summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-09-23Fix runsc checksum artifact name.Brad Burlage
scripts/build.sh uses sha512sum, not sha256sum. PiperOrigin-RevId: 270713604
2019-09-23internal BUILD file cleanup.gVisor bot
PiperOrigin-RevId: 270680704
2019-09-20Change vfs.Dirent.Off to NextOff.Jamie Liu
"d_off is the distance from the start of the directory to the start of the next linux_dirent." - getdents(2). PiperOrigin-RevId: 270349685
2019-09-20Allow waiting for LinkEndpoint worker goroutines to finish.Ian Gudger
Previously, the only safe way to use an fdbased endpoint was to leak the FD. This change makes it possible to safely close the FD. This is the first step towards having stoppable stacks. Updates #837 PiperOrigin-RevId: 270346582
2019-09-20fix set hostnameJianfeng Tan
Previously, when we set hostname: $ strace hostname abc ... sethostname("abc", 3) = -1 ENAMETOOLONG (File name too long) ... According to man 2 sethostname: "The len argument specifies the number of bytes in name. (Thus, name does not require a terminating null byte.)" We wrongly use the CopyStringIn() to check terminating zero byte in the implementation of sethostname syscall. To fix this, we use CopyInBytes() instead. Fixes: #861 Reported-by: chenglang.hy <chenglang.hy@antfin.com> Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
2019-09-19Fix p9 integration of flipcall.Jamie Liu
- Do not call Rread.SetPayload(flipcall packet window) in p9.channel.recv(). - Ignore EINTR from ppoll() in p9.Client.watch(). - Clean up handling of client socket FD lifetimes so that p9.Client.watch() never ppoll()s a closed FD. - Make p9test.Harness.Finish() call clientSocket.Shutdown() instead of clientSocket.Close() for the same reason. - Rework channel reuse to avoid leaking channels in the following case (suppose we have two channels): sendRecvChannel len(channels) == 2 => idx = 1 inuse[1] = ch0 sendRecvChannel len(channels) == 1 => idx = 0 inuse[0] = ch1 inuse[1] = nil sendRecvChannel len(channels) == 1 => idx = 0 inuse[0] = ch0 inuse[0] = nil inuse[0] == nil => ch0 leaked - Avoid deadlocking p9.Client.watch() by calling channelsWg.Wait() without holding channelsMu. - Bump p9test:client_test size to medium. PiperOrigin-RevId: 270200314
2019-09-19Update InstallUDSFilters documentation to be accurate to functionality.Robert Tonic
2019-09-19Fix documentation, clean up seccomp filter installation, rename helpers.Robert Tonic
Filter installation has been streamlined and functions renamed. Documentation has been fixed to be standards compliant, and missing documentation added. gofmt has also been applied to modified files.
2019-09-19Remove defer from hot path and ensure Atomic is applied consistently.Adin Scannell
PiperOrigin-RevId: 270114317
2019-09-19Merge pull request #876 from xiaobo55x:hostcpugVisor bot
PiperOrigin-RevId: 270094324
2019-09-19Job control: controlling TTYs and foreground process groups.Kevin Krakauer
Adresses a deadlock with the rolled back change: https://github.com/google/gvisor/commit/b6a5b950d28e0b474fdad160b88bc15314cf9259 Creating a session from an orphaned process group was causing a lock to be acquired twice by a single goroutine. This behavior is addressed, and a test (OrphanRegression) has been added to pty.cc. Implemented the following ioctls: - TIOCSCTTY - set controlling TTY - TIOCNOTTY - remove controlling tty, maybe signal some other processes - TIOCGPGRP - get foreground process group. Also enables tcgetpgrp(). - TIOCSPGRP - set foreground process group. Also enabled tcsetpgrp(). Next steps are to actually turn terminal-generated control characters (e.g. C^c) into signals to the proper process groups, and to send SIGTTOU and SIGTTIN when appropriate. PiperOrigin-RevId: 270088599
2019-09-19Place the host UDS mounting behind --fsgofer-host-uds-allowed.Robert Tonic
This commit allows the use of the `--fsgofer-host-uds-allowed` flag to enable mounting sockets and add the appropriate seccomp filters.
