summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-09-22Allow CLONE_SETTLS for Go 1.16Michael Pratt
https://go.googlesource.com/go/+/0941fc3 switches the Go runtime (on amd64) from using arch_prctl(ARCH_SET_FS) to CLONE_SETTLS to set the TLS. PiperOrigin-RevId: 333100550
2020-09-22Force clone parent_tidptr and child_tidptr to zeroMichael Pratt
Neither CLONE_PARENT_SETTID nor CLONE_CHILD_SETTID are used, so these arguments will always be NULL. PiperOrigin-RevId: 333085326
2020-09-21Allow partial writes for gofer.specialFileFD.Dean Deng
Originally, we avoided partial writes in case it caused us to write a partial packet to a socket-backed specialFileFD. However, this check causes splicing from a pipe to specialFileFD to fail if we hit EOF on the pipe. PiperOrigin-RevId: 333016216
2020-09-21Receive ACK when deleting address in syscall testsGhanan Gowripalan
PiperOrigin-RevId: 332961666
2020-09-21Point blog to install guideFabricio Voznika
It containes full instructions to download and install runsc with Docker now. PiperOrigin-RevId: 332960337
2020-09-21Fix socket_ipv4_udp_unbound_test_native in opensource.Zach Koopmans
Calls to recv sometimes fail with EAGAIN, so call select beforehand. PiperOrigin-RevId: 332943156
2020-09-21Use kernfs.Dentry for kernfs.Lookup.Dean Deng
Updates #1193. PiperOrigin-RevId: 332939026
2020-09-21Fix proc_net_test_native for native tests.Zach Koopmans
"DefaultValueEqZero" is only valid if the test is in a sandbox. Our CI VMs often have "/proc/sys/net/ipv4/ip_forward" set to 1. PiperOrigin-RevId: 332910859
2020-09-21Add ftruncate test for writeable fd but no write permissions.Dean Deng
PiperOrigin-RevId: 332907453
2020-09-21Port fuse tests to Makefile.Ayush Ranjan
PiperOrigin-RevId: 332878900
2020-09-21Fix flakes in UdpSocketTestZach Koopmans
`recv` calls with MSG_DONTWAIT can fail with EAGAIN randomly in tests. Fix this by calling `select` on sockets with a timeout prior to attempting a `recv`. PiperOrigin-RevId: 332873735
2020-09-20Merge pull request #3651 from ianlewis:ip-forwardinggVisor bot
PiperOrigin-RevId: 332760843
2020-09-18Disable vdso_clock_gettime on KVM.Jamie Liu
Unfortunately, I think TSC misalignment means that we can't really expect any consistent correspondence between a TSC-based VDSO and the sentry's view of time on the KVM platform. PiperOrigin-RevId: 332576147
2020-09-18Merge pull request #3989 from jinmouil:feature/fuse-fixgVisor bot
PiperOrigin-RevId: 332548335
2020-09-18Deflake stat_test with save/restore enabled.Nicolas Lacasse
PiperOrigin-RevId: 332546659
2020-09-18Implement fsimpl/overlay.filesystem.RenameAt.Jamie Liu
Updates #1199 PiperOrigin-RevId: 332539197
2020-09-18Disable PHP test ext/standard/tests/streams/proc_open_bug60120.phpt.Jamie Liu
PiperOrigin-RevId: 332521647
2020-09-18Use a tmpfs file for shared anonymous and /dev/zero mmap on VFS2.Jamie Liu
This is more consistent with Linux (see comment on MM.NewSharedAnonMappable()). We don't do the same thing on VFS1 for reasons documented by the updated comment. PiperOrigin-RevId: 332514849
2020-09-18fuse: update design doc with I/O implementationJinmou Li
2020-09-18Remove SKIP_IF for now-supported features.Kevin Krakauer
Updates #3549. PiperOrigin-RevId: 332501660
2020-09-18Reduce the number of steps to get started with gVisorFabricio Voznika
Streamline instruction for the common case. PiperOrigin-RevId: 332488910
2020-09-18Count packets dropped by iptables in IPStatsKevin Krakauer
PiperOrigin-RevId: 332486383
2020-09-18Merge pull request #3972 from btw616:fix/commentsgVisor bot
PiperOrigin-RevId: 332486111
2020-09-18Enqueue TCP sends arriving in SYN_SENT state.Mithun Iyer
TCP needs to enqueue any send requests arriving when the connection is in SYN_SENT state. The data should be sent out soon after completion of the connection handshake. Fixes #3995 PiperOrigin-RevId: 332482041
2020-09-18Add "Containing a Real Vulnerability" blog postFabricio Voznika
PiperOrigin-RevId: 332477119
2020-09-18Fix definition of SchedParam.Rahat Mahmood
Linux defines this struct as: struct sched_param { int priority; } ... in include/linux/sched.h. PiperOrigin-RevId: 332473133
2020-09-18Drop ARCH_GET_FSMichael Pratt
Go does not call arch_prctl(ARCH_GET_FS), nor am I sure it ever did. Drop the filter. PiperOrigin-RevId: 332470532
2020-09-18Use common parsing utilities when sniffingGhanan Gowripalan
Extract parsing utilities so they can be used by the sniffer. Fixes #3930 PiperOrigin-RevId: 332401880
2020-09-17fuse.DeviceFD needs to hold a reference on the associated filesystem.Rahat Mahmood
