Age | Commit message (Collapse) | Author |
|
... when it is possible.
The guitar gVisorKernel*Workflow-s runs test with the local execution_method.
In this case, blaze runs test cases locally without sandboxes. This means
that all tests run in the same network namespace. We have a few tests which
use hard-coded network ports and they can fail if one of these port will be
used by someone else or by another test cases.
PiperOrigin-RevId: 323137254
|
|
The "dev" target had been failing. The failure was being caused due to variable
overload of "RUNTIME".
PiperOrigin-RevId: 323106040
|
|
The travis capacity is limited, but we build and test amd64 on kokoro.
PiperOrigin-RevId: 323103934
|
|
Implement WalkGetAttr() to reuse the stat that is already
needed for Walk(). In addition, cache file QID, so it
doesn't need to stat the file to compute it.
open(2) time improved by 10%:
Baseline: 6780 ns
Change: 6083 ns
Also fixed file type which was not being set in all places.
PiperOrigin-RevId: 323102560
|
|
PiperOrigin-RevId: 323066414
|
|
PiperOrigin-RevId: 322954792
|
|
- All Marshal* and Unmarshal* methods now require buffers to be correctly sized
- Only the Copy{In/Out} variants can handle smaller buffers (or address spaces)
PiperOrigin-RevId: 322953881
|
|
Updates #2923
PiperOrigin-RevId: 322953552
|
|
PiperOrigin-RevId: 322937495
|
|
PiperOrigin-RevId: 322928424
|
|
- Check write permission on truncate(2). Unlike ftruncate(2),
truncate(2) fails if the user does not have write permissions
on the file.
- For gofers under InteropModeShared, check file type before
making a truncate request. We should fail early and avoid
making an rpc when possible. Furthermore, depending on the
remote host's failure may give us unexpected behavior--if the
host converts the truncate request to an ftruncate syscall on
an open fd, we will get EINVAL instead of EISDIR.
Updates #2923.
PiperOrigin-RevId: 322913569
|
|
Fix typos.
PiperOrigin-RevId: 322913282
|
|
Changes the API of tcpip.Clock to also provide a method for scheduling and
rescheduling work after a specified duration. This change also implements the
AfterFunc method for existing implementations of tcpip.Clock.
This is the groundwork required to mock time within tests. All references to
CancellableTimer has been replaced with the tcpip.Job interface, allowing for
custom implementations of scheduling work.
This is a BREAKING CHANGE for clients that implement their own tcpip.Clock or
use tcpip.CancellableTimer. Migration plan:
1. Add AfterFunc(d, f) to tcpip.Clock
2. Replace references of tcpip.CancellableTimer with tcpip.Job
3. Replace calls to tcpip.CancellableTimer#StopLocked with tcpip.Job#Cancel
4. Replace calls to tcpip.CancellableTimer#Reset with tcpip.Job#Schedule
5. Replace calls to tcpip.NewCancellableTimer with tcpip.NewJob.
PiperOrigin-RevId: 322906897
|
|
For some reason these tests were broken when run via the bazel docker
container. The mechanism used was a bit crazy (self-extracting bundle),
so convert them to use straight-forward starlark rules. This has the
added advantaged that they are now independent tests.
|
|
PiperOrigin-RevId: 322904430
|
|
PiperOrigin-RevId: 322890087
|
|
Like task_work in Linux, this allows us to register callbacks to be executed
before returning to userspace. This is needed for kcov support, which requires
coverage information to be up-to-date whenever we are in user mode. We will
provide coverage data through the kcov interface to enable coverage-directed
fuzzing in syzkaller.
One difference from Linux is that task work cannot queue work before the
transition to userspace that it precedes; queued work will be picked up before
the next transition.
PiperOrigin-RevId: 322889984
|
|
PiperOrigin-RevId: 322888057
|
|
This patch load/save TLS for the container application.
Related issue: full context-switch supporting for Arm64 #1238
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/2761 from lubinszARM:pr_tls_2 cb5dbca1c9c3f378002406da7a58887f9b5032b3
PiperOrigin-RevId: 322887044
|
|
PiperOrigin-RevId: 322882426
|
|
|
|
Allow FUSE filesystems to be mounted using libfuse.
