summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-12-18Switch to netinet/tcp.h and poll.h to for better platform portability.Jay Zhuang
PiperOrigin-RevId: 286249699
2019-12-18Add Mems_allowed to /proc/PID/statusMichael Pratt
PiperOrigin-RevId: 286248378
2019-12-18Put GetSocketPairs() in unnamed namespaceJay Zhuang
This avoids conflicting definitions of GetSocketPairs() in outer namespace when multiple such cc files are complied for one binary. PiperOrigin-RevId: 286243045
2019-12-18Upgrade to Python 3Michael Pratt
Python 3 tools must be listed in exec_tools for genrules. PiperOrigin-RevId: 286241702
2019-12-18supporting lazy-fpsimd in guest on Arm64Bin Lu
Several jobs were finished in this patch: 1, provide functions to get/set fpcr/fpsr/vregs 2, support lazy-fpsimd-context-switch in el1 Signed-off-by: Bin Lu <bin.lu@arm.com>
2019-12-18Enable pkg/sentry/strace support on arm64.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I006a1845b6aab2c2fdb9d80fffc1868a6a132ecd
2019-12-17Internal change.Kevin Krakauer
PiperOrigin-RevId: 286083614
2019-12-17Merge pull request #1393 from ernado:cpu-num-from-quotagVisor bot
PiperOrigin-RevId: 286068605
2019-12-17Mark enableCpuidFault nosplitMichael Pratt
This is called after fork, so it must be nosplit. Updates #1408 PiperOrigin-RevId: 286053054
2019-12-17Merge pull request #1394 from zhuangel:bindlockgVisor bot
PiperOrigin-RevId: 286051631
2019-12-17Merge pull request #1321 from lubinszARM:pr_testutils_vfpgVisor bot
PiperOrigin-RevId: 286042427
2019-12-17Internal change.gVisor bot
PiperOrigin-RevId: 286003946
2019-12-17Leave minimum CPU number as a constantAleksandr Razumov
Remove introduced CPUNumMin config and hard-code it as 2.
2019-12-17Explicitly export files needed by other packagesgVisor bot
PiperOrigin-RevId: 285968611
2019-12-17Add minimum CPU number and only lower CPUs on --cpu-num-from-quotaAleksandr Razumov
* Add `--cpu-num-min` flag to control minimum CPUs * Only lower CPU count * Fix comments
2019-12-16Remove useless comments from p9/handlers.go.Nicolas Lacasse
These comments provided nothing, and have been copy-pasted into all implementations. The code is clear without them. I considered also removing the "handle implements handler.handle" comments, but will let those stay for now. PiperOrigin-RevId: 285876428
2019-12-16Merge pull request #1392 from zhuangel:bindleakgVisor bot
PiperOrigin-RevId: 285874181
2019-12-16Drop unnecessary cast.Dean Deng
Bitshift operators with signed int is supported in Go 1.13. PiperOrigin-RevId: 285853622
2019-12-16Implement checks for get/setxattr at the syscall layer.Dean Deng
Add checks for input arguments, file type, permissions, etc. that match the Linux implementation. A call to get/setxattr that passes all the checks will still currently return EOPNOTSUPP. Actual support will be added in following commits. Only allow user.* extended attributes for the time being. PiperOrigin-RevId: 285835159
2019-12-16Fix deadlock in overlay bindYong He
Copy up parent when binding UDS on overlayfs is supported in commit 02ab1f187cd24c67b754b004229421d189cee264. But the using of copyUp in overlayBind will cause sentry stuck, reason is dead lock in renameMu. 1 [Process A] Invoke a Unix socket bind operation renameMu is hold in fs.(*Dirent).genericCreate by process A 2 [Process B] Invoke a read syscall on /proc/task/mounts waitng on Lock of renameMu in fs.(*MountNamespace).FindMount 3 [Process A] Continue Unix socket bind operation wating on RLock of renameMu in fs.copyUp Root cause is recursive reading lock of reanmeMu in bind call trace, if there are writing lock between the two reading lock, then deadlock occured. Fixes #1397
2019-12-16Fix UDS bind cause fd leak in goferYong He
After the finalizer optimize in 76039f895995c3fe0deef5958f843868685ecc38 commit, clientFile needs to closed before finalizer release it. The clientFile is not closed if it is created via gofer.(*inodeOperations).Bind, this will cause fd leak which is hold by gofer process. Fixes #1396 Signed-off-by: Yong He <chenglang.hy@antfin.com> Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
