summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-05-14Merge release-20200422.0-301-g8b8774d (automated)gVisor bot
2020-05-13Stub support for TCP_SYNCNT and TCP_WINDOW_CLAMP.Bhasker Hariharan
This change adds support for TCP_SYNCNT and TCP_WINDOW_CLAMP options in GetSockOpt/SetSockOpt. This change does not really change any behaviour in Netstack and only stores/returns the stored value. Actual honoring of these options will be added as required. Fixes #2626, #2625 PiperOrigin-RevId: 311453777
2020-05-14Merge release-20200422.0-300-g64afaf0 (automated)gVisor bot
2020-05-13Fix runsc association of gofers and FDs on VFS2.Jamie Liu
Updates #1487 PiperOrigin-RevId: 311443628
2020-05-14Merge release-20200422.0-299-gdb655f0 (automated)gVisor bot
2020-05-13Resolve remaining TODOs for tmpfs.Nicolas Lacasse
Closes #1197 PiperOrigin-RevId: 311438223
2020-05-13Merge release-20200422.0-298-g8605c97 (automated)gVisor bot
2020-05-13Automated rollback of changelist 311285868Bhasker Hariharan
PiperOrigin-RevId: 311424257
2020-05-13Merge release-20200422.0-297-gd846077 (automated)gVisor bot
2020-05-13Enable overlayfs_stale_read by default for runsc.Jamie Liu
Linux 4.18 and later make reads and writes coherent between pre-copy-up and post-copy-up FDs representing the same file on an overlay filesystem. However, memory mappings remain incoherent: - Documentation/filesystems/overlayfs.rst, "Non-standard behavior": "If a file residing on a lower layer is opened for read-only and then memory mapped with MAP_SHARED, then subsequent changes to the file are not reflected in the memory mapping." - fs/overlay/file.c:ovl_mmap() passes through to the underlying FD without any management of coherence in the overlay. - Experimentally on Linux 5.2: ``` $ cat mmap_cat_page.c #include <err.h> #include <fcntl.h> #include <stdio.h> #include <string.h> #include <sys/mman.h> #include <unistd.h> int main(int argc, char **argv) { if (argc < 2) { errx(1, "syntax: %s [FILE]", argv[0]); } const int fd = open(argv[1], O_RDONLY); if (fd < 0) { err(1, "open(%s)", argv[1]); } const size_t page_size = sysconf(_SC_PAGE_SIZE); void* page = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, 0); if (page == MAP_FAILED) { err(1, "mmap"); } for (;;) { write(1, page, strnlen(page, page_size)); if (getc(stdin) == EOF) { break; } } return 0; } $ gcc -O2 -o mmap_cat_page mmap_cat_page.c $ mkdir lowerdir upperdir workdir overlaydir $ echo old > lowerdir/file $ sudo mount -t overlay -o "lowerdir=lowerdir,upperdir=upperdir,workdir=workdir" none overlaydir $ ./mmap_cat_page overlaydir/file old ^Z [1]+ Stopped ./mmap_cat_page overlaydir/file $ echo new > overlaydir/file $ cat overlaydir/file new $ fg ./mmap_cat_page overlaydir/file old ``` Therefore, while the VFS1 gofer client's behavior of reopening read FDs is only necessary pre-4.18, replacing existing memory mappings (in both sentry and application address spaces) with mappings of the new FD is required regardless of kernel version, and this latter behavior is common to both VFS1 and VFS2. Re-document accordingly, and change the runsc flag to enabled by default. New test: - Before this CL: https://source.cloud.google.com/results/invocations/5b222d2c-e918-4bae-afc4-407f5bac509b - After this CL: https://source.cloud.google.com/results/invocations/f28c747e-d89c-4d8c-a461-602b33e71aab PiperOrigin-RevId: 311361267
2020-05-13Merge release-20200422.0-296-g18cb3d2 (automated)gVisor bot
2020-05-13Use VFS2 mount namesFabricio Voznika
Updates #1487 PiperOrigin-RevId: 311356385
2020-05-13Merge release-20200422.0-295-ge4058c0 (automated)gVisor bot
2020-05-13Replace test_runner.sh bash script with Go.Ian Gudger
PiperOrigin-RevId: 311285868
2020-05-13Merge release-20200422.0-294-g305f786 (automated)gVisor bot
2020-05-12Adjust a few log messagesFabricio Voznika
PiperOrigin-RevId: 311234146
2020-05-12Merge release-20200422.0-293-g725afc6 (automated)gVisor bot
2020-05-12Merge pull request #2678 from nybidari:iptablesgVisor bot
