summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-11-25Internal change.Adin Scannell
PiperOrigin-RevId: 282396322
2019-11-25Merge pull request #1176 from xiaobo55x:runsc_bootgVisor bot
PiperOrigin-RevId: 282382564
2019-11-25Set transport and network headers on outbound packets.Kevin Krakauer
These are necessary for iptables to read and parse headers for packet filtering. PiperOrigin-RevId: 282372811
2019-11-25Fix panic in sniffer.Kevin Krakauer
Packets written via SOCK_RAW are guaranteed to have network headers, but not transport headers. Check first whether there are enough bytes left in the packet to contain a transport header before attempting to parse it. PiperOrigin-RevId: 282363895
2019-11-23Cleanup visibility.Adin Scannell
PiperOrigin-RevId: 282194656
2019-11-23gofer: reduce CPU usage on GC as of frequent readdirJianfeng Tan
Refer to golang mallocgc(), each time of allocating an object > 32 KB, a gc will be triggered. When we do readdir, sentry always passes 65535, which leads to a malloc of 65535 * sizeof(p9.Direnta) > 32 KB. Considering we already use slice append, let's avoid defining the capability for this slide. Command for test: Before this change: (container)$ time tree linux-5.3.1 > /dev/null real 0m54.272s user 0m2.010s sys 0m1.740s (CPU usage of Gofer: ~30 cores) (host)$ perf top -p <pid-of-gofer> 42.57% runsc [.] runtime.gcDrain 23.41% runsc [.] runtime.(*lfstack).pop 9.74% runsc [.] runtime.greyobject 8.06% runsc [.] runtime.(*lfstack).push 4.33% runsc [.] runtime.scanobject 1.69% runsc [.] runtime.findObject 1.12% runsc [.] runtime.findrunnable 0.69% runsc [.] runtime.runqgrab ... (host)$ mkdir test && cd test (host)$ for i in `seq 1 65536`; do mkdir $i; done (container)$ time ls test/ > /dev/null real 2m10.934s user 0m0.280s sys 0m4.260s (CPU usage of Gofer: ~1 core) After this change: (container)$ time tree linux-5.3.1 > /dev/null real 0m22.465s user 0m1.270s sys 0m1.310s (CPU usage of Gofer: ~1 core) $ perf top -p <pid-of-gofer> 20.57% runsc [.] runtime.gcDrain 7.15% runsc [.] runtime.(*lfstack).pop 4.11% runsc [.] runtime.scanobject 3.78% runsc [.] runtime.greyobject 2.78% runsc [.] runtime.(*lfstack).push ... (host)$ mkdir test && cd test (host)$ for i in `seq 1 65536`; do mkdir $i; done (container)$ time ls test/ > /dev/null real 0m13.338s user 0m0.190s sys 0m3.980s (CPU usage of Gofer: ~0.8 core) Fixes #898 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
2019-11-22Internal change.Adin Scannell
PiperOrigin-RevId: 282068093
2019-11-22Force timezone initialization before filter installationMichael Pratt
The first use of time.Local (usually via time.Time.Date, et. al) performs initialization of the local timezone, which involves open several tzdata files from the host. Since filter installation disallows open, we should explicitly force this initialization rather than implicitly depending on the first logging (or other time) call occurring before filter installation. PiperOrigin-RevId: 282053121
2019-11-22Store SO_BINDTODEVICE state at bind.Ian Gudger
This allows us to ensure that the correct port reservation is released. Fixes #1217 PiperOrigin-RevId: 282048155
2019-11-22Use PacketBuffers with GSO.Kevin Krakauer
PiperOrigin-RevId: 282045221
2019-11-22Add segment dequeue check while emptying segment queue.Mithun Iyer
PiperOrigin-RevId: 282023891
2019-11-22enable ring0/pagetables to support arm64lubinszARM
Signed-off-by: Bin Lu <bin.lu@arm.com> COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/891 from lubinszARM:pr_pagetable 2385de75a8662af3ab1ae289dd74dd0e5dcfaf66 PiperOrigin-RevId: 282013224
2019-11-22tests: include sys/socket.h before linux/if_arp.hAndrei Vagin
This is how it has to be accoding to the man page. PiperOrigin-RevId: 281998068
2019-11-21Import and structure cleanup.Adin Scannell
PiperOrigin-RevId: 281795269
2019-11-20Use a GitHub credential for tagging a release.Adin Scannell
PiperOrigin-RevId: 281617882
2019-11-20Pass OpenTruncate to gofer in Open call when opening file with O_TRUNC.Nicolas Lacasse
