summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-02-04Support RTM_NEWADDR and RTM_GETLINK in (rt)netlink.Ting-Yu Wang
PiperOrigin-RevId: 293271055
2020-02-05Merge release-20200127.0-79-gb29aeeb (automated)gVisor bot
2020-02-04Merge pull request #1683 from kevinGC:ipt-udp-matchersgVisor bot
PiperOrigin-RevId: 293243342
2020-02-05Merge release-20200127.0-67-ga26a954 (automated)gVisor bot
2020-02-04Add socket connection stress test.Ian Gudger
Tests 65k connection attempts on common types of sockets to check for port leaks. Also fixes a bug where dual-stack sockets wouldn't properly re-queue segments received while closing. PiperOrigin-RevId: 293241166
2020-02-04Merge release-20200127.0-66-g3f5642c (automated)gVisor bot
2020-02-04Increase container_test size.Kevin Krakauer
container_test was flaking because a small percentage of runs timed out. Tested this fix with --runs_per_test=100. PiperOrigin-RevId: 293240102
2020-02-04Merge release-20200127.0-65-g95ce8bb (automated)gVisor bot
2020-02-04Automatically propagate tags for stateify and marshal.Adin Scannell
Note that files will need to be appropriately segmented in order for the mechanism to work, in suffixes implying special tags. This only needs to happen for cases where marshal or state structures are defined, which should be rare and mostly architecture specific. PiperOrigin-RevId: 293231579
2020-02-04Merge release-20200127.0-64-g6d8bf40 (automated)gVisor bot
2020-02-04Allow mlock in fsgofer system call filtersFabricio Voznika
Go 1.14 has a workaround for a Linux 5.2-5.4 bug which requires mlock'ing the g stack to prevent register corruption. We need to allow this syscall until it is removed from Go. PiperOrigin-RevId: 293212935
2020-02-04Merge release-20200127.0-63-g6823b5e (automated)gVisor bot
2020-02-04timer_create(2) should return 0 on successMichael Pratt
The timer ID is copied out to the argument. Fixes #1738 PiperOrigin-RevId: 293210801
2020-02-04Merge release-20200127.0-62-gc5d4041 (automated)gVisor bot
2020-02-04Include socket_ip_udp_loopback.cc in exportes_filesJay Zhuang
So it can be included in fuchsia's syscall tests PiperOrigin-RevId: 293208306
2020-02-04Merge release-20200127.0-61-gf5072ca (automated)gVisor bot
2020-02-04Fix safecopy test.Adin Scannell
This is failing in Go1.14 due to new checkptr constraints. This version should avoid hitting this constraints by doing "dangerous" pointer math less dangerously? PiperOrigin-RevId: 293205764
2020-02-04Merge release-20200127.0-60-gdcffddf (automated)gVisor bot
2020-02-04Remove argument from vfs.MountNamespace.DecRef()Fabricio Voznika
Updates #1035 PiperOrigin-RevId: 293194631
2020-02-04Merge release-20200127.0-59-g492229d (automated)gVisor bot
2020-02-04VFS2 gofer clientJamie Liu
Updates #1198 Opening host pipes (by spinning in fdpipe) and host sockets is not yet complete, and will be done in a future CL. Major differences from VFS1 gofer client (sentry/fs/gofer), with varying levels of backportability: - "Cache policies" are replaced by InteropMode, which control the behavior of timestamps in addition to caching. Under InteropModeExclusive (analogous to cacheAll) and InteropModeWritethrough (analogous to cacheAllWritethrough), client timestamps are *not* written back to the server (it is not possible in 9P or Linux for clients to set ctime, so writing back client-authoritative timestamps results in incoherence between atime/mtime and ctime). Under InteropModeShared (analogous to cacheRemoteRevalidating), client timestamps are not used at all (remote filesystem clocks are authoritative). cacheNone is translated to InteropModeShared + new option filesystemOptions.specialRegularFiles. - Under InteropModeShared, "unstable attribute" reloading for permission checks, lookup, and revalidation are fused, which is feasible in VFS2 since gofer.filesystem controls path resolution. This results in a ~33% reduction in RPCs for filesystem operations compared to cacheRemoteRevalidating. For example, consider stat("/foo/bar/baz") where "/foo/bar/baz" fails revalidation, resulting in the instantiation of a new dentry: VFS1 RPCs: getattr("/") // fs.MountNamespace.FindLink() => fs.Inode.CheckPermission() => gofer.inodeOperations.check() => gofer.inodeOperations.UnstableAttr() walkgetattr("/", "foo") = fid1 // fs.Dirent.walk() => gofer.session.Revalidate() => gofer.cachePolicy.Revalidate() clunk(fid1) getattr("/foo") // CheckPermission walkgetattr("/foo", "bar") = fid2 // Revalidate clunk(fid2) getattr("/foo/bar") // CheckPermission walkgetattr("/foo/bar", "baz") = fid3 // Revalidate clunk(fid3) walkgetattr("/foo/bar", "baz") = fid4 // fs.Dirent.walk() => gofer.inodeOperations.Lookup getattr("/foo/bar/baz") // linux.stat() => gofer.inodeOperations.UnstableAttr() VFS2 RPCs: getattr("/") // gofer.filesystem.walkExistingLocked() walkgetattr("/", "foo") = fid1 // gofer.filesystem.stepExistingLocked() clunk(fid1) // No getattr: walkgetattr