summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-06-21Deflake TestSimpleReceive failures due to timeoutsBrad Burlage
This test will occasionally fail waiting to read a packet. From repeated runs, I've seen it up to 1.5s for waitForPackets to complete. PiperOrigin-RevId: 254484627
2019-06-21ext4 block group descriptor implementation in disk layout package.Ayush Ranjan
PiperOrigin-RevId: 254482180
2019-06-21Add //pkg/flipcall.Jamie Liu
Flipcall is a (conceptually) simple local-only RPC mechanism. Compared to unet, Flipcall does not support passing FDs (support for which will be provided out of band by another package), requires users to establish connections manually, and requires user management of concurrency since each connected Endpoint pair supports only a single RPC at a time; however, it improves performance by using shared memory for data (reducing memory copies) and using futexes for control signaling (which is much cheaper than sendto/recvfrom/sendmsg/recvmsg). PiperOrigin-RevId: 254471986
2019-06-21Add list of stuck tasks to panic messageFabricio Voznika
PiperOrigin-RevId: 254450309
2019-06-21Update pathNode documentation to reflect realityMichael Pratt
Neither fidRefs or children are (directly) synchronized by mu. Remove the preconditions that say so. That said, the surrounding does enforce some synchronization guarantees (e.g., fidRef.renameChildTo does not atomically replace the child in the maps). I've tried to note the need for callers to do this synchronization. I've also renamed the maps to what are (IMO) clearer names. As is, it is not obvious that pathNode.fidRefs is a map of *child* fidRefs rather than self fidRefs. PiperOrigin-RevId: 254446965
2019-06-21kernel: call t.mu.Unlock() explicitly in WithMuLockedAndrei Vagin
defer here doesn't improve readability, but we know it slower that the explicit call. PiperOrigin-RevId: 254441473
2019-06-21Delete dangling comment line.Nicolas Lacasse
This was from an old comment, which was superseded by the existing comment which is correct. PiperOrigin-RevId: 254434535
2019-06-21Update commentFabricio Voznika
PiperOrigin-RevId: 254428866
2019-06-20Close FD on TcpSocketTest loop failure.Ian Gudger
This helps prevent the blocking call from getting stuck and causing a test timeout. PiperOrigin-RevId: 254325926
2019-06-20Deflake TestSIGALRMToMainThread.Neel Natu
Bump up the threshold on number of SIGALRMs received by worker threads from 50 to 200. Even with the new threshold we still expect that the majority of SIGALRMs are received by the thread group leader. PiperOrigin-RevId: 254289787
2019-06-20Preallocate auth.NewAnonymousCredentials() in contexttest.TestContext.Jamie Liu
Otherwise every call to, say, fs.ContextCanAccessFile() in a benchmark using contexttest allocates new auth.Credentials, a new auth.UserNamespace, ... PiperOrigin-RevId: 254261051
2019-06-20Add package docs to seqfile and ramfsMichael Pratt
These are the only packages missing docs: https://godoc.org/gvisor.dev/gvisor PiperOrigin-RevId: 254261022
2019-06-20Unmark amutex_test as flaky.Rahat Mahmood
PiperOrigin-RevId: 254254058
2019-06-20Implement madvise(MADV_DONTFORK)Neel Natu
PiperOrigin-RevId: 254253777
2019-06-20Drop extra characterMichael Pratt
PiperOrigin-RevId: 254237530
2019-06-19Deflake SendFileTest_Shutdown.Ian Gudger
The sendfile syscall's backing doSplice contained a race with regard to blocking. If the first attempt failed with syserror.ErrWouldBlock and then the blocking file became ready before registering a waiter, we would just return the ErrWouldBlock (even if we were supposed to block). PiperOrigin-RevId: 254114432
2019-06-19Mark tcp_socket test flaky (for real)Michael Pratt
The tag on the binary has no effect. It must be on the test. PiperOrigin-RevId: 254103480
2019-06-19Deflake mount_test.Nicolas Lacasse
Inode ids are only stable across Save/Restore if we have an open FD on the inode. All tests that compare inode ids must therefor hold an FD open. PiperOrigin-RevId: 254086603
2019-06-19Abort loop on failureMichael Pratt
As-is, on failure these will infinite loop, resulting in test timeout instead of failure. PiperOrigin-RevId: 254074989
2019-06-19Add renamed children pathNodes to target parentMichael Pratt
Otherwise future renames may miss Renamed calls. PiperOrigin-RevId: 254060946
2019-06-19fileOp{On,At} should pass the remaning symlink traversal count.Nicolas Lacasse
And methods that do more traversals should use the remaining count rather than resetting. PiperOrigin-RevId: 254041720