2019-12-15Set CPU number to CPU quotaAleksandr Razumov
When application is not cgroups-aware, it can spawn excessive threads which often defaults to CPU number. Introduce a opt-in flag that will set CPU number accordingly to CPU quota (if available). Fixes #1391
2019-12-13enable kvm to support arm64lubinszARM
There are 4 jobs were finished in this package: 1, Virtual machine initialization. 2, Bluepill implementation. 3, Move ring0.Vectors() into the address with 11-bits alignment. 4, Basic support for "SwitchToUser". Signed-off-by: Bin Lu <bin.lu@arm.com> COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/919 from lubinszARM:pr_kvm eedea52db451bf62722759009a9f14c54a69c55f PiperOrigin-RevId: 285501256
2019-12-13Properly generate the EUI64 interface identifier from an Ethernet addressGhanan Gowripalan
Fixed a bug where the interface identifier was not properly generated from an Ethernet address. Tests: Unittests to make sure the functions generating the EUI64 interface identifier are correct. PiperOrigin-RevId: 285494562
2019-12-12Add iptables testing framework.Kevin Krakauer
It would be preferrable to test iptables via syscall tests, but there are some problems with that approach: * We're limited to loopback-only, as syscall tests involve only a single container. Other link interfaces (e.g. fdbased) should be tested. * We'd have to shell out to call iptables anyways, as the iptables syscall interface itself is too large and complex to work with alone. * Running the Linux/native version of the syscall test will require root, which is a pain to configure, is inherently unsafe, and could leave host iptables misconfigured. Using the go_test target allows there to be no new test runner. PiperOrigin-RevId: 285274275
2019-12-12Implement memmap.MappingIdentity for vfs.FileDescription.Jamie Liu
PiperOrigin-RevId: 285255855
2019-12-12Implement kernfs.Rahat Mahmood
PiperOrigin-RevId: 285231002
2019-12-12unix: allow to bind unix sockets only to AF_UNIX addressesAndrei Vagin
Reported-by: syzbot+2c0bcfd87fb4e8b7b009@syzkaller.appspotmail.com PiperOrigin-RevId: 285228312
2019-12-11Enable IPv6 in runscBhasker Hariharan
Fixes #1341 PiperOrigin-RevId: 285108973
2019-12-11Add support for TCP_USER_TIMEOUT option.Bhasker Hariharan
The implementation follows the linux behavior where specifying a TCP_USER_TIMEOUT will cause the resend timer to honor the user specified timeout rather than the default rto based timeout. Further it alters when connections are timedout due to keepalive failures. It does not alter the behavior of when keepalives are sent. This is as per the linux behavior. PiperOrigin-RevId: 285099795
2019-12-11Add syscall tests for getxattr and setxattr.Dean Deng
Support for getxattr and setxattr are in subsequent commits. PiperOrigin-RevId: 285088817
2019-12-11GCloudProducer: tunnel_dispatch, mock_recorder, and machine.Zach Koopmans
Work to import GCloudProducer, written in gerrit, which is too large to do in one CL. GCloudProducer sets up gcloud instances to run benchmark workloads. Included are: - gcloud_mock_recorder - used to Mock GCloudProducer - tunnel_dispatcher - updates to this module to bring it in line with the style guide - machine - updates to this module to bring it in line with the style guide All changes are independent of the rest of the changes, and should "just build". PiperOrigin-RevId: 285076423
2019-12-11Run kythe build with -std=c++17Brad Burlage
We seem to be getting some compiler errors when using the Kythe extractors.bazelrc. I'm not able to reproduce this on my local machine, so I'm hoping copying the cxxopt from gvisor.dev/pr/1350 will fix the build. PiperOrigin-RevId: 285054258
2019-12-11Add vfs.Pathname{WithDeleted,ForGetcwd}.Jamie Liu
The former is needed for vfs.FileDescription to implement memmap.MappingIdentity, and the latter is needed to implement getcwd(2). PiperOrigin-RevId: 285051855
2019-12-11Add additional packages to go branchMichael Pratt