2019-09-19Accelerate byte lookup in string with `bytealg/indexbyte`Hang Su
`bytealg/indexbyte` will use AVX or SSE instruction set, if possible, which could accelerate `CopyStringIn` function by 28%. In worst case(CPU doesn't support SSE), `bytealg/indexbyte` will degenerate to traversal lookup. When dealing with short strings, `bytealg/indexbyte` has the same performance level as before. Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Signed-off-by: Hang Su <darcy.sh@antfin.com>
2019-09-18Shard the runtime tests.Nicolas Lacasse
Default of 20 shards was arbitrary and will need fine-tuning in later CLs. PiperOrigin-RevId: 269922871
2019-09-18Fix dev.sh --refresh to create target dirFabricio Voznika
PiperOrigin-RevId: 269921234
2019-09-18Enable pkg/sentry/hostcpu support on arm64.Haibo Xu
Signed-off-by: Haibo Xu haibo.xu@arm.com Change-Id: I333872da9bdf56ddfa8ab2f034dfc1f36a7d3132
2019-09-18Signalfd supportAdin Scannell
Note that the exact semantics for these signalfds are slightly different from Linux. These signalfds are bound to the process at creation time. Reads, polls, etc. are all associated with signals directed at that task. In Linux, all signalfd operations are associated with current, regardless of where the signalfd originated. In practice, this should not be an issue given how signalfds are used. In order to fix this however, we will need to plumb the context through all the event APIs. This gets complicated really quickly, because the waiter APIs are all netstack-specific, and not generally exposed to the context. Probably not worthwhile fixing immediately. PiperOrigin-RevId: 269901749
2019-09-18Move the component into the repository structure.Adin Scannell
The RELEASE file must be at the top-level for the signed repository to work correctly. PiperOrigin-RevId: 269897109
2019-09-18enable syscalls/linux to support arm64Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com> Change-Id: I45af8a54304f8bb0e248ab15f4e20b173ea9e430
2019-09-17scripts/build.sh: fix kokoro failure "KOKORO_BUILD_NIGHTLY: unbound variable"Andrei Vagin
PiperOrigin-RevId: 269690988
2019-09-17Automated rollback of changelist 268047073Ghanan Gowripalan
PiperOrigin-RevId: 269658971
2019-09-17Follow-up fixes for image tests.Nicolas Lacasse
- Fix ARG syntax in Dockerfiles. - Fix curl commands in Dockerfiles. - Fix some paths in proctor binaries. - Check error from Walk in search helper. PiperOrigin-RevId: 269641686
2019-09-17platform/ptrace: log exit code for stub processesAndrei Vagin
PiperOrigin-RevId: 269631877
2019-09-17Update remaining users of LinkEndpoints to not refer to them as an ID.Ian Gudger
PiperOrigin-RevId: 269614517
2019-09-16Fix artifact pattern for repositories.Adin Scannell
PiperOrigin-RevId: 269468986
2019-09-16Refactor and clean up image tests.Nicolas Lacasse
* Use multi-stage builds in Dockerfiles. * Combine all proctor binaries into a single binary. * Change the TestRunner interface to reduce code duplication. PiperOrigin-RevId: 269462101
2019-09-16Migrate from gflags to absl flagsMichael Pratt
absl flags are more modern and we can easily depend on them directly. The repo now successfully builds with --incompatible_load_cc_rules_from_bzl. PiperOrigin-RevId: 269387081
2019-09-16Bring back to life features lost in recent refactorFabricio Voznika
- Sandbox logs are generated when running tests - Kokoro uploads the sandbox logs - Supports multiple parallel runs - Revive script to install locally built runsc with docker PiperOrigin-RevId: 269337274
2019-09-13gvisor: return ENOTDIR from the unlink syscallAndrei Vagin
ENOTDIR has to be returned when a component used as a directory in pathname is not, in fact, a directory. PiperOrigin-RevId: 269037893
2019-09-13Remove stale configurations.Adin Scannell
PiperOrigin-RevId: 268947847
2019-09-12Update p9 to support flipcall.Adin Scannell
PiperOrigin-RevId: 268845090
2019-09-12Implement splice methods for pipes and sockets.Adin Scannell
This also allows the tee(2) implementation to be enabled, since dup can now be properly supported via WriteTo. Note that this change necessitated some minor restructoring with the fs.FileOperations splice methods. If the *fs.File is passed through directly, then only public API methods are accessible, which will deadlock immediately since the locking is already done by fs.Splice. Instead, we pass through an abstract io.Reader or io.Writer, which elide locks and use the underlying fs.FileOperations directly. PiperOrigin-RevId: 268805207
