summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-11-12Allow goid.Get() to be used outside of race builds.Jamie Liu
PiperOrigin-RevId: 342179912
2020-11-12Improve shim debug loggingFabricio Voznika
- Add log statements in service entry points. - Propagate `-debug` flag from shim invokation to the service - Load options when shim process is invoked to ensure runsc commands use the correct set of options, e.g. --debug --debug-logs=... - Add debug options to the shim configuration directly, so it doesn't rely on containerd configuration (and restart) to enable shim debug. - Save shim logs to dedicated file, so it's easier to read logs. They would be mixed with containerd logs and hard to distinguish otherwise. PiperOrigin-RevId: 342179868
2020-11-12Change AllocationSize to SizeWithPadding as requestedJulian Elischer
RELNOTES: n/a PiperOrigin-RevId: 342176296
2020-11-12Fix misuses of kernel.Task as context.Context.Jamie Liu
kernel.Task can only be used as context.Context by that Task's task goroutine. This is violated in at least two places: - In any case where one thread accesses the /proc/[tid] of any other thread, passing the kernel.Task for [tid] as the context.Context is incorrect. - Task.rebuildTraceContext() may be called by Kernel.RebuildTraceContexts() outside the scope of any task goroutine. Fix these (as well as a data race on Task.traceContext discovered during the course of finding the latter). PiperOrigin-RevId: 342174404
2020-11-12Add children names into verity hashChong Cai
children names map can be used to verify whether a child is expected during walking, so that we can detect unexpected modifications that deleted/renamed both the target file and the corresponding merkle tree file. PiperOrigin-RevId: 342170715
2020-11-12Pad with a loop rather than a copy from an allocation.Julian Elischer
Add a unit test for ipv4.Encode and a round trip test. PiperOrigin-RevId: 342169517
2020-11-12Remove TESTONLY tag from vfs2 flagFabricio Voznika
Updates #1035 PiperOrigin-RevId: 342168926
2020-11-12Rename kernel.TaskContext to kernel.TaskImage.Jamie Liu
This reduces confusion with context.Context (which is also relevant to kernel.Tasks) and is consistent with existing function kernel.LoadTaskImage(). PiperOrigin-RevId: 342167298
2020-11-12Move packet handling to NetworkEndpointGhanan Gowripalan
The NIC should not hold network-layer state or logic - network packet handling/forwarding should be performed at the network layer instead of the NIC. Fixes #4688 PiperOrigin-RevId: 342166985
2020-11-12Filter dentries with non-zero refs in VFS2 gofer/overlay checks.Jamie Liu
PiperOrigin-RevId: 342161204
2020-11-12[infra] Do not use debug flags for testing.Ayush Ranjan
This causes some networking related tests to take a very long time. Upon failure, tests can be manually run with debug flags to debug. As is the strace logs are not available from a test run. PiperOrigin-RevId: 342156294
2020-11-12Refactor merkletree testsChong Cai
Separate the test cases from TestVerify so that the test names reflect the test case better. PiperOrigin-RevId: 342152754
2020-11-11Read fsimpl/tmpfs timestamps atomically.Jamie Liu
PiperOrigin-RevId: 341982672
2020-11-11Add documentation for reference counting.Dean Deng
Fixes #1486. PiperOrigin-RevId: 341966640
2020-11-11Teach netstack how to add options to IPv4 packetsJulian Elischer
Most packets don't have options but they are an integral part of the standard. Teaching the ipv4 code how to handle them will simplify future testing and use. Because Options are so rare it is worth making sure that the extra work is kept out of the fast path as much as possible. Prior to this change, all usages of the IHL field of the IPv4Fields/Encode system set it to the same constant value except in a couple of tests for bad values. From this change IHL will not be a constant as it will depend on the size of any Options. Since ipv4.Encode() now handles the options it becomes a possible source of errors to let the callers set this value, so remove it entirely and calculate the value from the size of the Options if present (or not) therefore guaranteeing a correct value. Fixes #4709 RELNOTES: n/a PiperOrigin-RevId: 341864765
2020-11-10Add debug logs to startup benchmark.Zach Koopmans
PiperOrigin-RevId: 341757694
2020-11-10Internal changeJamie Liu
PiperOrigin-RevId: 341732791
2020-11-10Show run-benchmark output.Adin Scannell
PiperOrigin-RevId: 341667792
2020-11-10Add all base and fs tests to Continuous Tests.Zach Koopmans
PiperOrigin-RevId: 341660511
2020-11-10Add logging to internal gvisor when checking for kcov.Dean Deng
