summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-02-14Inline vfs.VirtualFilesystem in Kernel structgVisor bot
This saves one pointer dereference per VFS access. Updates #1623 PiperOrigin-RevId: 295216176
2020-02-14Un-export p9 message encode/decode functions.gVisor bot
These are not used outside of the p9 package. PiperOrigin-RevId: 295200052
2020-02-14Enable automated marshalling for struct stat.gVisor bot
This requires fixing a few build issues for non-am64 platforms. PiperOrigin-RevId: 295196922
2020-02-14Plumb VFS2 inside the SentrygVisor bot
- Added fsbridge package with interface that can be used to open and read from VFS1 and VFS2 files. - Converted ELF loader to use fsbridge - Added VFS2 types to FSContext - Added vfs.MountNamespace to ThreadGroup Updates #1623 PiperOrigin-RevId: 295183950
2020-02-14Fix various issues related to enabling go-marshal.gVisor bot
- Add missing build tags to files in the abi package. - Add the marshal package as a sentry dependency, allowed by deps_test. - Fix an issue with our top-level go_library BUILD rule, which incorrectly shadows the variable containing the input set of source files. This caused the expansion for the go_marshal clause to silently omit input files. - Fix formatting when copying build tags to gomarshal-generated files. - Fix a bug with import statement collision detection in go-marshal. PiperOrigin-RevId: 295112284
2020-02-13Add FileExec flag to OpenOptionsgVisor bot
This allow callers to say whether the file is being opened to be executed, so that the proper checks can be done from FilesystemImpl.OpenAt() Updates #1623 PiperOrigin-RevId: 295042595
2020-02-13We can now create and jump in iptables. For example:Kevin Krakauer
$ iptables -N foochain $ iptables -A INPUT -j foochain
2020-02-13Ensure the marshalled object doesn't escape.gVisor bot
Add new Marshallable interface methods CopyIn/CopyOut, which can be directly called on the marshalled object, avoiding an interface indirection. Such indirections are problematic because they always cause the marshalled object to escape. PiperOrigin-RevId: 295028010
2020-02-13Merge pull request #1791 from kevinGC:uchainsgVisor bot
PiperOrigin-RevId: 294957297
2020-02-13Internal change.gVisor bot
PiperOrigin-RevId: 294952610
2020-02-13Call py_requirement with named argument for optional kwarg.gVisor bot
PiperOrigin-RevId: 294930818
2020-02-12Minor runtime test fixes.gVisor bot
* Allow scripts/common.sh to be sourced from outside the scripts/ directory * Fix passing empty args to Bazel, which causes the tool to exit with a failure even if the command succeeds. PiperOrigin-RevId: 294785456
2020-02-12iptables: User chainsKevin Krakauer
- Adds creation of user chains via `-N <chainname>` - Adds `-j RETURN` support for built-in chains, which triggers the chain's underflow rule (usually the default policy). - Adds tests for chain creation, default policies, and `-j RETURN' from built-in chains.
2020-02-12Include more test files in exports_filesgVisor bot
So that they can be included by Fuchsia's syscall tests PiperOrigin-RevId: 294654890
2020-02-11Simplify atomic operationsgVisor bot
PiperOrigin-RevId: 294582802
2020-02-11Ensure fsimpl/gofer.dentryPlatformFile.hostFileMapper is initialized.gVisor bot
Fixes #1812. (The more direct cause of the deadlock is panic unsafety because the historically high cost of defer means that we avoid it in hot paths, including much of MM; defer is much cheaper as of Go 1.14, but still a measurable overhead.) PiperOrigin-RevId: 294560316
2020-02-11Fix up test/runtimes/README.md.gVisor bot
In particular, explain how to push updates to the images. PiperOrigin-RevId: 294508879
2020-02-11Disallow duplicate NIC names.gVisor bot
PiperOrigin-RevId: 294500858
2020-02-11Stateify: register types with full package namesgVisor bot
This is to avoid conflicts with types that share the same [short] package and type names, e.g. proc.smapsData exist in pkg/sentry/fs/proc and pkg/sentry/fsimpl/proc. Updates #1663 PiperOrigin-RevId: 294485146
2020-02-11Prevent DATA RACE in UnstableAttr.Adin Scannell
The slaveInodeOperations is currently copying the object when truncate is called (which is a no-op). This may result in a (unconsequential) data race when being modified concurrently. PiperOrigin-RevId: 294484276
2020-02-11Move Align{Up,Down} into binary package.gVisor bot
PiperOrigin-RevId: 294477647
2020-02-10Merge pull request #1775 from kevinGC:tcp-matchers-submitgVisor bot
PiperOrigin-RevId: 294340468
2020-02-10Cleanup internal package group.Adin Scannell
PiperOrigin-RevId: 294339229