We're missing several packages that runsc doesn't depend on. Most notable are several tcpip link packages. To find packages, I looked at a diff of directories on master vs go: $ bazel build //:gopath $ find bazel-bin/gopath/src/gvisor.dev/gvisor/ -type d > /tmp/gopath.txt $ find . -type d > /tmp/master.txt $ sed 's|bazel-bin/gopath/src/gvisor.dev/gvisor/||' < /tmp/gopath.txt > /tmp/gopath.trunc.txt $ sed 's|./||' < /tmp/master.txt > /tmp/master.trunc.txt $ vimdiff /tmp/gopath.trunc.txt /tmp/master.trunc.txt Testing packages are still left out because :gopath can't depend on testonly targets... PiperOrigin-RevId: 285049029
2019-12-11Merge pull request #1248 from xiaobo55x:ptracegVisor bot
PiperOrigin-RevId: 285038987
2019-12-11runsc/debug: add an option to list all processesAndrei Vagin
runsc debug --ps list all processes with all threads. This option is added to the debug command but not to the ps command, because it is going to be used for debug purposes and we want to add any useful information without thinking about backward compatibility. This will help to investigate syzkaller issues. PiperOrigin-RevId: 285013668
2019-12-11Finish incomplete comment.Dean Deng
PiperOrigin-RevId: 285012278
2019-12-10Deduplicate and simplify control message processing for recvmsg and sendmsg.Dean Deng
Also, improve performance by calculating how much space is needed before making an allocation for sendmsg in hostinet. PiperOrigin-RevId: 284898581
2019-12-10Add most VFS methods for syscalls.Jamie Liu
PiperOrigin-RevId: 284892289
2019-12-10Inform the integrator on receipt of an NDP Recursive DNS Server optionGhanan Gowripalan
This change adds support to let an integrator know when it receives an NDP Router Advertisement message with the NDP Recursive DNS Server option with at least one DNS server's address. The stack will not maintain any state related to the DNS servers - the integrator is expected to maintain any required state and invalidate the servers after its valid lifetime expires, or refresh the lifetime when a new one is received for a known DNS server. Test: Unittest to make sure that an event is sent to the integrator when an NDP Recursive DNS Server option is received with at least one address. PiperOrigin-RevId: 284890502
2019-12-10Remove pyenv calls but log the python 3 version in use.Brad Burlage
Apparently our Kokoro VM images don't have pyenv -- I previously tested this on the Kokoro QA shared pool. PiperOrigin-RevId: 284855160
2019-12-10Add Kokoro configs for publishing Kythe xrefs.Brad Burlage
PiperOrigin-RevId: 284835614
2019-12-10Format fd_set parameters in select(2)/pselect(2) for strace.Dean Deng
I1202 14:55:06.835076 7991 x:0] [ 1] select_test E select(0xa, 0x7fc6ce924c28 [0 1], null, null, 0x7fc6ce924c08 {sec=0 usec=0}) I1202 14:55:06.835102 7991 x:0] [ 1] select_test X select(0xa, 0x7fc6ce924c28 [0 1], null, null, 0x7fc6ce924c08 {sec=0 usec=0}) PiperOrigin-RevId: 284831805
2019-12-10Re-enable execveat test that was causing files in /bin to be deleted.Dean Deng
Test now no longer deletes files incorrectly, due to a fix in fs utils used by TempPath (github.com/google/gvisor/pull/1368). Fixes #1366 PiperOrigin-RevId: 284814605
2019-12-10Let socket.ControlMessages Release() the underlying transport.ControlMessages.Dean Deng
PiperOrigin-RevId: 284804370
2019-12-10Do not consider symlinks as directories in fs utils.Dean Deng
IsDirectory() is used in RecursivelyDelete(), which should not follow symlinks. The only other use (syscalls/linux/rename.cc) is not affected by this change. Updates #1366. PiperOrigin-RevId: 284803968
2019-12-10Add all upstream syscalls to tablesMichael Pratt
Package strace is missing some syscalls we actually implement (e.g., getrandom). We also see newer syscalls sometimes (e.g., membarrier) that would be handy to have formatted. Let's go ahead and add all syscalls in the latest upstream release (v5.4), even though we only intend to implement v4.4. None of them are implemented, just included as placeholders. PiperOrigin-RevId: 284797577
2019-12-10Make comments clearer for control message handling.Dean Deng
PiperOrigin-RevId: 284791600
2019-12-10Disable execveat test that is causing files in /bin to be deleted.Dean Deng
Disable until gvisor.dev/issue/1366 is resolved. Updates #1366 PiperOrigin-RevId: 284786895