2019-09-12Remove go_test from go_stateify and go_marshalMichael Pratt
They are no-ops, so the standard rule works fine. PiperOrigin-RevId: 268776264
2019-09-12Merge pull request #843 from nlacasse:versiongVisor bot
PiperOrigin-RevId: 268772451
2019-09-12Automated rollback of changelist 268047073Ghanan Gowripalan
PiperOrigin-RevId: 268757842
2019-09-12Update repository directory structure.Adin Scannell
Currently it will not work with apt out of the box, as we require the dists/ prefix, along with a distribution name. This tweaks the overall structure to allow for the same URL prefix to be used for all repositories, and enables multiple architectures. Fixes #852 PiperOrigin-RevId: 268756104
2019-09-12Bump bazel toolchain.Nicolas Lacasse
This fixes the RBE warning: DEBUG: rbe_default not using checked in configs; Bazel version 0.29.1 was picked/selected but no checked in config was found in map[...] PiperOrigin-RevId: 268747944
2019-09-11Drop unavailable package.Adin Scannell
PiperOrigin-RevId: 268614014
2019-09-11Ensure appropriate tools are installed on image.Adin Scannell
PiperOrigin-RevId: 268608466
2019-09-11Update key environment variables.Adin Scannell
PiperOrigin-RevId: 268604220
2019-09-11Fix authorization for continuous integration.Adin Scannell
The credentials must be explicitly refreshed for pushing to the repository on the Go branch. PiperOrigin-RevId: 268589817
2019-09-11Bump bazel, rules_go, gazelle, and go toolchain to latest versions.Nicolas Lacasse
PiperOrigin-RevId: 268486127
2019-09-11Update required Bazel version in README.Ian Lewis
PiperOrigin-RevId: 268397389
2019-09-10Fix `runsc --version` and add a test.Nicolas Lacasse
We need to include the `--stamp` flag in `tools/workspace_status.sh` for the version to be picked up by the linker. Not sure why. Also changes the VERSION string to STABLE_VERSION, which will cause the program to be re-linked if the string changes. Fixes #830
2019-09-10Fix minor Kokoro issues.Adin Scannell
A recent Kokoro change pointed to go_tests.cfg (in line with the other configurations), which unfortunately broke the presubmits. This change also enabled the KVM tests, which were still using a remote execution strategy. This fixes both of these issues and allows presubmits to pass. One additional test was caught with this case, which seems to have been broken. It's unclear why this was not being caught. PiperOrigin-RevId: 268166291
2019-09-09Fix ephemeral port leak.Ian Gudger
Fix a bug where udp.(*endpoint).Disconnect [accessible in gVisor via epsocket.(*SocketOperations).Connect with AF_UNSPEC] would leak a port reservation if the socket/endpoint had an ephemeral port assigned to it. glibc's getaddrinfo uses connect with AF_UNSPEC, causing each call of getaddrinfo to leak a port. Call getaddrinfo too many times and you run out of ports (shows up as connect returning EAGAIN and getaddrinfo returning EAI_NONAME "Name or service not known"). PiperOrigin-RevId: 268071160
2019-09-09go_marshal: Implement automatic generation of ABI marshalling code.Rahat Mahmood
This CL implements go_marshal, a code generation utility for automatically serializing and deserializing ABI structs. The go_marshal tool automatically generates implementations of the new marshal interface. Unlike binary.Marshal/Unmarshal, the generated interface implementations use no runtime reflection, and translates to a single memcpy for most structs. See go_marshal/README.md for details. PiperOrigin-RevId: 268065475
2019-09-09Merge pull request #824 from amscanne:fix_build2gVisor bot
PiperOrigin-RevId: 268062329
2019-09-09Join IPv6 all-nodes and solicited-node multicast addresses where appropriate.Ghanan Gowripalan
The IPv6 all-nodes multicast address will be joined on NIC enable, and the appropriate IPv6 solicited-node multicast address will be joined when IPv6 addresses are added. Tests: Test receiving packets destined to the IPv6 link-local all-nodes multicast address and the IPv6 solicted node address of an added IPv6 address. PiperOrigin-RevId: 268047073
2019-09-06Remove reundant global tcpip.LinkEndpointID.Ian Gudger
PiperOrigin-RevId: 267709597