough to let the netstack respond to all incoming packets regardless of the packet's destination address. Now that a stack.Route is not held for each incoming packet, finding a route may fail with local addresses we don't own but accepted packets for while in promiscuous mode. Since we also want to be able to send from any address (in response the received promiscuous mode packets), we need to enable spoofing. * Skip transport layer checksum checks for locally generated packets. If a packet is locally generated, the stack can safely assume that no errors were introduced while being locally routed since the packet is never sent out the wire. Some bugs fixed: - transport layer checksum was never calculated after NAT. - handleLocal didn't handle routing across interfaces. - stack didn't support forwarding across interfaces. - always consult the routing table before creating an endpoint. Updates #4688 Fixes #3906 PiperOrigin-RevId: 340943442
2020-11-05Internal ChangeZach Koopmans
PiperOrigin-RevId: 340941898
2020-11-05Merge release-20201030.0-32-gc47f8afe2 (automated)gVisor bot
2020-11-05Fix failure setting OOM score adjustmentFabricio Voznika
When OOM score adjustment needs to be set, all the containers need to be loaded to find all containers that belong to the sandbox. However, each load signals the container to ensure it is still alive. OOM score adjustment is set during creation and deletion of every container, generating a flood of signals to all containers. The fix removes the signal check when it's not needed. There is also a race fetching OOM score adjustment value from the parent when the sandbox exits at the same time (the time it took to signal containers above made this window quite large). The fix is to store the original value in the sandbox state file and use it when the value needs to be restored. Also add more logging and made the existing ones more consistent to help with debugging. PiperOrigin-RevId: 340940799
2020-11-05Merge release-20201030.0-31-gcaf1e52e1 (automated)gVisor bot
2020-11-05[runtime tests] Exclude ext/pcre/tests/cache_limit.phpt.Ayush Ranjan
PiperOrigin-RevId: 340925131
2020-11-05Merge release-20201030.0-30-ga00c5df98 (automated)gVisor bot
2020-11-05Deflake semaphore_test.Jamie Liu
- Disable saving in tests that wait for EINTR. - Do not execute async-signal-unsafe code after fork() (see fork(2)'s manpage, "After a fork in a multithreaded program ...") - Check for errors returned by semctl(GETZCNT). PiperOrigin-RevId: 340901353
2020-11-05Merge release-20201030.0-29-g771e9ce8e (automated)gVisor bot
2020-11-04Unlock tcp endpoint mutex before blocking forever.Dean Deng
This was occasionally causing tests to get stuck due to races with the save process, during which the same mutex is acquired. PiperOrigin-RevId: 340789616
2020-11-05Merge release-20201030.0-28-ge29972ec0 (automated)gVisor bot
2020-11-04Make the regex for inet6Line in packetimpact/netdevs more accurateZeling Feng
PiperOrigin-RevId: 340763455
2020-11-04Merge release-20201027.0-65-ga15562c01 (automated)gVisor bot
2020-11-04Include file size in Merkle hashChong Cai
The file size can now also be verified. Also, since we are zero-padding the last block of the data, we cannot differentiate the cases between zero-padded block from the blocks that are ends with zeroes. With the size included this can be addressed, as those cases would have different file size. PiperOrigin-RevId: 340695510
2020-11-04Merge release-20201027.0-64-g3b18bdbd3 (automated)gVisor bot
2020-11-03Update WORKSPACE to use Go 1.15.2Ian Lewis
Updates #2785 PiperOrigin-RevId: 340566576
2020-11-03Merge release-20201027.0-63-g1cfa8d58f (automated)gVisor bot
2020-11-03Fix more nogo testsTing-Yu Wang
PiperOrigin-RevId: 340536306
2020-11-03Merge release-20201027.0-62-g580bbb749 (automated)gVisor bot
2020-11-03[vfs2] Do not drop inotify waiters across S/R.Dean Deng
The waits-for relationship between an epoll instance and an inotify fd should be restored. This fixes flaky inotify vfs2 tests. PiperOrigin-RevId: 340531367
2020-11-03Merge release-20201027.0-61-g723464ec5 (automated)gVisor bot
2020-11-03Make pipe min/max sizes match linux.Nicolas Lacasse
The default pipe size already matched linux, and is unchanged. Furthermore `atomicIOBytes` is made a proper constant (as it is in Linux). We were plumbing usermem.PageSize everywhere, so this is no functional change. PiperOrigin-RevId: 340497006