already updated metadata for permission check walkgetattr("/foo", "bar") = fid2 clunk(fid2) walkgetattr("/foo/bar", "baz") = fid3 // No clunk: fid3 used for new gofer.dentry // No getattr: walkgetattr already updated metadata for stat() - gofer.filesystem.unlinkAt() does not require instantiation of a dentry that represents the file to be deleted. Updates #898. - gofer.regularFileFD.OnClose() skips Tflushf for regular files under InteropModeExclusive, as it's nonsensical to request a remote file flush without flushing locally-buffered writes to that remote file first. - Symlink targets are cached when InteropModeShared is not in effect. - p9.QID.Path (which is already required to be unique for each file within a server, and is accordingly already synthesized from device/inode numbers in all known gofers) is used as-is for inode numbers, rather than being mapped along with attr.RDev in the client to yet another synthetic inode number. - Relevant parts of fsutil.CachingInodeOperations are inlined directly into gofer package code. This avoids having to duplicate part of its functionality in fsutil.HostMappable. PiperOrigin-RevId: 293190213
2020-02-04Merge release-20200127.0-58-gd7cd484 (automated)gVisor bot
2020-02-04Add support for sentry internal pipe for gofer mountsFabricio Voznika
Internal pipes are supported similarly to how internal UDS is done. It is also controlled by the same flag. Fixes #1102 PiperOrigin-RevId: 293150045
2020-02-04Merge release-20200127.0-57-gf37e913 (automated)gVisor bot
2020-02-03seccomp: allow to filter syscalls by instruction pointerAndrei Vagin
PiperOrigin-RevId: 293029446
2020-02-04Merge release-20200127.0-56-g6cd7901 (automated)gVisor bot
2020-02-03Add 1 Kokoro job per runtime test.Brad Burlage
PiperOrigin-RevId: 293019326
2020-02-03Merge release-20200127.0-55-ge7846e5 (automated)gVisor bot
2020-02-03Reduce run time for //test/syscalls:socket_inet_loopback_test_runsc_ptrace.Ting-Yu Wang
* Tests are picked for a shard differently. It now picks one test from each block, instead of picking the whole block. This makes the same kind of tests spreads across different shards. * Reduce the number of connect() calls in TCPListenClose. PiperOrigin-RevId: 293019281
2020-02-03Merge release-20200127.0-54-g80ce7f2 (automated)gVisor bot
2020-02-03Tag version_test as noguitar.Brad Burlage
PiperOrigin-RevId: 292974323
2020-02-03Merge release-20200127.0-53-g9742daf (automated)gVisor bot
2020-02-03Add packetdrill tests that use docker.Eyal Soha
PiperOrigin-RevId: 292973224
2020-02-03Merge release-20200127.0-52-g4d1a648 (automated)gVisor bot
2020-02-03Allow mlock in system call filtersMichael Pratt
Go 1.14 has a workaround for a Linux 5.2-5.4 bug which requires mlock'ing the g stack to prevent register corruption. We need to allow this syscall until it is removed from Go. PiperOrigin-RevId: 292967478
2020-01-31Merge release-20200127.0-51-g02997af (automated)gVisor bot
2020-01-31Fix method comment to match method name.Ian Gudger
PiperOrigin-RevId: 292624867
2020-01-31Merge release-20200127.0-50-g04cccaa (automated)gVisor bot
2020-01-31Fix logic around AMD/Intel cases.Adin Scannell
If the support is Ignored, then the call is still executed. We simply rely on it to fall through to the int3. Therefore, we must also bail on the vendor check. PiperOrigin-RevId: 292620558
2020-01-31Merge release-20200127.0-49-g6c30722 (automated)gVisor bot
2020-01-31Implement file locks for regular tmpfs files in VFSv2.Dean Deng
Add a file lock implementation that can be embedded into various filesystem implementations. Updates #1480 PiperOrigin-RevId: 292614758
2020-01-31Merge release-20200127.0-48-g77bf586 (automated)gVisor bot
2020-01-31Use multicast Ethernet address for multicast NDPGhanan Gowripalan
As per RFC 2464 section 7, an IPv6 packet with a multicast destination address is transmitted to the mapped Ethernet multicast address. Test: - ipv6.TestLinkResolution - stack_test.TestDADResolve - stack_test.TestRouterSolicitation PiperOrigin-RevId: 292610529
2020-01-31SpellingKevin Krakauer
2020-01-31iptables: enable TCP matching with "-m tcp".Kevin Krakauer
A couple other things that changed: - There's a proper extension registration system for matchers. Anyone adding another matcher can use tcp_matcher.go or udp_matcher.go as a template. - All logging and use of syserr.Error in the netfilter package happens at the highest possible level (public functions). Lower-level functions just return normal, descriptive golang errors.
2020-01-31Merge release-20200127.0-47-g528dd1e (automated)gVisor bot
2020-01-31Extract multicast IP to Ethernet address mappingGhanan Gowripalan
Test: header.TestEthernetAddressFromMulticastIPAddress PiperOrigin-RevId: 292604649
2020-01-31Merge release-20200127.0-46-gbc3a24d (automated)gVisor bot
2020-01-31Internal change.gVisor bot
PiperOrigin-RevId: 292587459
2020-01-31Merge release-20200127.0-45-g7c118f7 (automated)gVisor bot