summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-12-20Rename limits.MemoryPagesLocked to limits.MemoryLocked.Jamie Liu
"RLIMIT_MEMLOCK: This is the maximum number of bytes of memory that may be locked into RAM." - getrlimit(2) PiperOrigin-RevId: 226384346 Change-Id: Iefac4a1bb69f7714dc813b5b871226a8344dc800
2018-12-20test: deflake socket_inet_loopback.Zhaozhong Ni
PiperOrigin-RevId: 226350590 Change-Id: Idff080705f644f8f78ce92b53c77eecc37e002e7
2018-12-19Automated rollback of changelist 225861605Googler
PiperOrigin-RevId: 226224230 Change-Id: Id24c7d3733722fd41d5fe74ef64e0ce8c68f0b12
2018-12-19Implement pwritev2.Zach Koopmans
Implement pwritev2 and associated unit tests. Clean up preadv2 unit tests. Tag RWF_ flags in both preadv2 and pwritev2 with associated bug tickets. PiperOrigin-RevId: 226222119 Change-Id: Ieb22672418812894ba114bbc88e67f1dd50de620
2018-12-18Fix mremap expansion with mm.checkInvariants = true.Jamie Liu
Also remove useless RSS changes in mm.movePMAsLocked(). PiperOrigin-RevId: 226052996 Change-Id: If59fd259b93238fb2f15c1c8ebfeda14cb590a87
2018-12-18Allow PosixErrorOr<T> to be implicitly constructible from copyable T.Jamie Liu
PiperOrigin-RevId: 226037787 Change-Id: I5fb5f55f68b67dd86bbff46349b46e3e8e6b9d1b
2018-12-18Truncate ar before calling mm.breakCopyOnWriteLocked().Jamie Liu
... as required by the latter's precondition. PiperOrigin-RevId: 226033824 Change-Id: I6bc46d0e100c61cc58cb5fc69e70c4ca905cd92d
2018-12-18Deflake socket testsGoogler
PiperOrigin-RevId: 226029237 Change-Id: I6fcdb241d635468beb6d6c173f2e7f96d715bf26
2018-12-18Add BPFAction type with StringerFabricio Voznika
PiperOrigin-RevId: 226018694 Change-Id: I98965e26fe565f37e98e5df5f997363ab273c91b
2018-12-18Correctly handle filenames containing spaces in ParseProcMapsLine.Jamie Liu
PiperOrigin-RevId: 225992500 Change-Id: Icc8b1675f1cb625fc5e8ef7389beb42fa7bfaa13
2018-12-17Fix recv blocking for connectionless Unix sockets.Ian Gudger
Connectionless Unix sockets (DGRAM Unix sockets created with the socket system call) inherently only have a read queue. They do not establish bidirectional connections, instead, the connect system call only sets a default send location. Writes give the data to the other endpoint which has its own read queue. To simplify the code, connectionless Unix sockets still get read and write queues, but the write queue is a dummy and never waited on. The read queue is the connectionless endpoint's queue. This change fixes a bug where the dummy queue was incorrectly set as the read queue and the endpoint's queue was incorrectly set as the write queue. This meant that read notifications went to the dummy queue and were black holed. PiperOrigin-RevId: 225921042 Change-Id: I8d9059def787a2c3c305185b92d05093fbd2be2a
2018-12-17Expose internal testing flagMichael Pratt
Never to used outside of runsc tests! PiperOrigin-RevId: 225919013 Change-Id: Ib3b14aa2a2564b5246fb3f8933d95e01027ed186
2018-12-17Enable recently-fixed test case for shm_test.Rahat Mahmood
PiperOrigin-RevId: 225887356 Change-Id: Iee000dcfc9e0168c2566edf41c66108be9b68cd6
2018-12-17Turn off kokoro key-fetching until the key is available.Nicolas Lacasse
PiperOrigin-RevId: 225883292 Change-Id: I7e7f139d5865914c51866ea1d23220fcf221748c
2018-12-17overlayBoundEndpoint must be recursive if there is an overlay in the lower.Nicolas Lacasse
The old overlayBoundEndpoint assumed that the lower is not an overlay. It should check if the lower is an overlay and handle that case. PiperOrigin-RevId: 225882303 Change-Id: I60660c587d91db2826e0719da0983ec8ad024cb8
2018-12-17Refactor kokoro/run_tests.shNicolas Lacasse
This will make it easier to add RBE to bazel. PiperOrigin-RevId: 225865250 Change-Id: I530b5e09875267c18dc6e7e16590fe9e128253ac
2018-12-17Implement mlock(), kind of.Jamie Liu
