summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-07-29Add iptables types for syscalls tests.Kevin Krakauer
Unfortunately, Linux's ip_tables.h header doesn't compile in C++ because it implicitly converts from void* to struct xt_entry_target*. C allows this, but C++ does not. So we have to re-implement many types ourselves. Relevant code here: https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter_ipv4/ip_tables.h#L222 PiperOrigin-RevId: 260565570
2019-07-26runsc: propagate the alsologtostderr to sub-commandsAndrei Vagin
PiperOrigin-RevId: 260239119
2019-07-26Add debug symbols to published runsc binaryFabricio Voznika
This allows published binary to be debugged if needed. PiperOrigin-RevId: 260228367
2019-07-26Merge pull request #452 from zhangningdlut:chris_test_pidnsgVisor bot
PiperOrigin-RevId: 260220279
2019-07-26Publish Dockerfiles and test-runner binaries for running language tests.Samantha Sample
By following the directions in the README file, these Dockerfiles can be built and used to run native language tests for their respective runtimes. PiperOrigin-RevId: 260174430
2019-07-25Automated rollback of changelist 255679453Fabricio Voznika
PiperOrigin-RevId: 260047477
2019-07-24ext: filesystem boilerplate code.Ayush Ranjan
PiperOrigin-RevId: 259865366
2019-07-24ext: Add tests for root directory inode.Ayush Ranjan
PiperOrigin-RevId: 259856442
2019-07-24ext: testing environment setup with VFS2 support.Ayush Ranjan
PiperOrigin-RevId: 259835948
2019-07-24Add support for a subnet prefix length on interface network addressesChris Kuiper
This allows the user code to add a network address with a subnet prefix length. The prefix length value is stored in the network endpoint and provided back to the user in the ProtocolAddress type. PiperOrigin-RevId: 259807693
2019-07-24Use different pidns among different containerschris.zn
The different containers in a sandbox used only one pid namespace before. This results in that a container can see the processes in another container in the same sandbox. This patch use different pid namespace for different containers. Signed-off-by: chris.zn <chris.zn@antfin.com>
2019-07-23ext: Inode creation logic.Ayush Ranjan
PiperOrigin-RevId: 259666476
2019-07-23ext: Add ext2 and ext3 tiny images.Ayush Ranjan
PiperOrigin-RevId: 259657917
2019-07-23ext: Added extent tree building logic.Ayush Ranjan
PiperOrigin-RevId: 259628657
2019-07-23Give each container a distinct MountNamespace.Nicolas Lacasse
This keeps all container filesystem completely separate from eachother (including from the root container filesystem), and allows us to get rid of the "__runsc_containers__" directory. It also simplifies container startup/teardown as we don't have to muck around in the root container's filesystem. PiperOrigin-RevId: 259613346
2019-07-23Make runAllTests() consistent with listTests().Brett Landau
This change has the listTests() function return a string slice of all the tests. Originally, I planned not to modify the listTests() function and instead capture the output of it and then iterate through the captured output. I decided against this approach as most of the test binaries already produce a slice as they collect tests through filepath.Walk(). Now I use this slice and return it so that I can iterate through in runAllTests() and also when printing out the tests. PiperOrigin-RevId: 259599782
2019-07-23Deduplicate EndpointState.connected someTamir Duberstein
This fixes a bug introduced in cl/251934850 that caused connect-accept-close-connect races to result in the second connect call failiing when it should have succeeded. PiperOrigin-RevId: 259584525
2019-07-22Fix up and add some iptables ABI.Kevin Krakauer
PiperOrigin-RevId: 259437060
2019-07-22Merge pull request #571 from lubinszARM:pr_loadergVisor bot
