| Age | Commit message (Collapse) | Author |
|---|
|
PiperOrigin-RevId: 226387521
Change-Id: I0579ab262320fde6c72d2994dd38437f01a99ea5
|
|
"RLIMIT_MEMLOCK: This is the maximum number of bytes of memory that may
be locked into RAM." - getrlimit(2)
PiperOrigin-RevId: 226384346
Change-Id: Iefac4a1bb69f7714dc813b5b871226a8344dc800
|
|
PiperOrigin-RevId: 226350590
Change-Id: Idff080705f644f8f78ce92b53c77eecc37e002e7
|
|
PiperOrigin-RevId: 226224230
Change-Id: Id24c7d3733722fd41d5fe74ef64e0ce8c68f0b12
|
|
Implement pwritev2 and associated unit tests.
Clean up preadv2 unit tests.
Tag RWF_ flags in both preadv2 and pwritev2 with associated bug tickets.
PiperOrigin-RevId: 226222119
Change-Id: Ieb22672418812894ba114bbc88e67f1dd50de620
|
|
Also remove useless RSS changes in mm.movePMAsLocked().
PiperOrigin-RevId: 226052996
Change-Id: If59fd259b93238fb2f15c1c8ebfeda14cb590a87
|
|
PiperOrigin-RevId: 226037787
Change-Id: I5fb5f55f68b67dd86bbff46349b46e3e8e6b9d1b
|
|
... as required by the latter's precondition.
PiperOrigin-RevId: 226033824
Change-Id: I6bc46d0e100c61cc58cb5fc69e70c4ca905cd92d
|
|
PiperOrigin-RevId: 226029237
Change-Id: I6fcdb241d635468beb6d6c173f2e7f96d715bf26
|
|
PiperOrigin-RevId: 226018694
Change-Id: I98965e26fe565f37e98e5df5f997363ab273c91b
|
|
PiperOrigin-RevId: 225992500
Change-Id: Icc8b1675f1cb625fc5e8ef7389beb42fa7bfaa13
|
|
Connectionless Unix sockets (DGRAM Unix sockets created with the socket system
call) inherently only have a read queue. They do not establish bidirectional
connections, instead, the connect system call only sets a default send
location. Writes give the data to the other endpoint which has its own read
queue.
To simplify the code, connectionless Unix sockets still get read and write
queues, but the write queue is a dummy and never waited on. The read queue is
the connectionless endpoint's queue. This change fixes a bug where the dummy
queue was incorrectly set as the read queue and the endpoint's queue was
incorrectly set as the write queue. This meant that read notifications went
to the dummy queue and were black holed.
PiperOrigin-RevId: 225921042
Change-Id: I8d9059def787a2c3c305185b92d05093fbd2be2a
|
|
Never to used outside of runsc tests!
PiperOrigin-RevId: 225919013
Change-Id: Ib3b14aa2a2564b5246fb3f8933d95e01027ed186
|
|
PiperOrigin-RevId: 225887356
Change-Id: Iee000dcfc9e0168c2566edf41c66108be9b68cd6
|
|
PiperOrigin-RevId: 225883292
Change-Id: I7e7f139d5865914c51866ea1d23220fcf221748c
|
|
The old overlayBoundEndpoint assumed that the lower is not an overlay. It
should check if the lower is an overlay and handle that case.
PiperOrigin-RevId: 225882303
Change-Id: I60660c587d91db2826e0719da0983ec8ad024cb8
|
|
This will make it easier to add RBE to bazel.
PiperOrigin-RevId: 225865250
Change-Id: I530b5e09875267c18dc6e7e16590fe9e128253ac
|
|
Currently mlock() and friends do nothing whatsoever. However, mlocking
is directly application-visible in a number of ways; for example,
madvise(MADV_DONTNEED) and msync(MS_INVALIDATE) both fail on mlocked
regions. We handle this inconsistently: MADV_DONTNEED is too important
to not work, but MS_INVALIDATE is rejected.
Change MM to track mlocked regions in a manner consistent with Linux.
It still will not actually pin pages into host physical memory, but:
- mlock() will now cause sentry memory management to precommit mlocked
pages.
- MADV_DONTNEED and MS_INVALIDATE will interact with mlocked pages as
described above.
PiperOrigin-RevId: 225861605
Change-Id: Iee187204979ac9a4d15d0e037c152c0902c8d0ee
|
|
PiperOrigin-RevId: 225854218
Change-Id: I7843e9e04c58a87d3a7e20d43e64c677ad9c961b
|
|
Same as with broadcast packets, sending of a multicast packet shouldn't require
accessing the route table. The same applies to IPv6 link-local addresses, which
aren't routable at all (they don't belong to any subnet by definition).
PiperOrigin-RevId: 225775870
Change-Id: Ic53e6560c125a83be2be9c3d112e66b36e8dfe7b
|
|
PiperOrigin-RevId: 225646045
Change-Id: Ic712ebc627587ef4a9486f0b39fe8c96100f10ff
|
|
Go 1.11.3 has a bug:
https://github.com/golang/go/issues/29241
This is fixed/workarounded in containerd:
https://github.com/containerd/containerd/commit/52de3717005eb20141c305bd93ff0d6ee5dfecb6
Until that commit has made it into a tagged version, we will use containerd at
head.
PiperOrigin-RevId: 225636987
Change-Id: I7e32beb7751f566f5b41682a29a14442c1aa56c2
|
|
Adds a code of conduct to the gVisor project that follows
the Google Open Source Office recommended CoC.