Currently mlock() and friends do nothing whatsoever. However, mlocking is directly application-visible in a number of ways; for example, madvise(MADV_DONTNEED) and msync(MS_INVALIDATE) both fail on mlocked regions. We handle this inconsistently: MADV_DONTNEED is too important to not work, but MS_INVALIDATE is rejected. Change MM to track mlocked regions in a manner consistent with Linux. It still will not actually pin pages into host physical memory, but: - mlock() will now cause sentry memory management to precommit mlocked pages. - MADV_DONTNEED and MS_INVALIDATE will interact with mlocked pages as described above. PiperOrigin-RevId: 225861605 Change-Id: Iee187204979ac9a4d15d0e037c152c0902c8d0ee
2018-12-17Use more descriptive service account key name.Nicolas Lacasse
PiperOrigin-RevId: 225854218 Change-Id: I7843e9e04c58a87d3a7e20d43e64c677ad9c961b
2018-12-16Allow sending of multicast and IPv6 link-local packets w/o route.Chris Kuiper
Same as with broadcast packets, sending of a multicast packet shouldn't require accessing the route table. The same applies to IPv6 link-local addresses, which aren't routable at all (they don't belong to any subnet by definition). PiperOrigin-RevId: 225775870 Change-Id: Ic53e6560c125a83be2be9c3d112e66b36e8dfe7b
2018-12-14Add blocking recv testsIan Gudger
PiperOrigin-RevId: 225646045 Change-Id: Ic712ebc627587ef4a9486f0b39fe8c96100f10ff
2018-12-14Use containerd at HEAD until better tagged version is available.Nicolas Lacasse
Go 1.11.3 has a bug: https://github.com/golang/go/issues/29241 This is fixed/workarounded in containerd: https://github.com/containerd/containerd/commit/52de3717005eb20141c305bd93ff0d6ee5dfecb6 Until that commit has made it into a tagged version, we will use containerd at head. PiperOrigin-RevId: 225636987 Change-Id: I7e32beb7751f566f5b41682a29a14442c1aa56c2
2018-12-14Adds Code of ConductAnne Bertucio
Adds a code of conduct to the gVisor project that follows the Google Open Source Office recommended CoC. Change-Id: Iec85e93991765177aa681c4179ed0e4f2eb7b4d5 PiperOrigin-RevId: 225633127
2018-12-14Move fdnotifier package to reduce internal confusion.Adin Scannell
PiperOrigin-RevId: 225632398 Change-Id: I909e7e2925aa369adc28e844c284d9a6108e85ce
2018-12-14Mark sync.Mutex in TTYFileOperations as nosaveAndrei Vagin
PiperOrigin-RevId: 225621767 Change-Id: Ie3a42cdf0b0de22a020ff43e307bf86409cff329
2018-12-14Implement SO_SNDTIMEOIan Gudger
PiperOrigin-RevId: 225620490 Change-Id: Ia726107b3f58093a5f881634f90b071b32d2c269
2018-12-14Give Kokoro access to RBE service.Nicolas Lacasse
PiperOrigin-RevId: 225599728 Change-Id: I70cd9f9d7375e56ae8d0a531ad4efb41418e7402
2018-12-14Shard the syscall tests.Nicolas Lacasse
PiperOrigin-RevId: 225574278 Change-Id: If5060a37e8a9b0120bec2b5de4037354f0eaba16
2018-12-13Bump rules_go to v0.16.4 and go toolchain to v1.11.3.Nicolas Lacasse
PiperOrigin-RevId: 225465835 Change-Id: Iee467e493e5df0a9e149b131f54b0af84d221051
2018-12-13Remove unused variable.Nicolas Lacasse
PiperOrigin-RevId: 225455503 Change-Id: I327fc6e7ba26532b628f343dece3bd9fc4d3b524
2018-12-13container.Destroy should clean up container metadata even if other cleanups failNicolas Lacasse
If the sandbox process is dead (because of a panic or some other problem), container.Destroy will never remove the container metadata file, since it will always fail when calling container.stop(). This CL changes container.Destroy() to always perform the three necessary cleanup operations: * Stop the sandbox and gofer processes. * Remove the container fs on the host. * Delete the container metadata directory. Errors from these three operations will be concatenated and returned from Destroy(). PiperOrigin-RevId: 225448164 Change-Id: I99c6311b2e4fe5f6e2ca991424edf1ebeae9df32
2018-12-13Clean up shm segments created by shm_test.Rahat Mahmood
This test suite was creating shm segments without ensuring they were cleaned up. Shm segments outlive the process creating them, so on a standard linux machine the test was leaving segments behind after each run. This would often cause failures as test cases would be affected by the cases that ran before them and left unexpected segments lying around. Also skip some assertions around memory usage when running on a Linux host, as we can't reason about external users of shm segments. PiperOrigin-RevId: 225435523 Change-Id: Ia299dacf59045002436f5e30dcc131f679bb7272