PiperOrigin-RevId: 259427074
2019-07-22kvm: fix race between machine.Put and machine.GetAndrei Vagin
m.available.Signal() has to be called under m.mu.RLock, otherwise it can race with machine.Get: m.Get | m.Put ------------------------------------- m.mu.Lock() | Seatching available vcpu| | m.available.Signal() m.available.Wait | PiperOrigin-RevId: 259394051
2019-07-22Prototype integration of runtime language tests for Node.js into gVisor.Samantha Sample
This is the first version of a testing program to be used by gVisor for including language testing into their presubmits. It works when ran in the same manor the image and integration tests are ran in as described in their README file. PiperOrigin-RevId: 259392416
2019-07-22Fix struct statx field alignment.Jamie Liu
PiperOrigin-RevId: 259376740
2019-07-21Add ARM64 support to pkg/sentry/loaderBin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2019-07-19Create the initial binary for each of the 5 runtime's test-runner.Brett Landau
Repeated code is planned to be factored out to improve clarity and readability. PiperOrigin-RevId: 259059978
2019-07-19Merge pull request #450 from Pixep:feature/add-clock-boottime-as-monotonicgVisor bot
PiperOrigin-RevId: 258996346
2019-07-19Handle interfaceAddr and NIC options separately for IP_MULTICAST_IFChris Kuiper
This tweaks the handling code for IP_MULTICAST_IF to ignore the InterfaceAddr if a NICID is given. PiperOrigin-RevId: 258982541
2019-07-18net/tcp/setockopt: impelment setsockopt(fd, SOL_TCP, TCP_INQ)Andrei Vagin
PiperOrigin-RevId: 258859507
2019-07-18Sentry virtual filesystem, v2Jamie Liu
Major differences from the current ("v1") sentry VFS: - Path resolution is Filesystem-driven (FilesystemImpl methods call vfs.ResolvingPath methods) rather than VFS-driven (fs package owns a Dirent tree and calls fs.InodeOperations methods to populate it). This drastically improves performance, primarily by reducing overhead from inefficient synchronization and indirection. It also makes it possible to implement remote filesystem protocols that translate FS system calls into single RPCs, rather than having to make (at least) one RPC per path component, significantly reducing the latency of remote filesystems (especially during cold starts and for uncacheable shared filesystems). - Mounts are correctly represented as a separate check based on contextual state (current mount) rather than direct replacement in a fs.Dirent tree. This makes it possible to support (non-recursive) bind mounts and mount namespaces. Included in this CL is fsimpl/memfs, an incomplete in-memory filesystem that exists primarily to demonstrate intended filesystem implementation patterns and for benchmarking: BenchmarkVFS1TmpfsStat/1-6 3000000 497 ns/op BenchmarkVFS1TmpfsStat/2-6 2000000 676 ns/op BenchmarkVFS1TmpfsStat/3-6 2000000 904 ns/op BenchmarkVFS1TmpfsStat/8-6 1000000 1944 ns/op BenchmarkVFS1TmpfsStat/64-6 100000 14067 ns/op BenchmarkVFS1TmpfsStat/100-6 50000 21700 ns/op BenchmarkVFS2MemfsStat/1-6 10000000 197 ns/op BenchmarkVFS2MemfsStat/2-6 5000000 233 ns/op BenchmarkVFS2MemfsStat/3-6 5000000 268 ns/op BenchmarkVFS2MemfsStat/8-6 3000000 477 ns/op BenchmarkVFS2MemfsStat/64-6 500000 2592 ns/op BenchmarkVFS2MemfsStat/100-6 300000 4045 ns/op BenchmarkVFS1TmpfsMountStat/1-6 2000000 679 ns/op BenchmarkVFS1TmpfsMountStat/2-6 2000000 912 ns/op BenchmarkVFS1TmpfsMountStat/3-6 1000000 1113 ns/op BenchmarkVFS1TmpfsMountStat/8-6 1000000 2118 ns/op BenchmarkVFS1TmpfsMountStat/64-6 100000 14251 ns/op BenchmarkVFS1TmpfsMountStat/100-6 100000 22397 ns/op BenchmarkVFS2MemfsMountStat/1-6 5000000 317 ns/op BenchmarkVFS2MemfsMountStat/2-6 5000000 361 ns/op BenchmarkVFS2MemfsMountStat/3-6 5000000 387 ns/op BenchmarkVFS2MemfsMountStat/8-6 