Age | Commit message (Collapse) | Author |
|
Otherwise a copy happens, which triggers a data race when reading
masterInodeOperations.SimpleFileOperations.uattr, which must be accessed with a
lock held.
PiperOrigin-RevId: 286464473
|
|
When listen(2) is called on an unbound socket, the socket is
automatically bound to a random free port with the local address
set to INADDR_ANY.
PiperOrigin-RevId: 286305906
|
|
PiperOrigin-RevId: 286299056
|
|
It can take more than 10 seconds when running under --race.
PiperOrigin-RevId: 286296060
|
|
PiperOrigin-RevId: 286281274
|
|
This change removes the requirement that a new routing table be provided when a
router or prefix discovery event happens so that an updated routing table may
be provided to the stack at a later time from the event.
This change is to address the use case where the netstack integrator may need to
obtain a lock before providing updated routes in response to the events above.
As an example, say we have an integrator that performs the below two operations
operations as described:
A. Normal route update:
1. Obtain integrator lock
2. Update routes in the integrator
3. Call Stack.SetRouteTable with the updated routes
3.1. Obtain Stack lock
3.2. Update routes in Stack
3.3. Release Stack lock
4. Release integrator lock
B. NDP event triggered route update:
1. Obtain Stack lock
2. Call event handler
2.1. Obtain integrator lock
2.2. Update routes in the integrator
2.3. Release integrator lock
2.4. Return updated routes to update Stack
3. Update routes in Stack
4. Release Stack lock
A deadlock may occur if a Normal route update was attemped at the same time an
NDP event triggered route update was attempted. With threads T1 and T2:
1) T1 -> A.1, A.2
2) T2 -> B.1
3) T1 -> A.3 (hangs at A.3.1 since Stack lock is taken in step 2)
4) T2 -> B.2 (hangs at B.2.1 since integrator lock is taken in step 1)
Test: Existing tests were modified to not provide or expect routing table
changes in response to Router and Prefix discovery events.
PiperOrigin-RevId: 286274712
|
|
PiperOrigin-RevId: 286259750
|
|
This change makes sure that test variables are captured before running tests
in parallel, and removes unneeded buffered channel allocations. This change also
removes unnecessary timeouts.
PiperOrigin-RevId: 286255066
|
|
PiperOrigin-RevId: 286249699
|
|
PiperOrigin-RevId: 286248378
|
|
This avoids conflicting definitions of GetSocketPairs() in outer namespace when
multiple such cc files are complied for one binary.
PiperOrigin-RevId: 286243045
|
|
Python 3 tools must be listed in exec_tools for genrules.
PiperOrigin-RevId: 286241702
|
|
Several jobs were finished in this patch:
1, provide functions to get/set fpcr/fpsr/vregs
2, support lazy-fpsimd-context-switch in el1
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 286083614
|
|
PiperOrigin-RevId: 286068605
|
|
This is called after fork, so it must be nosplit.
Updates #1408
PiperOrigin-RevId: 286053054
|
|
PiperOrigin-RevId: 286051631
|
|
PiperOrigin-RevId: 286042427
|
|
PiperOrigin-RevId: 286003946
|
|
Remove introduced CPUNumMin config and hard-code it as 2.
|
|
PiperOrigin-RevId: 285968611
|
|
* Add `--cpu-num-min` flag to control minimum CPUs
* Only lower CPU count
* Fix comments
|
|
These comments provided nothing, and have been copy-pasted into all
implementations. The code is clear without them.
I considered also removing the "handle implements handler.handle" comments, but
will let those stay for now.
PiperOrigin-RevId: 285876428
|
|
PiperOrigin-RevId: 285874181
|
|
Bitshift operators with signed int is supported in Go 1.13.
PiperOrigin-RevId: 285853622
|
|
Add checks for input arguments, file type, permissions, etc. that match
the Linux implementation. A call to get/setxattr that passes all the
checks will still currently return EOPNOTSUPP. Actual support will be
added in following commits.
Only allow user.* extended attributes for the time being.
PiperOrigin-RevId: 285835159
|
|
Copy up parent when binding UDS on overlayfs is supported in commit
02ab1f187cd24c67b754b004229421d189cee264.
But the using of copyUp in overlayBind will cause sentry stuck, reason
is dead lock in renameMu.
1 [Process A] Invoke a Unix socket bind operation
renameMu is hold in fs.(*Dirent).genericCreate by process A
2 [Process B] Invoke a read syscall on /proc/task/mounts
waitng on Lock of renameMu in fs.(*MountNamespace).FindMount
3 [Process A] Continue Unix socket bind operation
wating on RLock of renameMu in fs.copyUp
Root cause is recursive reading lock of reanmeMu in bind call trace,
if there are writing lock between the two reading lock, then deadlock
occured.
Fixes #1397
|
|
After the finalizer optimize in 76039f895995c3fe0deef5958f843868685ecc38
commit, clientFile needs to closed before finalizer release it.
The clientFile is not closed if it is created via
gofer.(*inodeOperations).Bind, this will cause fd leak which is hold
by gofer process.
Fixes #1396
Signed-off-by: Yong He <chenglang.hy@antfin.com>
Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
|
|
When application is not cgroups-aware, it can spawn excessive threads
which often defaults to CPU number.