This fixes a use-after-free in fuse.DeviceFD.Release. PiperOrigin-RevId: 332394146
2020-09-17Test IPv4 WritePackets statsKevin Krakauer
IPv6 tests will be added in another CL along with ip6tables. PiperOrigin-RevId: 332389102
2020-09-17ip6tables: filter table supportKevin Krakauer
`ip6tables -t filter` is now usable. NAT support will come in a future CL. #3549 PiperOrigin-RevId: 332381801
2020-09-17{Set,Get} SO_LINGER on all endpoints.Nayana Bidari
SO_LINGER is a socket level option and should be stored on all endpoints even though it is used to linger only for TCP endpoints. PiperOrigin-RevId: 332369252
2020-09-17Fix root tests target in Makefile.Ayush Ranjan
PiperOrigin-RevId: 332358833
2020-09-17[testing] Use container address to talk to server running inside container.Ayush Ranjan
Docker does not have IPv6 port forwarding as tracked by the following issue: https://github.com/moby/moby/issues/11518 So when running bazel itself inside a docker container, we can not use the host port bindings to communicate with sockets inside the container. This was causing integration tests and image tests to fail when run through our Makefile targets. PiperOrigin-RevId: 332355051
2020-09-17Change sizeofInt32 to string sizeChong Cai
This constant is used to represent int32 stored in file xattrs. The integers are stored as strings there, so the real size should be the string size (number of digits) instead of an int size (4 bytes). PiperOrigin-RevId: 332353217
2020-09-17Set mode when creating Merkle tree fileChong Cai
PiperOrigin-RevId: 332340342
2020-09-17Complete vfs2 implementation of fallocate.Dean Deng
This change includes overlay, special regular gofer files, and hostfs. Fixes #3589. PiperOrigin-RevId: 332330860
2020-09-17Merge pull request #3979 from jinmouil:feature/fuse-fixgVisor bot
PiperOrigin-RevId: 332328860
2020-09-17Return ENOPROTOOPT for all SOL_PACKET options.Bhasker Hariharan
This is required to make tcpdump work. tcpdump falls back to not using things like PACKET_RX_RING if setsockopt returns ENOPROTOOPT. This used to be the case before https://github.com/google/gvisor/commit/6f8fb7e0db2790ff1f5ba835780c03fe245e437f. Fixes #3981 PiperOrigin-RevId: 332326517
2020-09-17Fix kernfs unlinkat and rmdirat incorrect resolved path nameJinmou Li
2020-09-17Provide testing container with docker config file.Ayush Ranjan
This is needed by test/e2e/integration_test:TestCheckpointRestore to check for filesystem versioning. PiperOrigin-RevId: 332285566
2020-09-17Remove option to panic goferFabricio Voznika
Gofer panics are suppressed by p9 server and an error is returned to the caller, making it effectively the same as returning EROFS. PiperOrigin-RevId: 332282959
2020-09-17Deflake vdso_clock_gettime test.Jamie Liu
PiperOrigin-RevId: 332281930
2020-09-17Disable nodejs12.4 test async-hooks/test-statwatcher.Jamie Liu
PiperOrigin-RevId: 332281912
2020-09-17Add VFS2 overlay support in runscFabricio Voznika
All tests under runsc are passing with overlay enabled. Updates #1487, #1199 PiperOrigin-RevId: 332181267
2020-09-17fsimpl: improve the "implements" commentsTiwei Bie
As noticed by @ayushr2, the "implements" comments are not consistent, e.g. // IterDirents implements kernfs.inodeDynamicLookup. // Generate implements vfs.DynamicBytesSource.Generate. This patch improves this by making the comments like this consistently include the package name (when the interface and struct are not in the same package) and method name. Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2020-09-16Merge pull request #3934 from avagin:feature/fusegVisor bot
PiperOrigin-RevId: 332122081
2020-09-16Implement OpenAt() for verity fsChong Cai
OpenAt() for verity fs is implemented by opening both the target file or directory and the corresponding Merkle tree file in the underlying file system. Generally they are only open for read. In allowRuntimeEnable mode, the Merkle tree file is also open for write. PiperOrigin-RevId: 332116423
2020-09-16Cleanup device name confusion in packetimpact testbenchZeling Feng
There are two device names on the test net. - The sniffer/injector device which is always a linux device. Only the testbench library is interested in this device. - The device which is on the DUT. It happens to be the same device as the former if DUT is linux. An individual test might be interested in this device if the test cares about the device name. PiperOrigin-RevId: 332112968
2020-09-16Automated rollback of changelist 329526153Nayana Bidari
PiperOrigin-RevId: 332097286