summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-07-27Added the O_LARGEFILE flag.Justine Olshan
This flag will always be true for gVisor files. PiperOrigin-RevId: 206355963 Change-Id: I2f03d2412e2609042df43b06d1318cba674574d0
2018-07-27stateify: support explicit annotation mode; convert refs and stack packages.Zhaozhong Ni
We have been unnecessarily creating too many savable types implicitly. PiperOrigin-RevId: 206334201 Change-Id: Idc5a3a14bfb7ee125c4f2bb2b1c53164e46f29a8
2018-07-27Replace sleeps with waits in tests - part IIFabricio Voznika
PiperOrigin-RevId: 206333130 Change-Id: Ic85874dbd53c5de2164a7bb75769d52d43666c2a
2018-07-26Don't copy-up extended attributes that specifically configure a lower overlay.Nicolas Lacasse
When copying-up files from a lower fs to an upper, we also copy the extended attributes on the file. If there is a (nested) overlay inside the lower, some of these extended attributes configure the lower overlay, and should not be copied-up to the upper. In particular, whiteout attributes in the lower fs overlay should not be copied-up, since the upper fs may actually contain the file. PiperOrigin-RevId: 206236010 Change-Id: Ia0454ac7b99d0e11383f732a529cb195ed364062
2018-07-26Add "github.com/cenkalti/backoff" dependency to WORKSPACE file.Nicolas Lacasse
PiperOrigin-RevId: 206193369 Change-Id: I70b67848f498f48c3ff809b60dd08b67001c9324
2018-07-25Replace sleeps with waits in tests - part IFabricio Voznika
PiperOrigin-RevId: 206084473 Change-Id: I44e1b64b9cdd2964357799dca27cc0cbc19ce07d
2018-07-25Format openat flagsMichael Pratt
PiperOrigin-RevId: 206021774 Change-Id: I447b6c751c28a8d8d4d78468b756b6ad8c61e169
2018-07-25runsc: Fix "exec" command when called without --pid-file.Nicolas Lacasse
When "exec" command is called without the "--detach" flag, we spawn a second "exec" command and wait for that one to start. We use the pid file passed in --pid-file to detect when this second command has started running. However if "exec" is called with no --pid-file flag, this system breaks down, as we don't have a pid file to wait for. This CL ensures that the second instance of the "exec" command always writes a pid-file, so the wait is successful. PiperOrigin-RevId: 206002403 Change-Id: If9f2be31eb6e831734b1b833f25054ec71ab94a6
2018-07-24Typo fix.Kevin Krakauer
PiperOrigin-RevId: 205880843 Change-Id: If2272b25f08a18ebe9b6309a1032dd5cdaa59866
2018-07-23Refactor new reno congestion control logic out of sender.Bhasker Hariharan
This CL also puts the congestion control logic behind an interface so that we can easily swap it out for say CUBIC in the future. PiperOrigin-RevId: 205732848 Change-Id: I891cdfd17d4d126b658b5faa0c6bd6083187944b
2018-07-23Created a docker integration test for a tomcat image.Justine Olshan
PiperOrigin-RevId: 205718733 Change-Id: I200b23af064d256f157baf9da5005ab16cc55928
2018-07-23Add KVM and overlay dimensions to container_testFabricio Voznika
PiperOrigin-RevId: 205714667 Change-Id: I317a2ca98ac3bdad97c4790fcc61b004757d99ef
2018-07-20Removed a now incorrect reference to restoreFile.Justine Olshan
PiperOrigin-RevId: 205470108 Change-Id: I226878a887fe1133561005357a9e3b09428b06b6
2018-07-20Format getcwd pathMichael Pratt
PiperOrigin-RevId: 205440332 Change-Id: I2a838f363e079164c83da88e1b0b8769844fe79b
2018-07-19runsc: copy gateway from the pod network interface.Lantao Liu
PiperOrigin-RevId: 205334841 Change-Id: Ia60d486f9aae70182fdc4af50cf7c915986126d7
2018-07-19kernel: mutations on creds now require a copy.Adin Scannell
PiperOrigin-RevId: 205315612 Change-Id: I9a0a1e32c8abfb7467a38743b82449cc92830316
2018-07-19fs: Pass context to Revalidate() function.Nicolas Lacasse
The current revalidation logic is very simple and does not do much introspection of the dirent being revalidated (other than looking at the type of file). Fancier revalidation logic is coming soon, and we need to be able to look at the cached and uncached attributes of a given dirent, and we need a context to perform some of these operations. PiperOrigin-RevId: 205307351 Change-Id: If17ea1c631d8f9489c0e05a263e23d7a8a3bf159
2018-07-19ConfigureMMap on an overlay file delegates to the upper if there is no lower.Nicolas Lacasse