Introduce a opt-in flag that will set CPU number accordingly to CPU
quota (if available).
Fixes #1391
|
|
There are 4 jobs were finished in this package:
1, Virtual machine initialization.
2, Bluepill implementation.
3, Move ring0.Vectors() into the address with 11-bits alignment.
4, Basic support for "SwitchToUser".
Signed-off-by: Bin Lu <bin.lu@arm.com>
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/919 from lubinszARM:pr_kvm eedea52db451bf62722759009a9f14c54a69c55f
PiperOrigin-RevId: 285501256
|
|
Fixed a bug where the interface identifier was not properly generated from an
Ethernet address.
Tests: Unittests to make sure the functions generating the EUI64 interface
identifier are correct.
PiperOrigin-RevId: 285494562
|
|
It would be preferrable to test iptables via syscall tests, but there are some
problems with that approach:
* We're limited to loopback-only, as syscall tests involve only a single
container. Other link interfaces (e.g. fdbased) should be tested.
* We'd have to shell out to call iptables anyways, as the iptables syscall
interface itself is too large and complex to work with alone.
* Running the Linux/native version of the syscall test will require root, which
is a pain to configure, is inherently unsafe, and could leave host iptables
misconfigured.
Using the go_test target allows there to be no new test runner.
PiperOrigin-RevId: 285274275
|
|
PiperOrigin-RevId: 285255855
|
|
PiperOrigin-RevId: 285231002
|
|
Reported-by: syzbot+2c0bcfd87fb4e8b7b009@syzkaller.appspotmail.com
PiperOrigin-RevId: 285228312
|
|
Fixes #1341
PiperOrigin-RevId: 285108973
|
|
The implementation follows the linux behavior where specifying
a TCP_USER_TIMEOUT will cause the resend timer to honor the
user specified timeout rather than the default rto based timeout.
Further it alters when connections are timedout due to keepalive
failures. It does not alter the behavior of when keepalives are
sent. This is as per the linux behavior.
PiperOrigin-RevId: 285099795
|
|
Support for getxattr and setxattr are in subsequent commits.
PiperOrigin-RevId: 285088817
|
|
Work to import GCloudProducer, written in gerrit, which is
too large to do in one CL. GCloudProducer sets up gcloud
instances to run benchmark workloads.
Included are:
- gcloud_mock_recorder - used to Mock GCloudProducer
- tunnel_dispatcher - updates to this module to bring it in line
with the style guide
- machine - updates to this module to bring it in line with the
style guide
All changes are independent of the rest of the changes, and
should "just build".
PiperOrigin-RevId: 285076423
|
|
We seem to be getting some compiler errors when using the Kythe
extractors.bazelrc.
I'm not able to reproduce this on my local machine, so I'm hoping copying the
cxxopt from gvisor.dev/pr/1350 will fix the build.
PiperOrigin-RevId: 285054258
|
|
The former is needed for vfs.FileDescription to implement
memmap.MappingIdentity, and the latter is needed to implement getcwd(2).
PiperOrigin-RevId: 285051855
|
|
We're missing several packages that runsc doesn't depend on. Most notable are
several tcpip link packages.
To find packages, I looked at a diff of directories on master vs go:
$ bazel build //:gopath
$ find bazel-bin/gopath/src/gvisor.dev/gvisor/ -type d > /tmp/gopath.txt
$ find . -type d > /tmp/master.txt
$ sed 's|bazel-bin/gopath/src/gvisor.dev/gvisor/||' < /tmp/gopath.txt > /tmp/gopath.trunc.txt
$ sed 's|./||' < /tmp/master.txt > /tmp/master.trunc.txt
$ vimdiff /tmp/gopath.trunc.txt /tmp/master.trunc.txt
Testing packages are still left out because :gopath can't depend on testonly
targets...
PiperOrigin-RevId: 285049029
|
|
PiperOrigin-RevId: 285038987
|
|
runsc debug --ps list all processes with all threads. This option is added to
the debug command but not to the ps command, because it is going to be used for
debug purposes and we want to add any useful information without thinking about
backward compatibility.
This will help to investigate syzkaller issues.
PiperOrigin-RevId: 285013668
|
|
PiperOrigin-RevId: 285012278
|
|
Also, improve performance by calculating how much space is needed before making
an allocation for sendmsg in hostinet.
PiperOrigin-RevId: 284898581
|
|
PiperOrigin-RevId: 284892289
|
|
This change adds support to let an integrator know when it receives an NDP
Router Advertisement message with the NDP Recursive DNS Server option with at
least one DNS server's address. The stack will not maintain any state related to
the DNS servers - the integrator is expected to maintain any required state and
invalidate the servers after its valid lifetime expires, or refresh the lifetime
when a new one is received for a known DNS server.
Test: Unittest to make sure that an event is sent to the integrator when an NDP
Recursive DNS Server option is received with at least one address.
PiperOrigin-RevId: 284890502
|
|
Apparently our Kokoro VM images don't have pyenv -- I previously tested this on
the Kokoro QA shared pool.
PiperOrigin-RevId: 284855160
|
|
PiperOrigin-RevId: 284835614
|