Age | Commit message (Collapse) | Author |
|
https://go.googlesource.com/go/+/0941fc3 switches the Go runtime (on amd64)
from using arch_prctl(ARCH_SET_FS) to CLONE_SETTLS to set the TLS.
PiperOrigin-RevId: 333100550
|
|
Neither CLONE_PARENT_SETTID nor CLONE_CHILD_SETTID are used, so these arguments
will always be NULL.
PiperOrigin-RevId: 333085326
|
|
Originally, we avoided partial writes in case it caused us to write a partial
packet to a socket-backed specialFileFD. However, this check causes splicing
from a pipe to specialFileFD to fail if we hit EOF on the pipe.
PiperOrigin-RevId: 333016216
|
|
PiperOrigin-RevId: 332961666
|
|
It containes full instructions to download and install
runsc with Docker now.
PiperOrigin-RevId: 332960337
|
|
Calls to recv sometimes fail with EAGAIN, so call select beforehand.
PiperOrigin-RevId: 332943156
|
|
Updates #1193.
PiperOrigin-RevId: 332939026
|
|
"DefaultValueEqZero" is only valid if the test is in a
sandbox. Our CI VMs often have "/proc/sys/net/ipv4/ip_forward" set
to 1.
PiperOrigin-RevId: 332910859
|
|
PiperOrigin-RevId: 332907453
|
|
PiperOrigin-RevId: 332878900
|
|
`recv` calls with MSG_DONTWAIT can fail with EAGAIN randomly
in tests. Fix this by calling `select` on sockets with a timeout
prior to attempting a `recv`.
PiperOrigin-RevId: 332873735
|
|
PiperOrigin-RevId: 332760843
|
|
Unfortunately, I think TSC misalignment means that we can't really expect any
consistent correspondence between a TSC-based VDSO and the sentry's view of
time on the KVM platform.
PiperOrigin-RevId: 332576147
|
|
PiperOrigin-RevId: 332548335
|
|
PiperOrigin-RevId: 332546659
|
|
Updates #1199
PiperOrigin-RevId: 332539197
|
|
PiperOrigin-RevId: 332521647
|
|
This is more consistent with Linux (see comment on MM.NewSharedAnonMappable()).
We don't do the same thing on VFS1 for reasons documented by the updated
comment.
PiperOrigin-RevId: 332514849
|
|
|
|
Updates #3549.
PiperOrigin-RevId: 332501660
|
|
Streamline instruction for the common case.
PiperOrigin-RevId: 332488910
|
|
PiperOrigin-RevId: 332486383
|
|
PiperOrigin-RevId: 332486111
|
|
TCP needs to enqueue any send requests arriving when the connection is in
SYN_SENT state. The data should be sent out soon after completion of the
connection handshake.
Fixes #3995
PiperOrigin-RevId: 332482041
|
|
PiperOrigin-RevId: 332477119
|
|
Linux defines this struct as:
struct sched_param {
int priority;
}
... in include/linux/sched.h.
PiperOrigin-RevId: 332473133
|
|
Go does not call arch_prctl(ARCH_GET_FS), nor am I sure it ever did. Drop the
filter.
PiperOrigin-RevId: 332470532
|
|
Extract parsing utilities so they can be used by the sniffer.
Fixes #3930
PiperOrigin-RevId: 332401880
|
|
This fixes a use-after-free in fuse.DeviceFD.Release.
PiperOrigin-RevId: 332394146
|
|
IPv6 tests will be added in another CL along with ip6tables.
PiperOrigin-RevId: 332389102
|
|
`ip6tables -t filter` is now usable. NAT support will come in a future CL.
#3549
PiperOrigin-RevId: 332381801
|
|
SO_LINGER is a socket level option and should be stored on all endpoints even
though it is used to linger only for TCP endpoints.
PiperOrigin-RevId: 332369252
|
|
PiperOrigin-RevId: 332358833
|
|
Docker does not have IPv6 port forwarding as tracked by the following issue:
https://github.com/moby/moby/issues/11518
So when running bazel itself inside a docker container, we can not use the host
port bindings to communicate with sockets inside the container. This was causing
integration tests and image tests to fail when run through our Makefile targets.
PiperOrigin-RevId: 332355051
|
|
This constant is used to represent int32 stored in file xattrs. The
integers are stored as strings there, so the real size should be the
string size (number of digits) instead of an int size (4 bytes).
PiperOrigin-RevId: 332353217
|
|
PiperOrigin-RevId: 332340342
|
|
This change includes overlay, special regular gofer files, and hostfs.
Fixes #3589.
PiperOrigin-RevId: 332330860
|
|
PiperOrigin-RevId: 332328860
|
|
This is required to make tcpdump work. tcpdump falls back to not using things
like PACKET_RX_RING if setsockopt returns ENOPROTOOPT. This used to be the case
before https://github.com/google/gvisor/commit/6f8fb7e0db2790ff1f5ba835780c03fe245e437f.
Fixes #3981
PiperOrigin-RevId: 332326517
|
|
|
|
This is needed by test/e2e/integration_test:TestCheckpointRestore to check for
filesystem versioning.
PiperOrigin-RevId: 332285566
|
|
Gofer panics are suppressed by p9 server and an error
is returned to the caller, making it effectively the
same as returning EROFS.
PiperOrigin-RevId: 332282959
|
|
PiperOrigin-RevId: 332281930
|
|
PiperOrigin-RevId: 332281912
|
|
All tests under runsc are passing with overlay enabled.
Updates #1487, #1199
PiperOrigin-RevId: 332181267
|
|
As noticed by @ayushr2, the "implements" comments are not
consistent, e.g.
// IterDirents implements kernfs.inodeDynamicLookup.
// Generate implements vfs.DynamicBytesSource.Generate.
This patch improves this by making the comments like this
consistently include the package name (when the interface
and struct are not in the same package) and method name.
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
|
|
PiperOrigin-RevId: 332122081
|
|
OpenAt() for verity fs is implemented by opening both the target file or
directory and the corresponding Merkle tree file in the underlying file
system. Generally they are only open for read. In allowRuntimeEnable
mode, the Merkle tree file is also open for write.
PiperOrigin-RevId: 332116423
|
|
There are two device names on the test net.
- The sniffer/injector device which is always a linux device. Only the
testbench library is interested in this device.
- The device which is on the DUT. It happens to be the same device as
the former if DUT is linux. An individual test might be interested in
this device if the test cares about the device name.
PiperOrigin-RevId: 332112968
|
|
PiperOrigin-RevId: 332097286
|