May help with debugging https://syzkaller.appspot.com/bug?id=0d717bd7028dceeb4b38f09aab2841c398b41d81 PiperOrigin-RevId: 341640485
2020-11-09Additions to ICMP and IPv4 parsersJulian Elischer
Teach ICMP.Parser/ToBytes to handle some non echo ICMP packets. Teach IPv4.Parser that fragments only have a payload, not an upper layer. Fix IPv4 and IPv6 reassembly tests to handle the change. Fixes #4758 PiperOrigin-RevId: 341549665
2020-11-09Evaluate T as a shell variable, not a Make variable.Adin Scannell
PiperOrigin-RevId: 341531230
2020-11-09Skip `EventHUp` notify in `FIN_WAIT2` on a socket close.Mithun Iyer
This Notify was added as part of cl/279106406; but notifying `EventHUp` in `FIN_WAIT2` is incorrect, as we want to only notify later on `TIME_WAIT` or a reset. However, we do need to notify any blocked waiters of an activity on the endpoint with `EventIn`|`EventOut`. PiperOrigin-RevId: 341490913
2020-11-09net: connect to the ipv4 localhost returns ENETUNREACH if the address isn't setAndrei Vagin
cl/340002915 modified the code to return EADDRNOTAVAIL if connect is called for a localhost address which isn't set. But actually, Linux returns EADDRNOTAVAIL for ipv6 addresses and ENETUNREACH for ipv4 addresses. Updates #4735 PiperOrigin-RevId: 341479129
2020-11-09parameterize regexp in netdevs.ParseDevicesZeling Feng
PiperOrigin-RevId: 341470647
2020-11-09Print a debug message if /sys/kernel/debug/kcov is availableAndrei Vagin
This will help to debug: https://syzkaller.appspot.com/bug?id=0d717bd7028dceeb4b38f09aab2841c398b41d81 PiperOrigin-RevId: 341458715
2020-11-09Merge pull request #4683 from lemin9538:lemin_fpsmid_fixgVisor bot
PiperOrigin-RevId: 341445910
2020-11-09iptables: add documentation about enabing docker ipv6Kevin Krakauer
PiperOrigin-RevId: 341439435
2020-11-09Initialize references with a value of 1.Dean Deng
This lets us avoid treating a value of 0 as one reference. All references using the refsvfs2 template must call InitRefs() before the reference is incremented/decremented, or else a panic will occur. Therefore, it should be pretty easy to identify missing InitRef calls during testing. Updates #1486. PiperOrigin-RevId: 341411151
2020-11-06Allow VFS2 gofer.dentries to have separate read and write FDs.Jamie Liu
This is necessary to allow writes to files opened with O_WRONLY to go through host FDs. PiperOrigin-RevId: 341174509
2020-11-06Merge pull request #4719 from zhlhahaha:2005gVisor bot
PiperOrigin-RevId: 341172694
2020-11-06Change size of startup benchmark and lower number of startups.Zach Koopmans
PiperOrigin-RevId: 341155693
2020-11-06[vfs] Return EEXIST when file already exists and rp.MustBeDir() is true.Ayush Ranjan
This is consistent with what Linux does. This was causing a PHP runtime test failure. Fixed it for VFS2. PiperOrigin-RevId: 341155209
2020-11-06Implement command GETNCNT for semctl.Jing Chen
PiperOrigin-RevId: 341154192
2020-11-06Trim link headers from buffer clone when sniffingGhanan Gowripalan
PiperOrigin-RevId: 341135083
2020-11-06Add pull image statment to benchmarks rule.Zach Koopmans
PiperOrigin-RevId: 341132662
2020-11-06Return early in walkSACK if segment has no SACK blocks.Bhasker Hariharan
This avoids a needless allocation. Updates #231 PiperOrigin-RevId: 341113160
2020-11-06[vfs] overlayfs: Do not unlink non-existing whiteout during file creation.Ayush Ranjan
We can reuse information about whether a whiteout exists on a given file path from stepLocked when creating a file at that path. This helps save an Unlink call to the upper filesystem if the whiteout does NOT exist (common case). Plumbs this information from lookupLocked() -> getChildLocked() -> stepLocked(). This also helped save a Lookup in RenameAt(). Fixes #1199 PiperOrigin-RevId: 341105351
2020-11-06Avoid extra DecRef on kernfs root for "kept" dentries.Dean Deng
The root dentry was not created through Inode.Lookup, so we should not release a reference even if inode.Keep() is true. PiperOrigin-RevId: 341103220
2020-11-06Fix infinite loop when splicing to pipes/eventfds.Nicolas Lacasse
Writes to pipes of size < PIPE_BUF are guaranteed to be atomic, so writes larger than that will return EAGAIN if the pipe has capacity < PIPE_BUF. Writes to eventfds will return EAGAIN if the write would cause the eventfd value to go over the max. In both such cases, calling Ready() on the FD will return true (because it is possible to write), but specific kinds of writes will in fact return EAGAIN. This CL fixes an infinite loop in splice and sendfile (VFS1 and VFS2) by forcing skipping the readiness check for the outfile in send, splice, and tee. PiperOrigin-RevId: 341102260