Change-Id: Iec85e93991765177aa681c4179ed0e4f2eb7b4d5
PiperOrigin-RevId: 225633127
|
|
PiperOrigin-RevId: 225632398
Change-Id: I909e7e2925aa369adc28e844c284d9a6108e85ce
|
|
PiperOrigin-RevId: 225621767
Change-Id: Ie3a42cdf0b0de22a020ff43e307bf86409cff329
|
|
PiperOrigin-RevId: 225620490
Change-Id: Ia726107b3f58093a5f881634f90b071b32d2c269
|
|
PiperOrigin-RevId: 225599728
Change-Id: I70cd9f9d7375e56ae8d0a531ad4efb41418e7402
|
|
PiperOrigin-RevId: 225574278
Change-Id: If5060a37e8a9b0120bec2b5de4037354f0eaba16
|
|
PiperOrigin-RevId: 225465835
Change-Id: Iee467e493e5df0a9e149b131f54b0af84d221051
|
|
PiperOrigin-RevId: 225455503
Change-Id: I327fc6e7ba26532b628f343dece3bd9fc4d3b524
|
|
If the sandbox process is dead (because of a panic or some other problem),
container.Destroy will never remove the container metadata file, since it will
always fail when calling container.stop().
This CL changes container.Destroy() to always perform the three necessary
cleanup operations:
* Stop the sandbox and gofer processes.
* Remove the container fs on the host.
* Delete the container metadata directory.
Errors from these three operations will be concatenated and returned from
Destroy().
PiperOrigin-RevId: 225448164
Change-Id: I99c6311b2e4fe5f6e2ca991424edf1ebeae9df32
|
|
This test suite was creating shm segments without ensuring they were
cleaned up. Shm segments outlive the process creating them, so on a
standard linux machine the test was leaving segments behind after each
run. This would often cause failures as test cases would be affected
by the cases that ran before them and left unexpected segments lying
around.
Also skip some assertions around memory usage when running on a Linux
host, as we can't reason about external users of shm segments.
PiperOrigin-RevId: 225435523
Change-Id: Ia299dacf59045002436f5e30dcc131f679bb7272
|
|
PiperOrigin-RevId: 225424296
Change-Id: I60fcc2b859339dca9963cb32227a287e719ab765
|
|
PiperOrigin-RevId: 225421480
Change-Id: I1e9259b0b7e8490164e830b73338a615129c7f0e
|
|
This ensures that we know what type of socket caused a timeout.
PiperOrigin-RevId: 225294255
Change-Id: I9033bd0f3791d3b5714aa08d111cf58a3014d252
|
|
Platform objects are not savable, storing references to them in
filesystem datastructures would cause save to fail if someone actually
passed in a Platform.
Current implementations work because everywhere a Platform is
expected, we currently pass in a Kernel object which embeds Platform
and thus satisfies the interface.
Eliminate this indirection and save pointers to Kernel directly.
PiperOrigin-RevId: 225288336
Change-Id: Ica399ff43f425e15bc150a0d7102196c3d54a2ab
|
|
PiperOrigin-RevId: 225240907
Change-Id: Ie568ce3cd643f3e4a0eaa0444f4ed589dcf6031f
|
|
This is necessary to implement file seals for memfds.
PiperOrigin-RevId: 225239394
Change-Id: Ib3f1ab31385afc4b24e96cd81a05ef1bebbcbb70
|
|
This allows ValueOrDie() to be called on PosixErrorOr rvalues (e.g.
temporaries) holding move-only types without extraneous std::move()s.
PiperOrigin-RevId: 225098036
Change-Id: I662862e4f3562141f941845fc6e197edb27ce29b
|
|
This option is effectively equivalent to -panic-signal, except that the
sandbox does not die after logging the traceback.
PiperOrigin-RevId: 225089593
Change-Id: Ifb1c411210110b6104613f404334bd02175e484e
|
|
unshare actually takes a subset of clone flags, but has no unique flags,
so formatting as clone flags is close enough.
PiperOrigin-RevId: 225082774
Change-Id: I5b580f18607c7785f323e37809094115520a17c0
|
|
PiperOrigin-RevId: 225054712
Change-Id: I26e8bc3ef04fe96a4640e50ba4b635d4aa72cc50
|
|
PiperOrigin-RevId: 225046313
Change-Id: I95fe9c353a5bec13e6ad99094b7741a0e160e4d0
|
|
PiperOrigin-RevId: 225041520
Change-Id: Ib1afc693e592d308d60db82022c5b7743fd3c646
|
|
The argument is --test_tag_filters, not --test_tag_filter.
Also switch to ... instead of :*, as it doesn't require special shell
quoting to avoid * expansion.
PiperOrigin-RevId: 224949618
Change-Id: I45dd6acbaeae29f2cc0baa977b086b5c037c6a88
|
|
Updated the README to correct some wording and clarify a bit that containerd
CRI runtime is needed.
PiperOrigin-RevId: 224944753
Change-Id: I7b9c527500f99571aca7ef73058472ae9b3d5371
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I565214581eeb44045169da7f44d45a489082ac3a
PiperOrigin-RevId: 224938170
|
|
MSG_WAITALL requests that recv family calls do not perform short reads. It only
has an effect for SOCK_STREAM sockets, other types ignore it.
PiperOrigin-RevId: 224918540
Change-Id: Id97fbf972f1f7cbd4e08eec0138f8cbdf1c94fe7
|
|
PiperOrigin-RevId: 224886231
Change-Id: I0fccb4d994601739d8b16b1d4e6b31f40297fb22
|
|
PiperOrigin-RevId: 224865061
Change-Id: I6aa31f880931980ad2fc4c4b3cc4c532aacb31f4
|