The appropriate flags and mount options are parsed and
understood by fusefs.
|
|
PiperOrigin-RevId: 322859907
|
|
PiperOrigin-RevId: 322853192
|
|
Fixes #3334
PiperOrigin-RevId: 322846384
|
|
Socket option values are now required to implement marshal.Marshallable.
Co-authored-by: Rahat Mahmood <rahat@google.com>
PiperOrigin-RevId: 322831612
|
|
Open tries to reuse the control file to save syscalls and
file descriptors when opening a file. However, when the
control file was opened using O_PATH (e.g. no file permission
to open readonly), Open() would not check for it.
PiperOrigin-RevId: 322821729
|
|
And do some refactoring of the wait logic in sendfile/splice/tee.
Updates #1035 #2923
PiperOrigin-RevId: 322815521
|
|
We were getting the file attributes before locking the metadataMu which was
causing stale updates to the file attributes.
Fixes OpenTest_AppendConcurrentWrite.
Updates #2923
PiperOrigin-RevId: 322804438
|
|
PiperOrigin-RevId: 322803359
|
|
PiperOrigin-RevId: 322788791
|
|
Fixed the following error:
tools/bazel.mk:119: *** Destination not provided.. Stop.
The issue was that we were running all make commands in a subshell so variables
like $T were not passed on.
The other issue was related to credentials. The test passed locally but not on
kokoro, the only difference in the workflow was the credentials bit.
Also fixed up some other tiny issues I came across, were not blockers.
PiperOrigin-RevId: 322782457
|
|
Previously, ICMP destination unreachable datagrams were ignored by TCP
endpoints. This caused connect to hang when an intermediate router
couldn't find a route to the host.
This manifested as a Kokoro error when Docker IPv6 was enabled. The Ruby
image test would try to install the sinatra gem and hang indefinitely
attempting to use an IPv6 address.
Fixes #3079.
|
|
Fixes a NAT bug that manifested as:
- A SYN was sent from gVisor to another host, unaffected by iptables.
- The corresponding SYN/ACK was NATted by a PREROUTING REDIRECT rule
despite being part of the existing connection.
- The socket that sent the SYN never received the SYN/ACK and thus a
connection could not be established.
We handle this (as Linux does) by tracking all connections, inserting a
no-op conntrack rule for new connections with no rules of their own.
Needed for istio support (#170).
|
|
For iptables users, Check() is a hot path called for every packet one or more
times. Let's avoid a bunch of map lookups.
PiperOrigin-RevId: 322678699
|
|
Updates #2923
PiperOrigin-RevId: 322671489
|
|
Helps in fixing open syscall tests: AppendConcurrentWrite and AppendOnly.
We also now update the file size for seekable special files (regular files)
which we were not doing earlier.
Updates #2923
PiperOrigin-RevId: 322670843
|
|
Updates #173
PiperOrigin-RevId: 322665518
|
|
Temporarily skip these, on bhaskherh@'s advice.
PiperOrigin-RevId: 322664955
|
|
|
|
PiperOrigin-RevId: 322265513
|
|
- Fixes some html validation issues.
- Fixes links on security basics blog post.
- Adds rel=noopener to links with target=_blank and adds a check to
htmlproofer.
- Add favicon check to htmlproofer.
Fixes #3286
Fixes #3284
PiperOrigin-RevId: 321892602
|
|
PiperOrigin-RevId: 321887956
|
|
PiperOrigin-RevId: 321885126
|
|
PiperOrigin-RevId: 321875119
|
|
PiperOrigin-RevId: 321839398
|
|
DUT logs will include logs from the posix server and gVisor, which
provides a way to instrument the DUT during test failures.
PiperOrigin-RevId: 321816647
|
|
PiperOrigin-RevId: 321808673
|
|
PiperOrigin-RevId: 321790802
|
|
Updates #173
PiperOrigin-RevId: 321690756
|