Note that the Sentry still calls Truncate() on the file before calling Open. A new p9 version check was added to ensure that the p9 server can handle the the OpenTruncate flag. If not, then the flag is stripped before sending. PiperOrigin-RevId: 281609112
2019-11-18Add vfs.GenericParseMountOptions().Jamie Liu
Equivalent to fs.GenericMountSourceOptions(). PiperOrigin-RevId: 281179287
2019-11-18platform/ptrace: use host.GetCPU instead of the getcpu syscallAndrei Vagin
This should save ~200ns from switchToApp (on ptrace too). // mpratt PiperOrigin-RevId: 281159895
2019-11-18Merge pull request #1177 from xiaobo55x:fs_hostgVisor bot
PiperOrigin-RevId: 281112758
2019-11-18release: fix tag scriptAdin Scannell
The tag script, when not run interactively, will fail without a provided commit message (since it now uses annotated tags). For now, use a trivial message. In the future, this could be extended to provide automated release notes. PiperOrigin-RevId: 281112651
2019-11-15Automated rollback of changelist 280594395Bhasker Hariharan
PiperOrigin-RevId: 280763655
2019-11-15Handle in-flight TCP segments when moving to CLOSE.Mithun Iyer
As we move to CLOSE state from LAST-ACK or TIME-WAIT, ensure that we re-match all in-flight segments to any listening endpoint. Also fix LISTEN state handling of any ACK segments as per RFC793. Fixes #1153 PiperOrigin-RevId: 280703556
2019-11-15Do not set finalizer on p9.ClientFile.Jamie Liu
Aside from the performance hit, there is no guarantee that p9.ClientFile's finalizer runs before the associated p9.Client is closed. PiperOrigin-RevId: 280702509
2019-11-14Fix panic when logging raw packets via sniffer.Kevin Krakauer
Sniffer assumed that outgoing packets have transport headers, but users can write packets via SOCK_RAW with arbitrary transport headers that netstack doesn't know about. We now explicitly check for the presence of network and transport headers before assuming they exist. PiperOrigin-RevId: 280594395
2019-11-14Fix return codes for {get,set}sockopt for some nullptr cases.Ting-Yu Wang
Updates #1092 PiperOrigin-RevId: 280547239
2019-11-14Check that a file is a regular file with open(O_TRUNC).Kevin Krakauer
It was possible to panic the sentry by opening a cache revalidating folder with O_TRUNC|O_CREAT. Avoids breaking php tests. PiperOrigin-RevId: 280533213
2019-11-14Allow all runtime tests for a language to be run via a single command.Kevin Krakauer
This was intended behavior per the README, but running tests without the --test flag caused an error. Users can now omit the --test flag to run every test for a runtime. PiperOrigin-RevId: 280522025
2019-11-14Avoid unnecessary slice allocation in usermem.BytesIO.blocksFromAddrRanges().Jamie Liu
PiperOrigin-RevId: 280507239
2019-11-14Use PacketBuffers for outgoing packets.Kevin Krakauer
PiperOrigin-RevId: 280455453
2019-11-13test/syscalls/proc: check an return code of waitidAndrei Vagin
PiperOrigin-RevId: 280295208
2019-11-13Fix flaky behaviour during S/R.Bhasker Hariharan
PiperOrigin-RevId: 280280156
2019-11-13Extract linux-specific test setup to separate fileJay Zhuang
PiperOrigin-RevId: 280264564
2019-11-12Use overlay MountSource when binding socket in overlay.Nicolas Lacasse
PiperOrigin-RevId: 280131840
2019-11-13Fix some build errors on arm64.Haibo Xu
Initialize the VDSO "os" and "arch" fields explicitly, or the VDSO load process would failed on arm64 platform. Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: Ic6768df88e43cd7c7956eb630511672ae11ac52f
2019-11-13Enable sentry/fs/host support on arm64.Haibo Xu
newfstatat() syscall is not supported on arm64, so we resort to use the fstatat() syscall. Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: Iea95550ea53bcf85c01f7b3b95da70ad0952177d
2019-11-13Enable runsc/boot support on arm64.Haibo Xu
This patch also include a minor change to replace syscall.Dup2 with syscall.Dup3 which was missed in a previous commit(ref a25a976). Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I00beb9cc492e44c762ebaa3750201c63c1f7c2f3
2019-11-12Add UDP SO_REUSEADDR/SO_REUSEPORT conversion tests.Ian Gudger
