summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-01-15Fix "unlock of unlocked mutex" crash when getting ttychris.zn
This patch holds taskset.mu when getting tty. If we don't do this, it may cause a "unlock of unlocked mutex" problem, since signalHandlers may be replaced by CopyForExec() in runSyscallAfterExecStop after the signalHandlers.mu has been holded in TTY(). The problem is easy to reproduce with keeping to do "runsc ps". The crash log is : fatal error: sync: unlock of unlocked mutex goroutine 5801304 [running]: runtime.throw(0xfd019c, 0x1e) GOROOT/src/runtime/panic.go:774 +0x72 fp=0xc001ba47b0 sp=0xc001ba4780 pc=0x431702 sync.throw(0xfd019c, 0x1e) GOROOT/src/runtime/panic.go:760 +0x35 fp=0xc001ba47d0 sp=0xc001ba47b0 pc=0x431685 sync.(*Mutex).unlockSlow(0xc00cf94a30, 0xc0ffffffff) GOROOT/src/sync/mutex.go:196 +0xd6 fp=0xc001ba47f8 sp=0xc001ba47d0 pc=0x4707d6 sync.(*Mutex).Unlock(0xc00cf94a30) GOROOT/src/sync/mutex.go:190 +0x48 fp=0xc001ba4818 sp=0xc001ba47f8 pc=0x4706e8 gvisor.dev/gvisor/pkg/sentry/kernel.(*ThreadGroup).TTY(0xc011a9e800, 0x0) pkg/sentry/kernel/tty.go:38 +0x88 fp=0xc001ba4868 sp=0xc001ba4818 pc=0x835fa8 gvisor.dev/gvisor/pkg/sentry/control.Processes(0xc00025ae00, 0xc013e397c0, 0x40, 0xc0137b9800, 0x1, 0x7f292e9a4cc0) pkg/sentry/control/proc.go:366 +0x355 fp=0xc001ba49a0 sp=0xc001ba4868 pc=0x9ac4a5 gvisor.dev/gvisor/runsc/boot.(*containerManager).Processes(0xc0003b62c0, 0xc0051423d0, 0xc0137b9800, 0x0, 0x0) runsc/boot/controller.go:228 +0xdf fp=0xc001ba49e8 sp=0xc001ba49a0 pc=0xaf06cf Signed-off-by: chris.zn <chris.zn@antfin.com>
2020-01-13Do Source Address Selection when choosing an IPv6 source addressGhanan Gowripalan
Do Source Address Selection when choosing an IPv6 source address as per RFC 6724 section 5 rules 1-3: 1) Prefer same address 2) Prefer appropriate scope 3) Avoid deprecated addresses. A later change will update Source Address Selection to follow rules 4-8. Tests: Rule 1 & 2: stack.TestIPv6SourceAddressSelectionScopeAndSameAddress, Rule 3: stack.TestAutoGenAddrTimerDeprecation, stack.TestAutoGenAddrDeprecateFromPI PiperOrigin-RevId: 289559373
2020-01-13Allow dual stack sockets to operate on AF_INETTamir Duberstein
Fixes #1490 Fixes #1495 PiperOrigin-RevId: 289523250
2020-01-13benchmarks/tcp: set a number of channels to GOMAXPROCSAndrei Vagin
Updates #231 PiperOrigin-RevId: 289502669
2020-01-13Merge pull request #1528 from kevinGC:iptables-writegVisor bot
PiperOrigin-RevId: 289479774
2020-01-13tests: fix errors detected by asan.Andrei Vagin
PiperOrigin-RevId: 289467083
2020-01-10Don't set RWF_HIPRI on InvalidOffset test.Brad Burlage
This test fails on ubuntu 18.04 because preadv2 for some reason returns EOPNOTSUPP instead of EINVAL. Instead of root-causing the failure, I'm dropping the flag in the preadv2 call since it isn't under test in this scenario. PiperOrigin-RevId: 289188358
2020-01-10Automated rollback of changelist 288990597Ghanan Gowripalan
PiperOrigin-RevId: 289169518
2020-01-10Put CancellableTimer tests in the tcpip_test packageGhanan Gowripalan
CancellableTimer tests were in a timer_test package but lived within the tcpip directory. This caused issues with go tools. PiperOrigin-RevId: 289166345
2020-01-10goid: new packageIan Gudger
Allows retrieving the goroutine ID for concurrency testing when the race detector is enabled. Updates #1472 PiperOrigin-RevId: 289155308
2020-01-10panic fix in retransmitTimerExpired.Bhasker Hariharan
This is a band-aid fix for now to prevent panics. PiperOrigin-RevId: 289078453
2020-01-09New sync package.Ian Gudger
* Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387
2020-01-09Merge pull request #1523 from majek:fix-1522-silly-window-rxgVisor bot
PiperOrigin-RevId: 289019953
2020-01-09Deflake a couple of TCP syscall tests when run under gotsan.Bhasker Hariharan
PiperOrigin-RevId: 289010316
2020-01-09Implement gcloud_producer for bm-toolsZach Koopmans
bm-tools works via "Machine" objects, which are front objects for actual virtual or physical machines. glcoud_producer produces machines on GCP using the `gcloud` tool. Included are: - GCloudProducer - the class producing machines - MockGCloudProducer - class for mocking GCloudProducer. - tests using the mock - test data as .json files. Code to generate this test data may be included in a follow up. PiperOrigin-RevId: 289005958
2020-01-09Inform NDPDispatcher when Stack learns about available configurations via DHCPv6Ghanan Gowripalan
