summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-02-13We can now create and jump in iptables. For example:Kevin Krakauer
$ iptables -N foochain $ iptables -A INPUT -j foochain
2020-02-13Ensure the marshalled object doesn't escape.gVisor bot
Add new Marshallable interface methods CopyIn/CopyOut, which can be directly called on the marshalled object, avoiding an interface indirection. Such indirections are problematic because they always cause the marshalled object to escape. PiperOrigin-RevId: 295028010
2020-02-13Merge pull request #1791 from kevinGC:uchainsgVisor bot
PiperOrigin-RevId: 294957297
2020-02-13Internal change.gVisor bot
PiperOrigin-RevId: 294952610
2020-02-13Call py_requirement with named argument for optional kwarg.gVisor bot
PiperOrigin-RevId: 294930818
2020-02-12Minor runtime test fixes.gVisor bot
* Allow scripts/common.sh to be sourced from outside the scripts/ directory * Fix passing empty args to Bazel, which causes the tool to exit with a failure even if the command succeeds. PiperOrigin-RevId: 294785456
2020-02-12iptables: User chainsKevin Krakauer
- Adds creation of user chains via `-N <chainname>` - Adds `-j RETURN` support for built-in chains, which triggers the chain's underflow rule (usually the default policy). - Adds tests for chain creation, default policies, and `-j RETURN' from built-in chains.
2020-02-12Include more test files in exports_filesgVisor bot
So that they can be included by Fuchsia's syscall tests PiperOrigin-RevId: 294654890
2020-02-11Simplify atomic operationsgVisor bot
PiperOrigin-RevId: 294582802
2020-02-11Ensure fsimpl/gofer.dentryPlatformFile.hostFileMapper is initialized.gVisor bot
Fixes #1812. (The more direct cause of the deadlock is panic unsafety because the historically high cost of defer means that we avoid it in hot paths, including much of MM; defer is much cheaper as of Go 1.14, but still a measurable overhead.) PiperOrigin-RevId: 294560316
2020-02-11Fix up test/runtimes/README.md.gVisor bot
In particular, explain how to push updates to the images. PiperOrigin-RevId: 294508879
2020-02-11Disallow duplicate NIC names.gVisor bot
PiperOrigin-RevId: 294500858
2020-02-11Stateify: register types with full package namesgVisor bot
This is to avoid conflicts with types that share the same [short] package and type names, e.g. proc.smapsData exist in pkg/sentry/fs/proc and pkg/sentry/fsimpl/proc. Updates #1663 PiperOrigin-RevId: 294485146
2020-02-11Prevent DATA RACE in UnstableAttr.Adin Scannell
The slaveInodeOperations is currently copying the object when truncate is called (which is a no-op). This may result in a (unconsequential) data race when being modified concurrently. PiperOrigin-RevId: 294484276
2020-02-11Move Align{Up,Down} into binary package.gVisor bot
PiperOrigin-RevId: 294477647
2020-02-10Merge pull request #1775 from kevinGC:tcp-matchers-submitgVisor bot
PiperOrigin-RevId: 294340468
2020-02-10Cleanup internal package group.Adin Scannell
PiperOrigin-RevId: 294339229
2020-02-10Rename build to builddefs and minor build clean-up.Adin Scannell
The name 'bazel' also doesn't work because bazel will treat it specially. Fixes #1807 PiperOrigin-RevId: 294321221
2020-02-10Refactor getxattr.Dean Deng
Put most of the logic for getxattr in one place for clarity. This simplifies FGetXattr and getXattrFromPath, which are just wrappers for getXattr. PiperOrigin-RevId: 294308332
2020-02-10Clean-up comments in runsc/BUILD and CONTRIBUTING.md.Adin Scannell
PiperOrigin-RevId: 294300437
2020-02-10Add context to note.Adin Scannell
PiperOrigin-RevId: 294300040
2020-02-10Add flag package to limit visibility.Adin Scannell
PiperOrigin-RevId: 294297004
2020-02-10Add context to comments.Adin Scannell
PiperOrigin-RevId: 294295852
2020-02-10Add contextual comment.Adin Scannell
PiperOrigin-RevId: 294289066
2020-02-10Fix build_file in runtimes_tests.Brad Burlage
PiperOrigin-RevId: 294286242
2020-02-10Add contextual note.Adin Scannell
PiperOrigin-RevId: 294285723
2020-02-10Document MinimumTotalMemoryBytes.Adin Scannell
PiperOrigin-RevId: 294273559
2020-02-10Redirect FIXME to gvisor.devFabricio Voznika
PiperOrigin-RevId: 294272755
2020-02-10Move x86 state definition to its own file.Brad Burlage
PiperOrigin-RevId: 294271541
2020-02-10Update visibility.Adin Scannell
PiperOrigin-RevId: 294265019
2020-02-10iptables: add instructions for runsc building.Kevin Krakauer
The readme didn't mention that users need to: - `bazel build` when working on iptables tests - enable raw sockets in /etc/docker/daemon.json. PiperOrigin-RevId: 294260169
2020-02-10Merge pull request #1453 from xiaobo55x:cpuidgVisor bot
PiperOrigin-RevId: 294257911
2020-02-10Bump rules_go, gazelle, and go toolchain.Nicolas Lacasse
PiperOrigin-RevId: 294253155
2020-02-10Internal change.Zach Koopmans
PiperOrigin-RevId: 294250370
2020-02-10Fix wrong path for ruby benchmark.Zach Koopmans
PiperOrigin-RevId: 294224689
2020-02-10Enable pkg/cpuid support on arm64.Haibo Xu