In the general case with an overlay, all mmap calls must go through the overlay, because in the event of a copy-up, the overlay needs to invalidate any previously-created mappings. If there if no lower file, however, there will never be a copy-up, so the overlay can delegate directly to the upper file in that case. This also allows us to correctly mmap /dev/zero when it is in an overlay. This file has special semantics which the overlay does not know about. In particular, it does not implement Mappable(), which (in the general case) the overlay uses to detect if a file is mappable or not. PiperOrigin-RevId: 205306743 Change-Id: I92331649aa648340ef6e65411c2b42c12fa69631
2018-07-19Add AT_UID, AT_EUID, AT_GID, AT_EGID to aux vector.Brian Geffon
With musl libc when these entries are missing from the aux vector it's forcing libc.secure (effectively AT_SECURE). This mode prevents RPATH and LD_LIBRARY_PATH from working. https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n1488 As the first entry is a mask of all the aux fields set: https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n187 PiperOrigin-RevId: 205284684 Change-Id: I04de7bab241043306b4f732306a81d74edfdff26
2018-07-19sentry: save stack in proc net dev.Zhaozhong Ni
PiperOrigin-RevId: 205253858 Change-Id: Iccdc493b66d1b4d39de44afb1184952183b1283f
2018-07-18Moved restore code out of create and made to be called after create.Justine Olshan
Docker expects containers to be created before they are restored. However, gVisor restoring requires specificactions regarding the kernel and the file system. These actions were originally in booting the sandbox. Now setting up the file system is deferred until a call to a call to runsc start. In the restore case, the kernel is destroyed and a new kernel is created in the same process, as we need the same process for Docker. These changes required careful execution of concurrent processes which required the use of a channel. Full docker integration still needs the ability to restore into the same container. PiperOrigin-RevId: 205161441 Change-Id: Ie1d2304ead7e06855319d5dc310678f701bd099f
2018-07-18runsc: Fixes to CheckpointRestoreTest.Nicolas Lacasse
We must delete the output file at the beginning of the test, otherwise the test fails immediately. Also some minor cleanups in readOutputFile. PiperOrigin-RevId: 205150525 Change-Id: I6bae1acd5b315320a2c6e25a59afcfc06267fb17
2018-07-18Fix lock-ordering violation in Create by logging BaseName instead of FullName.Nicolas Lacasse
Dirent.FullName takes the global renameMu, but can be called during Create, which itself takes dirent.mu and dirent.dirMu, which is a lock-order violation: Dirent.Create d.dirMu.Lock d.mu.Lock Inode.Create gofer.inodeOperations.Create gofer.NewFile Dirent.FullName d.renameMu.RLock We only use the FullName here for logging, and in this case we can get by with logging only the BaseName. A `BaseName` method was added to Dirent, which simply returns the name, taking d.parent.mu as required. In the Create pathway, we can't call d.BaseName() because taking d.parent.mu after d.mu violates the lock order. But we already know the base name of the file we just created, so that's OK. In the Open/GetFile pathway, we are free to call d.BaseName() because the other dirent locks are not held. PiperOrigin-RevId: 205112278 Change-Id: Ib45c734081aecc9b225249a65fa8093eb4995f10
2018-07-17Merge FileMem.usage in IncRefMichael Pratt
Per the doc, usage must be kept maximally merged. Beyond that, it is simply a good idea to keep fragmentation in usage to a minimum. The glibc malloc allocator allocates one page at a time, potentially causing lots of fragmentation. However, those pages are likely to have the same number of references, often making it possible to merge ranges. PiperOrigin-RevId: 204960339 Change-Id: I03a050cf771c29a4f05b36eaf75b1a09c9465e14
2018-07-17Add API to decode 'stat.st_rdev' into major and minor numbers.Neel Natu
PiperOrigin-RevId: 204936533 Change-Id: Ib060920077fc914f97c4a0548a176d1368510c7b
2018-07-17netstack: update goroutine save / restore safety comments.Zhaozhong Ni
PiperOrigin-RevId: 204930314 Change-Id: Ifc4c41ed28616cd57fafbf7c92e87141a945c41f
2018-07-16Add CPUID faulting for ptrace and KVM.Adin Scannell
PiperOrigin-RevId: 204858314 Change-Id: I8252bf8de3232a7a27af51076139b585e73276d4
2018-07-16Start allocation and reclaim scans only where they may find a matchMichael Pratt
If usageSet is heavily fragmented, findUnallocatedRange and findReclaimable can spend excessive cycles linearly scanning the set for unallocated/free pages. Improve common cases by beginning the scan only at the first page that could possibly contain an unallocated/free page. This metadata only guarantees that there is no lower unallocated/free page, but a scan may still be required (especially for multi-page allocations). That said, this heuristic can still provide significant performance improvements for certain applications. PiperOrigin-RevId: 204841833 Change-Id: Ic41ad33bf9537ecd673a6f5852ab353bf63ea1e6