2019-06-19Add MountNamespace to task.Nicolas Lacasse
This allows tasks to have distinct mount namespace, instead of all sharing the kernel's root mount namespace. Currently, the only way for a task to get a different mount namespace than the kernel's root is by explicitly setting a different MountNamespace in CreateProcessArgs, and nothing does this (yet). In a follow-up CL, we will set CreateProcessArgs.MountNamespace when creating a new container inside runsc. Note that "MountNamespace" is a poor term for this thing. It's more like a distinct VFS tree. When we get around to adding real mount namespaces, this will need a better naem. PiperOrigin-RevId: 254009310
2019-06-19Mark tcp_socket test flaky.Neel Natu
PiperOrigin-RevId: 253997465
2019-06-18Attempt to fix TestPipeWritesAccumulateFabricio Voznika
Test fails because it's reading 4KB instead of the expected 64KB. Changed the test to read pipe buffer size instead of hardcode and added some logging in case the reason for failure was not pipe buffer size. PiperOrigin-RevId: 253916040
2019-06-18Use return values from syscalls in eventfd tests.Rahat Mahmood
PiperOrigin-RevId: 253890611
2019-06-18Kill sandbox process when 'runsc do' exitsFabricio Voznika
PiperOrigin-RevId: 253882115
2019-06-18Add Container/Sandbox args struct for creationFabricio Voznika
There were 3 string arguments that could be easily misplaced and it makes it easier to add new arguments, especially for Container that has dozens of callers. PiperOrigin-RevId: 253872074
2019-06-18Replace usage of deprecated strtoul/strtoullBrad Burlage
PiperOrigin-RevId: 253864770
2019-06-18Fix PipeTest_Streaming timeoutFabricio Voznika
Test was calling Size() inside read and write loops. Size() makes 2 syscalls to return the pipe size, making the test do a lot more work than it should. PiperOrigin-RevId: 253824690
2019-06-18gvisor/fs: don't update file.offset for sockets, pipes, etcAndrei Vagin
sockets, pipes and other non-seekable file descriptors don't use file.offset, so we don't need to update it. With this change, we will be able to call file operations without locking the file.mu mutex. This is already used for pipes in the splice system call. PiperOrigin-RevId: 253746644
2019-06-18gvisor/kokoro: don't modify tests names in the BUILD fileAndrei Vagin
PiperOrigin-RevId: 253746380
2019-06-17gvisor/bazel: use python2 to build runsc-debianAndrei Vagin
$ bazel build runsc:runsc-debian File ".../bazel_tools/tools/build_defs/pkg/make_deb.py", line 311, in GetFlagValue: flagvalue = flagvalue.decode('utf-8') AttributeError: 'str' object has no attribute 'decode' make_deb.py is incompatible with Python3. https://github.com/bazelbuild/bazel/issues/8443 PiperOrigin-RevId: 253691923
2019-06-17Internal change.gVisor bot
PiperOrigin-RevId: 253559564
2019-06-14Enable Receive Buffer Auto-Tuning for runsc.Bhasker Hariharan
Updates #230 PiperOrigin-RevId: 253225078
2019-06-14Skip tid allocation which is usingYong He
When leader of process group (session) exit, the process group ID (session ID) is holding by other processes in the process group, so the process group ID (session ID) can not be reused. If reusing the process group ID (seession ID) as new process group ID for new process, this will cause session create failed, and later runsc crash when access process group. The fix skip the tid if it is using by a process group (session) when allocating a new tid. We could easily reproduce the runsc crash follow these steps: 1. build test program, and run inside container int main(int argc, char *argv[]) { pid_t cpid, spid; cpid = fork(); if (cpid == -1) { perror("fork"); exit(EXIT_FAILURE); } if (cpid == 0) { pid_t sid = setsid(); printf("Start New Session %ld\n",sid); printf("Child PID %ld / PPID %ld / PGID %ld / SID %ld\n", getpid(),getppid(),getpgid(getpid()),getsid(getpid())); spid = fork(); if (spid == 0) { setpgid(getpid(), getpid()); printf("Set GrandSon as New Process Group\n"); printf("GrandSon PID %ld / PPID %ld / PGID %ld / SID %ld\n", getpid(),getppid(),getpgid(getpid()),getsid(getpid())); while(1) { usleep(1); } } sleep(3); exit(0); } else { exit(0); } return 0; } 2. build hello program int main(int argc, char *argv[]) { printf("Current PID is %ld\n", (long) getpid()); return 0; } 3. run script on host which run hello inside container, you can speed up the test with set TasksLimit as lower value. for (( i=0; i<65535; i++ )) do docker exec <container id> /test/hello done 4. when hello process reusing the process group of loop process, runsc will