2020-11-06Do not send to the zero portGhanan Gowripalan
Port 0 is not meant to identify any remote port so attempting to send a packet to it should return an error. PiperOrigin-RevId: 341009528
2020-11-06Cap iovec array length in //pkg/sentry/hostfd.Jamie Liu
PiperOrigin-RevId: 341001328
2020-11-05Cache addressEndpoint.addr.Subnet() to avoid allocations.Bhasker Hariharan
This change adds a Subnet() method to AddressableEndpoint so that we can avoid repeated calls to AddressableEndpoint.AddressWithPrefix().Subnet(). Updates #231 PiperOrigin-RevId: 340969877
2020-11-05Re-add start/stop container testsFabricio Voznika
Due to a type doDestroyNotStartedTest was being tested 2x instead of doDestroyStartingTest. PiperOrigin-RevId: 340969797
2020-11-05Return failure when `runsc events` queries a stopped containerFabricio Voznika
This was causing gvisor-containerd-shim to crash because the command suceeded, but there was no stat present. PiperOrigin-RevId: 340964921
2020-11-05[runtime tests] Add partitions to runtime tests.Ayush Ranjan
This will allow us to run massive runtime tests live java to run in parallel across multiple jobs. PiperOrigin-RevId: 340956246
2020-11-05Use stack.Route exclusively for writing packetsGhanan Gowripalan
* Remove stack.Route from incoming packet path. There is no need to pass around a stack.Route during the incoming path of a packet. Instead, pass around the packet's link/network layer information in the packet buffer since all layers may need this information. * Support address bound and outgoing packet NIC in routes. When forwarding is enabled, the source address of a packet may be bound to a different interface than the outgoing interface. This change updates stack.Route to hold both NICs so that one can be used to write packets while the other is used to check if the route's bound address is valid. Note, we need to hold the address's interface so we can check if the address is a spoofed address. * Introduce the concept of a local route. Local routes are routes where the packet never needs to leave the stack; the destination is stack-local. We can now route between interfaces within a stack if the packet never needs to leave the stack, even when forwarding is disabled. * Always obtain a route from the stack before sending a packet. If a packet needs to be sent in response to an incoming packet, a route must be obtained from the stack to ensure the stack is configured to send packets to the packet's source from the packet's destination. * Enable spoofing if a stack may send packets from unowned addresses. This change required changes to some netgophers since previously, promiscuous mode was enough to let the netstack respond to all incoming packets regardless of the packet's destination address. Now that a stack.Route is not held for each incoming packet, finding a route may fail with local addresses we don't own but accepted packets for while in promiscuous mode. Since we also want to be able to send from any address (in response the received promiscuous mode packets), we need to enable spoofing. * Skip transport layer checksum checks for locally generated packets. If a packet is locally generated, the stack can safely assume that no errors were introduced while being locally routed since the packet is never sent out the wire. Some bugs fixed: - transport layer checksum was never calculated after NAT. - handleLocal didn't handle routing across interfaces. - stack didn't support forwarding across interfaces. - always consult the routing table before creating an endpoint. Updates #4688 Fixes #3906 PiperOrigin-RevId: 340943442
2020-11-05Internal ChangeZach Koopmans
PiperOrigin-RevId: 340941898
2020-11-05Fix failure setting OOM score adjustmentFabricio Voznika
When OOM score adjustment needs to be set, all the containers need to be loaded to find all containers that belong to the sandbox. However, each load signals the container to ensure it is still alive. OOM score adjustment is set during creation and deletion of every container, generating a flood of signals to all containers. The fix removes the signal check when it's not needed. There is also a race fetching OOM score adjustment value from the parent when the sandbox exits at the same time (the time it took to signal containers above made this window quite large). The fix is to store the original value in the sandbox state file and use it when the value needs to be restored. Also add more logging and made the existing ones more consistent to help with debugging. PiperOrigin-RevId: 340940799
2020-11-05[runtime tests] Exclude ext/pcre/tests/cache_limit.phpt.Ayush Ranjan
PiperOrigin-RevId: 340925131