Inform the Stack's NDPDispatcher when it receives an NDP Router Advertisement that updates the available configurations via DHCPv6. The Stack makes sure that its NDPDispatcher isn't informed unless the avaiable configurations via DHCPv6 for a NIC is updated. Tests: Test that a Stack's NDPDispatcher is informed when it receives an NDP Router Advertisement that informs it of new configurations available via DHCPv6. PiperOrigin-RevId: 289001283
2020-01-09Separate NDP tests into its own packageGhanan Gowripalan
Internal tools timeout after 60s during tests that are required to pass before changes can be submitted. Separate out NDP tests into its own package to help prevent timeouts when testing. PiperOrigin-RevId: 288990597
2020-01-09Merge pull request #1423 from xiaobo55x:stracegVisor bot
PiperOrigin-RevId: 288965915
2020-01-09Change BindToDeviceOption to store NICIDEyal Soha
This makes it possible to call the sockopt from go even when the NIC has no name. PiperOrigin-RevId: 288955236
2020-01-09Allow clients to store an opaque NICContext with NICsBert Muthalaly
...retrievable later via stack.NICInfo(). Clients of this library can use it to add metadata that should be tracked alongside a NIC, to avoid having to keep a map[tcpip.NICID]metadata mirroring stack.Stack's nic map. PiperOrigin-RevId: 288924900
2020-01-09Configure issue reviver to run with KokoroFabricio Voznika
PiperOrigin-RevId: 288921032
2020-01-08CancellableTimer to encapsulate the work of safely stopping timersGhanan Gowripalan
Add a new CancellableTimer type to encapsulate the work of safely stopping timers when it fires at the same time some "related work" is being handled. The term "related work" is some work that needs to be done while having obtained some common lock (L). Example: Say we have an invalidation timer that may be extended or cancelled by some event. Creating a normal timer and simply cancelling may not be sufficient as the timer may have already fired when the event handler attemps to cancel it. Even if the timer and event handler obtains L before doing work, once the event handler releases L, the timer will eventually obtain L and do some unwanted work. To prevent the timer from doing unwanted work, it checks if it should early return instead of doing the normal work after obtaining L. When stopping the timer callers must have L locked so the timer can be safely informed that it should early return. Test: Tests that CancellableTimer fires and resets properly. Test to make sure the timer fn is not called after being stopped within the lock L. PiperOrigin-RevId: 288806984
2020-01-08More GH comments.Kevin Krakauer
2020-01-08Return correct length with MSG_TRUNC for unix sockets.Ian Lewis
This change calls a new Truncate method on the EndpointReader in RecvMsg for both netlink and unix sockets. This allows readers such as sockets to peek at the length of data without actually reading it to a buffer. Fixes #993 #1240 PiperOrigin-RevId: 288800167
2020-01-08Define sizes for extent headers and entries separately to improve clarity.Dean Deng
PiperOrigin-RevId: 288799694
2020-01-08Addressed GH commentsKevin Krakauer
2020-01-08Fix slice bounds out of range panic in parsing socket control message.Ting-Yu Wang
Panic found by syzakller. PiperOrigin-RevId: 288799046
2020-01-08Github bug reviverFabricio Voznika
For everyone's joy, this is a tool that reopens issues that have been closed, but are still referenced by TODOs in the code. The idea is to run it in Kokoro nightly. Kokoro changes are coming up next. PiperOrigin-RevId: 288789560
2020-01-08Introduce tcpip.SockOptBoolTamir Duberstein
...and port V6OnlyOption to it. PiperOrigin-RevId: 288789451
2020-01-08Combine various Create*NIC methods into CreateNICWithOptions.Bert Muthalaly
PiperOrigin-RevId: 288779416
2020-01-08Rename tcpip.SockOpt{,Int}Tamir Duberstein
PiperOrigin-RevId: 288772878
2020-01-08Take addresses as constTamir Duberstein
PiperOrigin-RevId: 288767927
2020-01-08Merge pull request #1273 from lubinszARM:pr_ring_3gVisor bot
PiperOrigin-RevId: 288743614
2020-01-08Revert go.mod and go.sumKevin Krakauer
2020-01-08Comment cleanup.Kevin Krakauer
2020-01-08NewlineKevin Krakauer
2020-01-08Revert filter_input changeKevin Krakauer
2020-01-08Minor fixes to comments and loggingKevin Krakauer
2020-01-08Make /proc/[pid] offset start at TGID_OFFSETFabricio Voznika
Updates #1195 PiperOrigin-RevId: 288725745
2020-01-08Remove redundant function argumentTamir Duberstein
PacketLooping is already a member on the passed Route. PiperOrigin-RevId: 288721500
2020-01-08Write simple ACCEPT rules to the filter table.Kevin Krakauer
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added.