2020-02-10Rename build to builddefs and minor build clean-up.Adin Scannell
The name 'bazel' also doesn't work because bazel will treat it specially. Fixes #1807 PiperOrigin-RevId: 294321221
2020-02-10Refactor getxattr.Dean Deng
Put most of the logic for getxattr in one place for clarity. This simplifies FGetXattr and getXattrFromPath, which are just wrappers for getXattr. PiperOrigin-RevId: 294308332
2020-02-10Clean-up comments in runsc/BUILD and CONTRIBUTING.md.Adin Scannell
PiperOrigin-RevId: 294300437
2020-02-10Add context to note.Adin Scannell
PiperOrigin-RevId: 294300040
2020-02-10Add flag package to limit visibility.Adin Scannell
PiperOrigin-RevId: 294297004
2020-02-10Add context to comments.Adin Scannell
PiperOrigin-RevId: 294295852
2020-02-10Add contextual comment.Adin Scannell
PiperOrigin-RevId: 294289066
2020-02-10Fix build_file in runtimes_tests.Brad Burlage
PiperOrigin-RevId: 294286242
2020-02-10Add contextual note.Adin Scannell
PiperOrigin-RevId: 294285723
2020-02-10Document MinimumTotalMemoryBytes.Adin Scannell
PiperOrigin-RevId: 294273559
2020-02-10Redirect FIXME to gvisor.devFabricio Voznika
PiperOrigin-RevId: 294272755
2020-02-10Move x86 state definition to its own file.Brad Burlage
PiperOrigin-RevId: 294271541
2020-02-10Update visibility.Adin Scannell
PiperOrigin-RevId: 294265019
2020-02-10iptables: add instructions for runsc building.Kevin Krakauer
The readme didn't mention that users need to: - `bazel build` when working on iptables tests - enable raw sockets in /etc/docker/daemon.json. PiperOrigin-RevId: 294260169
2020-02-10Merge pull request #1453 from xiaobo55x:cpuidgVisor bot
PiperOrigin-RevId: 294257911
2020-02-10Bump rules_go, gazelle, and go toolchain.Nicolas Lacasse
PiperOrigin-RevId: 294253155
2020-02-10Internal change.Zach Koopmans
PiperOrigin-RevId: 294250370
2020-02-10Fix wrong path for ruby benchmark.Zach Koopmans
PiperOrigin-RevId: 294224689
2020-02-10Enable pkg/cpuid support on arm64.Haibo Xu
Fixes #1255 Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I8614e6f3ee321c2989567e4e712aa8f28cc9db14
2020-02-07Support listxattr and removexattr syscalls.Dean Deng
Note that these are only implemented for tmpfs, and other impls will still return EOPNOTSUPP. PiperOrigin-RevId: 293899385
2020-02-07Log level, optname, optval and optlen in getsockopt/setsockopt in strace.Ian Gudger
Log 8, 16, and 32 int optvals and dump the memory of other sizes. Updates #1782 PiperOrigin-RevId: 293889388
2020-02-07Address GH comments.Kevin Krakauer
2020-02-07Refactor syscall testsJay Zhuang
- Move shared helpers V4Multicast and V4Broadcast to socket_test_util - Add unnamed namespace so socket_ipv4_tcp_unbound_external_networking_test.cc and socket_ipv4_udp_unbound_external_networking_test.cc can be compiled together - Add test files to "exports_files" so they can be included by Fuchsia's syscall test setup PiperOrigin-RevId: 293880429
2020-02-06Send DAD event when DAD resolves immediatelyGhanan Gowripalan
Previously, a DAD event would not be sent if DAD was disabled. This allows integrators to do some work when an IPv6 address is bound to a NIC without special logic that checks if DAD is enabled. Without this change, integrators would need to check if a NIC has DAD enabled when an address is auto-generated. If DAD is enabled, it would need to delay the work until the DAD completion event; otherwise, it would need to do the work in the address auto-generated event handler. Test: stack_test.TestDADDisabled PiperOrigin-RevId: 293732914
2020-02-06Fix TestPauseResume in container test failed with connection refused.Ting-Yu Wang
Sometimes we get this error under TSAN: """ error getting process data from container: connecting to control server at PID XXXX: connection refused """ The theory is that the top "sleep 20" was too short for TSAN, and the container already exited, so we get connected refused. This commit changes the test to let container signaling it's running by touching a file repeatedly forever during the test. PiperOrigin-RevId: 293710957
2020-02-06Merge branch 'master' into tcp-matchers-submitKevin Krakauer
2020-02-06Auto-generate link-local address as a SLAAC addressGhanan Gowripalan
Auto-generated link-local addresses should have the same lifecycle hooks as global SLAAC addresses. The Stack's NDP dispatcher should be notified when link-local addresses are auto-generated and invalidated. They should also be removed when a NIC is disabled (which will be supported in a later change). Tests: - stack_test.TestNICAutoGenAddrWithOpaque - stack_test.TestNICAutoGenAddr PiperOrigin-RevId: 293706760