Add additional tests for UDP SO_REUSEADDR and SO_REUSEPORT interaction. If all existing all currently bound sockets as well as the current binding socket have SO_REUSEADDR, or if all existing all currently bound sockets as well as the current binding socket have SO_REUSEPORT, binding a currently bound address is allowed. This seems odd since it means that the SO_REUSEADDR/SO_REUSEPORT behavior can change with the binding of additional sockets. PiperOrigin-RevId: 280116163
2019-11-12seccomp: introduce the GreaterThan rule typeAndrei Vagin
PiperOrigin-RevId: 280075805
2019-11-12Do not handle TCP packets that include a non-unicast IP addressGhanan Gowripalan
This change drops TCP packets with a non-unicast IP address as the source or destination address as TCP is meant for communication between two endpoints. Test: Make sure that if the source or destination address contains a non-unicast address, no TCP packet is sent in response and the packet is dropped. PiperOrigin-RevId: 280073731
2019-11-12Discover on-link prefixes from Router Advertisements' Prefix Information optionsGhanan Gowripalan
This change allows the netstack to do NDP's Prefix Discovery as outlined by RFC 4861 section 6.3.4. If configured to do so, when a new on-link prefix is discovered, the routing table will be updated with a device route through the nic the RA arrived at. Likewise, when such a prefix gets invalidated, the device route will be removed. Note, this change will not break existing uses of netstack as the default configuration for the stack options is set in such a way that Prefix Discovery will not be performed. See `stack.Options` and `stack.NDPConfigurations` for more details. This change reuses 1 option and introduces a new one that is required to take advantage of Prefix Discovery, all available under NDPConfigurations: - HandleRAs: Whether or not NDP RAs are processes - DiscoverOnLinkPrefixes: Whether or not Prefix Discovery is performed (new) Another note: for a NIC to process Prefix Information options (in Router Advertisements), it must not be a router itself. Currently the netstack does not have per-interface routing configuration; the routing/forwarding configuration is controlled stack-wide. Therefore, if the stack is configured to enable forwarding/routing, no router Advertisements (and by extension the Prefix Information options) will be processed. Tests: Unittest to make sure that Prefix Discovery and updates to the routing table only occur if explicitly configured to do so. Unittest to make sure at max stack.MaxDiscoveredOnLinkPrefixes discovered on-link prefixes are remembered. PiperOrigin-RevId: 280049278
2019-11-12Add tests for SO_REUSEADDR and SO_REUSEPORT.Ian Gudger
* Basic tests for the SO_REUSEADDR and SO_REUSEPORT options. * SO_REUSEADDR functional tests for TCP and UDP. * SO_REUSEADDR and SO_REUSEPORT interaction tests for UDP. * Stubbed support for UDP getsockopt(SO_REUSEADDR). PiperOrigin-RevId: 280049265
2019-11-12kokoro: correct a path to outputs.zipAndrei Vagin
PiperOrigin-RevId: 280021914
2019-11-11Update ephemeral port reservation tests.Ian Gudger
The existing tests which are disabled on gVisor are failing because we default to SO_REUSEADDR being enabled for TCP sockets. Update the test comments. Also add new tests for enabled SO_REUSEADDR. PiperOrigin-RevId: 279862275
2019-11-11Merge pull request #918 from lubinszARM:pr_ring0gVisor bot
PiperOrigin-RevId: 279840214
2019-11-11Remove obsolete TODO. This is now fixed.Bhasker Hariharan
PiperOrigin-RevId: 279835100
2019-11-11Add more extended features.Brad Burlage
PiperOrigin-RevId: 279820435
2019-11-11Make `connect` on socket returned by `accept` correctly error out with EISCONNgVisor bot
PiperOrigin-RevId: 279814493
2019-11-08Merge pull request #1158 from andrew-d:andrew/rules-gogVisor bot
PiperOrigin-RevId: 279425005
2019-11-08test: merge log files of all shards for each test suiteAndrei Vagin
This significantly speeds up a process of uploading this files to sponge and resultstore by kokoro. PiperOrigin-RevId: 279416349
2019-11-08kokoro: update images to install zipAndrei Vagin
PiperOrigin-RevId: 279406266