2020-01-08Add NIC.isLoopback()Bert Muthalaly
...enabling us to remove the "CreateNamedLoopbackNIC" variant of CreateNIC and all the plumbing to connect it through to where the value is read in FindRoute. PiperOrigin-RevId: 288713093
2020-01-08Fix #1522 - implement silly window sydrome protection on rx sideMarek Majkowski
Before, each of small read()'s that raises window either from zero or above threshold of aMSS, would generate an ACK. In a classic silly-window-syndrome scenario, we can imagine a pessimistic case when small read()'s generate a stream of ACKs. This PR fixes that, essentially treating window size < aMSS as zero. We send ACK exactly in a moment when window increases to >= aMSS or half of receive buffer size (whichever smaller).
2020-01-07fs/splice: don't report a partialResult error if there is no data lossAndrei Vagin
PiperOrigin-RevId: 288642552
2020-01-07Fix partial_bad_buffer write tests.Adin Scannell
The write tests are fitted to Linux-specific behavior, but it is not well-specified. Tweak the tests to allow for both acceptable outcomes. PiperOrigin-RevId: 288606386
2020-01-07Support deprecating SLAAC addresses after the preferred lifetimeGhanan Gowripalan
Support deprecating network endpoints on a NIC. If an endpoint is deprecated, it should not be used for new connections unless a more preferred endpoint is not available, or unless the deprecated endpoint was explicitly requested. Test: Test that deprecated endpoints are only returned when more preferred endpoints are not available and SLAAC addresses are deprecated after its preferred lifetime PiperOrigin-RevId: 288562705
2020-01-07#1398 - send ACK when available buffer space gets larger than 1 MSSMarek Majkowski
When receiving data, netstack avoids sending spurious acks. When user does recv() should netstack send ack telling the sender that the window was increased? It depends. Before this patch, netstack _will_ send the ack in the case when window was zero or window >> scale was zero. Basically - when recv space increased from zero. This is not working right with silly-window-avoidance on the sender side. Some network stacks refuse to transmit segments, that will fill the window but are below MSS. Before this patch, this confuses netstack. On one hand if the window was like 3 bytes, netstack will _not_ send ack if the window increases. On the other hand sending party will refuse to transmit 3-byte packet. This patch changes that, making netstack will send an ACK when the available buffer size increases to or above 1*MSS. This will inform other party buffer is large enough, and hopefully uncork it. Signed-off-by: Marek Majkowski <marek@cloudflare.com>
2020-01-07Disable auto-generation of IPv6 link-local addresses for loopback NICsGhanan Gowripalan
Test: Test that an IPv6 link-local address is not auto-generated for loopback NICs, even when it is enabled for non-loopback NICS. PiperOrigin-RevId: 288519591
2020-01-06Fix readme formatting.Kevin Krakauer
PiperOrigin-RevId: 288402480
2020-01-06Pass the NIC-internal name to the NIC name function when generating opaque IIDsGhanan Gowripalan
Pass the NIC-internal name to the NIC name function when generating opaque IIDs so implementations can use the name that was provided when the NIC was created. Previously, explicit NICID to NIC name resolution was required from the netstack integrator. Tests: Test that the name provided when creating a NIC is passed to the NIC name function when generating opaque IIDs. PiperOrigin-RevId: 288395359