2018-12-13Fix WAITALL and RCVTIMEO interactionIan Gudger
PiperOrigin-RevId: 225424296 Change-Id: I60fcc2b859339dca9963cb32227a287e719ab765
2018-12-13transport/tcp: remove unused error return valuesIan Gudger
PiperOrigin-RevId: 225421480 Change-Id: I1e9259b0b7e8490164e830b73338a615129c7f0e
2018-12-12Flush socket test descriptionIan Gudger
This ensures that we know what type of socket caused a timeout. PiperOrigin-RevId: 225294255 Change-Id: I9033bd0f3791d3b5714aa08d111cf58a3014d252
2018-12-12Filesystems shouldn't be saving references to Platform.Rahat Mahmood
Platform objects are not savable, storing references to them in filesystem datastructures would cause save to fail if someone actually passed in a Platform. Current implementations work because everywhere a Platform is expected, we currently pass in a Kernel object which embeds Platform and thus satisfies the interface. Eliminate this indirection and save pointers to Kernel directly. PiperOrigin-RevId: 225288336 Change-Id: Ica399ff43f425e15bc150a0d7102196c3d54a2ab
2018-12-12Fix a data race on Shm.key.Rahat Mahmood
PiperOrigin-RevId: 225240907 Change-Id: Ie568ce3cd643f3e4a0eaa0444f4ed589dcf6031f
2018-12-12Pass information about map writableness to filesystems.Rahat Mahmood
This is necessary to implement file seals for memfds. PiperOrigin-RevId: 225239394 Change-Id: Ib3f1ab31385afc4b24e96cd81a05ef1bebbcbb70
2018-12-11Add rvalue ref-qualified PosixErrorOr<T>::ValueOrDie() overloads.Jamie Liu
This allows ValueOrDie() to be called on PosixErrorOr rvalues (e.g. temporaries) holding move-only types without extraneous std::move()s. PiperOrigin-RevId: 225098036 Change-Id: I662862e4f3562141f941845fc6e197edb27ce29b
2018-12-11Add "trace signal" optionMichael Pratt
This option is effectively equivalent to -panic-signal, except that the sandbox does not die after logging the traceback. PiperOrigin-RevId: 225089593 Change-Id: Ifb1c411210110b6104613f404334bd02175e484e
2018-12-11Format unshare flagsMichael Pratt
unshare actually takes a subset of clone flags, but has no unique flags, so formatting as clone flags is close enough. PiperOrigin-RevId: 225082774 Change-Id: I5b580f18607c7785f323e37809094115520a17c0
2018-12-11Fix README typosMichael Pratt
PiperOrigin-RevId: 225054712 Change-Id: I26e8bc3ef04fe96a4640e50ba4b635d4aa72cc50
2018-12-11Fix typo.Christopher Koch
PiperOrigin-RevId: 225046313 Change-Id: I95fe9c353a5bec13e6ad99094b7741a0e160e4d0
2018-12-11Remove unused envv variable from two funcs.Christopher Koch
PiperOrigin-RevId: 225041520 Change-Id: Ib1afc693e592d308d60db82022c5b7743fd3c646
2018-12-10Fix test tag argument typoMichael Pratt
The argument is --test_tag_filters, not --test_tag_filter. Also switch to ... instead of :*, as it doesn't require special shell quoting to avoid * expansion. PiperOrigin-RevId: 224949618 Change-Id: I45dd6acbaeae29f2cc0baa977b086b5c037c6a88
2018-12-10Minor wording update to Kubernetes support section of the READMEIan Lewis
Updated the README to correct some wording and clarify a bit that containerd CRI runtime is needed. PiperOrigin-RevId: 224944753 Change-Id: I7b9c527500f99571aca7ef73058472ae9b3d5371
2018-12-10Add safecopy support for arm64 platform.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I565214581eeb44045169da7f44d45a489082ac3a PiperOrigin-RevId: 224938170
2018-12-10Implement MSG_WAITALLIan Gudger
MSG_WAITALL requests that recv family calls do not perform short reads. It only has an effect for SOCK_STREAM sockets, other types ignore it. PiperOrigin-RevId: 224918540 Change-Id: Id97fbf972f1f7cbd4e08eec0138f8cbdf1c94fe7
2018-12-10Open source system call tests.Brian Geffon
PiperOrigin-RevId: 224886231 Change-Id: I0fccb4d994601739d8b16b1d4e6b31f40297fb22
2018-12-10Internal change.Nicolas Lacasse
PiperOrigin-RevId: 224865061 Change-Id: I6aa31f880931980ad2fc4c4b3cc4c532aacb31f4
2018-12-10Add type safety to shm ids and keys.Rahat Mahmood
PiperOrigin-RevId: 224864380 Change-Id: I49542279ad56bf15ba462d3de1ef2b157b31830a