3000000 582 ns/op BenchmarkVFS2MemfsMountStat/64-6 500000 2699 ns/op BenchmarkVFS2MemfsMountStat/100-6 300000 4133 ns/op From this we can infer that, on this machine: - Constant cost for tmpfs stat() is ~160ns in VFS2 and ~280ns in VFS1. - Per-path-component cost is ~35ns in VFS2 and ~215ns in VFS1, a difference of about 6x. - The cost of crossing a mount boundary is about 80ns in VFS2 (MemfsMountStat/1 does approximately the same amount of work as MemfsStat/2, except that it also crosses a mount boundary). This is an inescapable cost of the separate mount lookup needed to support bind mounts and mount namespaces. PiperOrigin-RevId: 258853946
2019-07-17sys_time: Wrap comments to 80 columnsAdrien Leravat
2019-07-17Take copyMu in RevalidateMichael Pratt
copyMu is required to read child.overlay.upper. PiperOrigin-RevId: 258662209
2019-07-17Separate O_DSYNC and O_SYNC.Jamie Liu
PiperOrigin-RevId: 258657913
2019-07-17ext: disklayout: extents support.Ayush Ranjan
PiperOrigin-RevId: 258657776
2019-07-17Merge pull request #504 from matthyx:mastergVisor bot
PiperOrigin-RevId: 258654826
2019-07-17ext: Filesystem init implementation.Ayush Ranjan
PiperOrigin-RevId: 258645957
2019-07-17Merge pull request #355 from zhuangel:mastergVisor bot
PiperOrigin-RevId: 258643966
2019-07-17Fix race in FDTable.GetFDs().Bhasker Hariharan
PiperOrigin-RevId: 258635459
2019-07-17Add AF_UNIX, SOCK_RAW sockets, which exist for some reason.Kevin Krakauer
tcpdump creates these. PiperOrigin-RevId: 258611829
2019-07-17Merge pull request #533 from kevinGC:stub-dev-ttygVisor bot
PiperOrigin-RevId: 258607547
2019-07-17Properly invalidate cache in rename and removeMichael Pratt
We were invalidating the wrong overlayEntry in rename and missing invalidation in rename and remove if lower exists. PiperOrigin-RevId: 258604685
2019-07-16Add CLOCK_BOOTTIME tests to timerfd.ccAdrien Leravat
2019-07-16Merge pull request #474 from zhuangel:proctasksgVisor bot
PiperOrigin-RevId: 258479216
2019-07-16test/integration: wait a background processAndrei Vagin
Otherwise this process can be killed before it prints the test message. PiperOrigin-RevId: 258448204
2019-07-16Internal change.gVisor bot
PiperOrigin-RevId: 258424489
2019-07-15Support /proc/net/devJianfeng Tan
This proc file reports the stats of interfaces. We could use ifconfig command to check the result. Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Change-Id: Ia7c1e637f5c76c30791ffda68ee61e861b6ef827 COPYBARA_INTEGRATE_REVIEW=https://gvisor-review.googlesource.com/c/gvisor/+/18282/ PiperOrigin-RevId: 258303936
2019-07-15kvm: wake up all waiter of vCPU.stateAndrei Vagin
Now we call FUTEX_WAKE with ^uintptr(0) of waiters, but in this case only one waiter will be waked up. If we want to wake up all of them, the number of waiters has to be set to math.MaxInt32. PiperOrigin-RevId: 258285286
2019-07-15Replace vector of arrays with array of arrays.Kevin Krakauer
C++ does not like vectors of arrays (because arrays are not copy-constructable). PiperOrigin-RevId: 258270980
2019-07-15Fix initialization of badhandler_low_water_mark in SigaltstackTest.Neel Natu
It is now correctly initialized to the top of the signal stack. Previously it was initialized to the address of 'stack.ss_sp' on the main thread stack. PiperOrigin-RevId: 258248363
2019-07-12Add IPPROTO_RAW, which allows raw sockets to write IP headers.Kevin Krakauer
iptables also relies on IPPROTO_RAW in a way. It opens such a socket to manipulate the kernel's tables, but it doesn't actually use any of the functionality. Blegh. PiperOrigin-RevId: 257903078
2019-07-12Check that IP headers contain correct versionTamir Duberstein
PiperOrigin-RevId: 257888338
2019-07-12Merge pull request #350 from kshithijiyer:patch-1gVisor bot
PiperOrigin-RevId: 257887940