crash. panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x79f0c8] goroutine 612475 [running]: gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*ProcessGroup).decRefWithParent(0x0, 0x0) pkg/sentry/kernel/sessions.go:160 +0x78 gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).exitNotifyLocked(0xc000663500, 0x0) pkg/sentry/kernel/task_exit.go:672 +0x2b7 gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*runExitNotify).execute(0x0, 0xc000663500, 0x0, 0x0) pkg/sentry/kernel/task_exit.go:542 +0xc4 gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).run(0xc000663500, 0xc) pkg/sentry/kernel/task_run.go:91 +0x194 created by gvisor.googlesource.com/gvisor/pkg/sentry/kernel.(*Task).Start pkg/sentry/kernel/task_start.go:286 +0xfe
2019-06-13Add support for TCP receive buffer auto tuning.Bhasker Hariharan
The implementation is similar to linux where we track the number of bytes consumed by the application to grow the receive buffer of a given TCP endpoint. This ensures that the advertised window grows at a reasonable rate to accomodate for the sender's rate and prevents large amounts of data being held in stack buffers if the application is not actively reading or not reading fast enough. The original paper that was used to implement the linux receive buffer auto- tuning is available @ https://public.lanl.gov/radiant/pubs/drs/lacsi2001.pdf NOTE: Linux does not implement DRS as defined in that paper, it's just a good reference to understand the solution space. Updates #230 PiperOrigin-RevId: 253168283
2019-06-13Plumb context through more layers of filesytem.Ian Gudger
All functions which allocate objects containing AtomicRefCounts will soon need a context. PiperOrigin-RevId: 253147709
2019-06-13Fix deadlock in fasync.Ian Gudger
The deadlock can occur when both ends of a connected Unix socket which has FIOASYNC enabled on at least one end are closed at the same time. One end notifies that it is closing, calling (*waiter.Queue).Notify which takes waiter.Queue.mu (as a read lock) and then calls (*FileAsync).Callback, which takes FileAsync.mu. The other end tries to unregister for notifications by calling (*FileAsync).Unregister, which takes FileAsync.mu and calls (*waiter.Queue).EventUnregister which takes waiter.Queue.mu. This is fixed by moving the calls to waiter.Waitable.EventRegister and waiter.Waitable.EventUnregister outside of the protection of any mutex used in (*FileAsync).Callback. The new test is related, but does not cover this particular situation. Also fix a data race on FileAsync.e.Callback. (*FileAsync).Callback checked FileAsync.e.Callback under the protection of FileAsync.mu, but the waiter calling (*FileAsync).Callback could not and did not. This is fixed by making FileAsync.e.Callback immutable before passing it to the waiter for the first time. Fixes #346 PiperOrigin-RevId: 253138340
2019-06-13Implement getsockopt() SO_DOMAIN, SO_PROTOCOL and SO_TYPE.Rahat Mahmood
SO_TYPE was already implemented for everything but netlink sockets. PiperOrigin-RevId: 253138157
2019-06-13Merge pull request #306 from amscanne:add_readmeShentubot
PiperOrigin-RevId: 253137638
2019-06-13Update canonical repository.Adin Scannell
This can be merged after: https://github.com/google/gvisor-website/pull/77 or https://github.com/google/gvisor-website/pull/78 PiperOrigin-RevId: 253132620
2019-06-13Add p9 and unet benchmarks.Jamie Liu
PiperOrigin-RevId: 253122166
2019-06-13Set the HOME environment variable (fixes #293)Ian Lewis
runsc will now set the HOME environment variable as required by POSIX. The user's home directory is retrieved from the /etc/passwd file located on the container's file system during boot. PiperOrigin-RevId: 253120627
2019-06-13Fix use of "2 ^ 30".Josh Gao
2 ^ 30 is 28, not 1073741824.
2019-06-13Set optlen correctly when calling getsockopt.Bhasker Hariharan
PiperOrigin-RevId: 253096085
2019-06-13Bump rules_go to v0.18.6, and go toolchain to v1.12.6.Nicolas Lacasse
PiperOrigin-RevId: 253061432
2019-06-12Minor BUILD file cleanup.Adin Scannell
PiperOrigin-RevId: 252918338
2019-06-12Merge branch 'master' into iptables-1-pkgKevin Krakauer
Change-Id: I7457a11de4725e1bf3811420c505d225b1cb6943
2019-06-12Add support for TCP_CONGESTION socket option.Bhasker Hariharan
This CL also cleans up the error returned for setting congestion control which was incorrectly returning EINVAL instead of ENOENT. PiperOrigin-RevId: 252889093
2019-06-12gvisor/runsc: apply seccomp filters before parsing a state fileAndrei Vagin
PiperOrigin-RevId: 252869983