Fixes #1255 Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I8614e6f3ee321c2989567e4e712aa8f28cc9db14
2020-02-07Support listxattr and removexattr syscalls.Dean Deng
Note that these are only implemented for tmpfs, and other impls will still return EOPNOTSUPP. PiperOrigin-RevId: 293899385
2020-02-07Log level, optname, optval and optlen in getsockopt/setsockopt in strace.Ian Gudger
Log 8, 16, and 32 int optvals and dump the memory of other sizes. Updates #1782 PiperOrigin-RevId: 293889388
2020-02-07Address GH comments.Kevin Krakauer
2020-02-07Refactor syscall testsJay Zhuang
- Move shared helpers V4Multicast and V4Broadcast to socket_test_util - Add unnamed namespace so socket_ipv4_tcp_unbound_external_networking_test.cc and socket_ipv4_udp_unbound_external_networking_test.cc can be compiled together - Add test files to "exports_files" so they can be included by Fuchsia's syscall test setup PiperOrigin-RevId: 293880429
2020-02-06Send DAD event when DAD resolves immediatelyGhanan Gowripalan
Previously, a DAD event would not be sent if DAD was disabled. This allows integrators to do some work when an IPv6 address is bound to a NIC without special logic that checks if DAD is enabled. Without this change, integrators would need to check if a NIC has DAD enabled when an address is auto-generated. If DAD is enabled, it would need to delay the work until the DAD completion event; otherwise, it would need to do the work in the address auto-generated event handler. Test: stack_test.TestDADDisabled PiperOrigin-RevId: 293732914
2020-02-06Fix TestPauseResume in container test failed with connection refused.Ting-Yu Wang
Sometimes we get this error under TSAN: """ error getting process data from container: connecting to control server at PID XXXX: connection refused """ The theory is that the top "sleep 20" was too short for TSAN, and the container already exited, so we get connected refused. This commit changes the test to let container signaling it's running by touching a file repeatedly forever during the test. PiperOrigin-RevId: 293710957
2020-02-06Merge branch 'master' into tcp-matchers-submitKevin Krakauer
2020-02-06Auto-generate link-local address as a SLAAC addressGhanan Gowripalan
Auto-generated link-local addresses should have the same lifecycle hooks as global SLAAC addresses. The Stack's NDP dispatcher should be notified when link-local addresses are auto-generated and invalidated. They should also be removed when a NIC is disabled (which will be supported in a later change). Tests: - stack_test.TestNICAutoGenAddrWithOpaque - stack_test.TestNICAutoGenAddr PiperOrigin-RevId: 293706760
2020-02-06Add logic to run from baked images.Zach Koopmans
Change adds the following: - logic to run from "baked images". See [GVISOR_DIR]/tools/images - installers which install modified files from a workspace. This allows users to run benchmarks while modifying runsc. - removes the --preemptible tag from built GCE instances. Preemptible instances are much more likely to be preempted on startup, which manifests for the user as a failed benchmark. I don't currently have a way to detect if a VM has been preempted that will work for this change. https://cloud.google.com/compute/docs/instances/preemptible#preemption_process https://cloud.google.com/compute/docs/instances/preemptible#preemption_selection PiperOrigin-RevId: 293697949
2020-02-06Perform DAD on IPv6 addresses when enabling a NICGhanan Gowripalan
Addresses may be added before a NIC is enabled. Make sure DAD is performed on the permanent IPv6 addresses when they get enabled. Test: - stack_test.TestDoDADWhenNICEnabled - stack.TestDisabledRxStatsWhenNICDisabled PiperOrigin-RevId: 293697429
2020-02-06Fix `bazel run` target in docs.Kevin Krakauer
PiperOrigin-RevId: 293676954
2020-02-06Make gonet consistent both internally and with the net package.Ian Gudger
The types gonet.Conn and gonet.PacketConn were confusingly named as both implemented net.Conn. Further, gonet.Conn was perhaps unexpectedly TCP-specific (net.Conn is not). This change renames them to gonet.TCPConn and gonet.UDPConn. Renames gonet.NewListener to gonet.ListenTCP and adds a new gonet.NewTCPListner function to be consistent with both the gonet.DialXxx and gonet.NewXxxConn functions as well as net.ListenTCP. Updates #1632 PiperOrigin-RevId: 293671303
2020-02-06runsc/container_test: hide host /etc in test containersAndrei Vagin
The host /etc can contain config files which affect tests. For example, bash reads /etc/passwd and if it is too big a test can fail by timeout. PiperOrigin-RevId: 293670637
2020-02-06Update link address for targets of Neighbor AdvertsGhanan Gowripalan
Get the link address for the target of an NDP Neighbor Advertisement from the NDP Target Link Layer Address option. Tests: - ipv6.TestNeighorAdvertisementWithTargetLinkLayerOption - ipv6.TestNeighorAdvertisementWithInvalidTargetLinkLayerOption PiperOrigin-RevId: 293632609