PiperOrigin-RevId: 311203776
2020-05-12Merge release-20200422.0-291-g7b691ab (automated)gVisor bot
2020-05-12Don't allow rename across different gofer or tmpfs mounts.Nicolas Lacasse
Fixes #2651. PiperOrigin-RevId: 311193661
2020-05-12Merge release-20200422.0-290-ga3f97a7 (automated)gVisor bot
2020-05-12Merge pull request #2513 from amscanne:website-integratedgVisor bot
PiperOrigin-RevId: 311184385
2020-05-12Merge release-20200422.0-74-g6a4466a (automated)gVisor bot
2020-05-12Merge pull request #2671 from kevinGC:skip-outputgVisor bot
PiperOrigin-RevId: 311181084
2020-05-12Merge release-20200422.0-72-g8dd1d5b (automated)gVisor bot
2020-05-12Don't call kernel.Task.Block() from netstack.SocketOperations.Write().Jamie Liu
kernel.Task.Block() requires that the caller is running on the task goroutine. netstack.SocketOperations.Write() uses kernel.TaskFromContext() to call kernel.Task.Block() even if it's not running on the task goroutine. Stop doing that. PiperOrigin-RevId: 311178335
2020-05-12iptables: support gid match for owner matching.Nayana Bidari
- Added support for matching gid owner and invert flag for uid and gid. $ iptables -A OUTPUT -p tcp -m owner --gid-owner root -j ACCEPT $ iptables -A OUTPUT -p tcp -m owner ! --uid-owner root -j ACCEPT $ iptables -A OUTPUT -p tcp -m owner ! --gid-owner root -j DROP - Added tests for uid, gid and invert flags.
2020-05-12Merge release-20200422.0-71-g06ded1c (automated)gVisor bot
2020-05-12Merge pull request #2664 from lubinszARM:pr_sigfpgVisor bot
PiperOrigin-RevId: 311153824
2020-05-12Merge release-20200422.0-69-g94251ae (automated)gVisor bot
2020-05-11Internal change.Jamie Liu
PiperOrigin-RevId: 311046755
2020-05-11iptables: check for truly unconditional rulesKevin Krakauer
We weren't properly checking whether the inserted default rule was unconditional.
2020-05-11Add fpsimd support in sigreturn on Arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-05-11Merge release-20200422.0-68-g15de8cc (automated)gVisor bot
2020-05-11Add fsimpl/gofer.InternalFilesystemOptions.OpenSocketsByConnecting.Jamie Liu
PiperOrigin-RevId: 311014995
2020-05-11Merge release-20200422.0-67-g633e1b8 (automated)gVisor bot
2020-05-11Internal change.gVisor bot
PiperOrigin-RevId: 311011004
2020-05-11Merge release-20200422.0-66-ge838e7a (automated)gVisor bot
2020-05-11Automated rollback of changelist 310417191Bhasker Hariharan
PiperOrigin-RevId: 310963404
2020-05-11Merge release-20200422.0-65-gc5ab21b (automated)gVisor bot
2020-05-11Internal change.gVisor bot
PiperOrigin-RevId: 310949277
2020-05-11Merge release-20200422.0-64-g0cb9e1d (automated)gVisor bot
2020-05-11Merge release-20200422.0-63-gaf2bc1c (automated)gVisor bot
2020-05-11Fix view.ToVectorisedView().Bhasker Hariharan
view.ToVectorisedView() now just returns an empty vectorised view if the view is of zero length. Earlier it would return a VectorisedView of zero length but with 1 empty view. This has been a source of bugs as lower layers don't expect zero length views in VectorisedViews. VectorisedView.AppendView() now is a no-op if the view being appended is of zero length. Fixes #2658 PiperOrigin-RevId: 310942269
2020-05-11Internal change.gVisor bot
PiperOrigin-RevId: 310941717
2020-05-11Merge release-20200422.0-62-gc52195d (automated)gVisor bot
2020-05-10Stop avoiding preadv2 and pwritev2, and add them to the filters.Nicolas Lacasse
Some code paths needed these syscalls anyways, so they should be included in the filters. Given that we depend on these syscalls in some cases, there's no real reason to avoid them any more. PiperOrigin-RevId: 310829126
2020-05-08Merge release-20200422.0-61-gcfd3066 (automated)gVisor bot
2020-05-08iptables - filter packets using outgoing interface.gVisor bot
Enables commands with -o (--out-interface) for iptables rules. $ iptables -A OUTPUT -o eth0 -j ACCEPT PiperOrigin-RevId: 310642286
2020-05-08Merge release-20200422.0-60-ge4d2d21 (automated)gVisor bot