2018-07-16Add EventOperations.HostFD()Neel Natu
This method allows an eventfd inside the Sentry to be registered with with the host kernel. Update comment about memory mapping host fds via CachingInodeOperations. PiperOrigin-RevId: 204784859 Change-Id: I55823321e2d84c17ae0f7efaabc6b55b852ae257
2018-07-13runsc: Fix map access race in boot.Loader.waitContainer.Nicolas Lacasse
PiperOrigin-RevId: 204522004 Change-Id: I4819dc025f0a1df03ceaaba7951b1902d44562b3
2018-07-13Bump the timeout when waiting for python HTTP server.Nicolas Lacasse
PiperOrigin-RevId: 204511630 Change-Id: Ib841a7144f3833321b0e69b8585b03c4ed55a265
2018-07-13Allow a filesystem to control its visibility in /proc/filesystems.Neel Natu
PiperOrigin-RevId: 204508520 Change-Id: I09e5f8b6e69413370e1a0d39dbb7dc1ee0b6192d
2018-07-13Point the Kokoro test script to the actual location of install.sh.Nicolas Lacasse
PiperOrigin-RevId: 204501071 Change-Id: Ia5f7ca725bf68ee53ff3922b13c75c0685467ce9
2018-07-13Note that Mount errors do not require translationsMichael Pratt
PiperOrigin-RevId: 204490639 Change-Id: I0fe26306bae9320c6aa4f854fe0ef25eebd93233
2018-07-12Fix aio eventfd lookupMichael Pratt
We're failing to set eventFile in the outer scope. PiperOrigin-RevId: 204392995 Change-Id: Ib9b04f839599ef552d7b5951d08223e2b1d5f6ad
2018-07-12sentry: wait for restore clock instead of panicing in Timekeeper.Zhaozhong Ni
PiperOrigin-RevId: 204372296 Change-Id: If1ed9843b93039806e0c65521f30177dc8036979
2018-07-12sentry: save inet stacks in proc files.Zhaozhong Ni
PiperOrigin-RevId: 204362791 Change-Id: If85ea7442741e299f0d7cddbc3d6b415e285da81
2018-07-12netstack: save tcp endpoint accepted channel directly.Zhaozhong Ni
PiperOrigin-RevId: 204356873 Change-Id: I5e2f885f58678e693aae1a69e8bf8084a685af28
2018-07-12netstack: do not defer panicable logic in tcp main loop.Zhaozhong Ni
PiperOrigin-RevId: 204355026 Change-Id: I1a8229879ea3b58aa861a4eb4456fd7aff99863d
2018-07-12runsc: Don't close the control server in a defer.Nicolas Lacasse
Closing the control server will block until all open requests have completed. If a control server method panics, we end up stuck because the defer'd Destroy function will never return. PiperOrigin-RevId: 204354676 Change-Id: I6bb1d84b31242d7c3f20d5334b1c966bd6a61dbf
2018-07-12Format documentationMichael Pratt
PiperOrigin-RevId: 204323728 Change-Id: I1ff9aa062ffa12583b2e38ec94c87db7a3711971
2018-07-12Bump rules_go to v0.13.0, and go toolchain to 1.10.3Nicolas Lacasse
PiperOrigin-RevId: 204321643 Change-Id: Id52f9cb5aa12c0859ca6fc8012d7f20744773b88
2018-07-11Automated rollback of changelist 203157739Bhasker Hariharan
PiperOrigin-RevId: 204196916 Change-Id: If632750fc6368acb835e22cfcee0ae55c8a04d16
2018-07-11Move ptrace constants to abi/linux.Jamie Liu
PiperOrigin-RevId: 204188763 Change-Id: I5596ab7abb3ec9e210a7f57b3fc420e836fa43f3
2018-07-11Add MemoryManager.Pin.Jamie Liu
PiperOrigin-RevId: 204162313 Change-Id: Ib0593dde88ac33e222c12d0dca6733ef1f1035dc
2018-07-11Created runsc and docker integration tests.Justine Olshan
Moved some of the docker image functions to testutil.go. Test runsc commands create, start, stop, pause, and resume. PiperOrigin-RevId: 204138452 Change-Id: Id00bc58d2ad230db5e9e905eed942187e68e7c7b
2018-07-10Internal changeMichael Pratt
PiperOrigin-RevId: 204028082 Change-Id: I4251cce10aace43f9b9a80c36204ef66f1b329df
2018-07-10Modified error message for clarity.Brielle Broder
Previously, error message only showed "<nil>" when child and pid were the same (since no error is returned by the Wait4 syscall in this case) which occurs when the process has incorrectly terminated. A new error message was added to improve clarity for such a case. Tests for this function were modified to reflect the improved distinction between process termination and error. PiperOrigin-RevId: 204018107 Change-Id: Ib38481c9590405e5bafcb6efe27fd49b3948910c
2018-07-10Exit tmpfs.fileInodeOperations.Translate early if required.Start >= EOF.Jamie Liu
Otherwise required and optional can be empty or have negative length. PiperOrigin-RevId: 204007079 Change-Id: I59e472a87a8caac11ffb9a914b8d79bf0cd70995
2018-07-10netstack: only do connected TCP S/R for loopback connections.Zhaozhong Ni
PiperOrigin-RevId: 204006237 Change-Id: Ica8402ab54d9dd7d11cc41c6d74aacef51d140b7