Age | Commit message (Collapse) | Author |
|
|
|
- Allow the gofer client to use most xattr namespaces. As documented by the
updated comment, this is consistent with e.g. Linux's FUSE client, and allows
gofers to provide extended attributes from FUSE filesystems.
- Make tmpfs' listxattr omit xattrs in the "trusted" namespace for
non-privileged users.
PiperOrigin-RevId: 378778854
|
|
|
|
The control files enumerating tasks and threads residing in cgroupfs
incorrectly locks cgroupfs.filesystem.tasksMu before
kernel.TaskSet.mu.
The contents of these control files are inherently racy anyways, so
use a snapshot of the tasks in the cgroup and drop tasksMu before
resolving pids/tids (which acquires TaskSet.mu).
PiperOrigin-RevId: 378767060
|
|
|
|
Set it to int32 max because gVisor doesn't have a limit.
Fixes #2337
PiperOrigin-RevId: 378722230
|
|
|
|
PiperOrigin-RevId: 377966969
|
|
Avoids a race condition at kernel initialization.
Updates #6057.
PiperOrigin-RevId: 377357723
|
|
|
|
PiperOrigin-RevId: 376001603
|
|
PiperOrigin-RevId: 375843579
|
|
Remove useless conversions. Avoid unhandled errors.
PiperOrigin-RevId: 375834275
|
|
|
|
PiperOrigin-RevId: 375780659
|
|
|
|
This metric is replaced by /cloud/gvisor/sandbox/sentry/suspicious_operations
metric with field value opened_write_execute_file.
PiperOrigin-RevId: 374509823
|
|
|
|
The new metric contains fields and will replace the below existing metric:
- opened_write_execute_file
PiperOrigin-RevId: 373884604
|
|
|
|
O_PATH is now implemented in vfs2.
Fixes #2782.
PiperOrigin-RevId: 373861410
|
|
|
|
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt:
/proc/sys/net/ipv4/* Variables:
ip_forward - BOOLEAN
0 - disabled (default)
not 0 - enabled
Forward Packets between interfaces.
This variable is special, its change resets all configuration
parameters to their default state (RFC1122 for hosts, RFC1812
for routers)
/proc/sys/net/ipv4/ip_forward only does work when its value is changed
and always returns the last written value. The last written value may
not reflect the current state of the netstack (e.g. when `ip_forward`
was written a value of "1" then disable forwarding on an interface)
so there is no need for sentry to probe netstack to get the current
forwarding state of interfaces.
```
~$ cat /proc/sys/net/ipv4/ip_forward
0
~$ sudo bash -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
~$ cat /proc/sys/net/ipv4/ip_forward
1
~$ sudo sysctl -a | grep ipv4 | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.eno1.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.wlp1s0.forwarding = 1
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
~$ sudo sysctl -w net.ipv4.conf.wlp1s0.forwarding=0
net.ipv4.conf.wlp1s0.forwarding = 0
~$ sudo sysctl -a | grep ipv4 | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.eno1.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.wlp1s0.forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
~$ cat /proc/sys/net/ipv4/ip_forward
1
~$ sudo bash -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
~$ sudo sysctl -a | grep ipv4 | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.eno1.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.wlp1s0.forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
~$ sudo bash -c "echo 0 > /proc/sys/net/ipv4/ip_forward"
~$ sudo sysctl -a | grep ipv4 | grep forward
sysctl: unable to open directory "/proc/sys/fs/binfmt_misc/"
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.eno1.forwarding = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.wlp1s0.forwarding = 0
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
~$ cat /proc/sys/net/ipv4/ip_forward
0
```
In the above example we can see that writing "1" to
/proc/sys/net/ipv4/ip_forward configures the stack to be a router (all
interfaces are configured to enable forwarding). However, if we manually
update an interace (`wlp1s0`) to not forward packets,
/proc/sys/net/ipv4/ip_forward continues to return the last written value
of "1", even though not all interfaces will forward packets.
Also note that writing the same value twice has no effect; work is
performed iff the value changes.
This change also removes the 'unset' state from sentry's ip forwarding
data structures as an 'unset' ip forwarding value is the same as leaving
forwarding disabled as the stack is always brought up with forwarding
initially disabled; disabling forwarding on a newly created stack is a
no-op.
PiperOrigin-RevId: 373853106
|
|
|
|
Previously, registration was racy because we were publishing
hierarchies in the registry without fully initializing the underlying
filesystem. This led to concurrent mount(2)s discovering the partially
intialized filesystems and dropping the final refs on them which cause
them to be freed prematurely.
Reported-by: syzbot+13f54e77bdf59f0171f0@syzkaller.appspotmail.com
Reported-by: syzbot+2c7f0a9127ac6a84f17e@syzkaller.appspotmail.com
PiperOrigin-RevId: 373824552
|
|
|
|
Fix TODO comments referring to incorrect issue numbers. Also fix the link in
issue reviver comments to include the right url fragment.
PiperOrigin-RevId: 373491821
|
|
|
|
|
|
This change implements /proc/cmdline with a basic faux command line
"BOOT_IMAGE=/vmlinuz-[version]-gvisor quiet" so apps that may expect
it do not receive errors.
Also tests for the existence of /proc/cmdline as part of the system
call test suite
PiperOrigin-RevId: 372462070
|
|
PiperOrigin-RevId: 372020696
|
|
|
|
In order to resolve path names, fsSymlink.Readlink() may need to reenter
kernfs. Change the code so that kernfs.Inode.Readlink() is called without
locks and document the new contract.
PiperOrigin-RevId: 371770222
|
|
|
|
When a child is added to a parent (directory) dentry, both child and parent are
queued for checkCachingLocked(). Make sure that the parent is queued first
because the parent gained a ref and so could be removed from the LRU cache hence
making space for the new child. This could prevent an LRU cache eviction.
In practice, this did seem to help. ~800 RPCs were reduced while building
//absl/... (ABSL build benchmark). Evictions hurt in 2 ways - create renameMu
contention and destroy a possibly useful dentry which will have to be re-walked
and re-opened later.
Follow up fix for #5859.
PiperOrigin-RevId: 371509392
|
|
|
|
If verification fails for translating mmapped memory, the content should
not be returned. This is not an issue for panic mode, but for error mode
we should return empty content along with the error.
PiperOrigin-RevId: 371393519
|
|
|
|
Originally we were making a WalkGetAttrOne RPC to confirm that a file does not
exist on the remote filesystem - when there was no cached information about the
existence of a dentry at that position.
This change avoids making that RPC and speculatively makes the
mkdir/mknod/linkat/symlink RPC. They will fail with EEXIST if a file exists at
that position as we want.
However the error ordering is important. Existence check comes before
writability check. So we make the existence check when the writability check
fails and give it precedence.
This change saves ~76,000 RPCs while building //absl/... (ABSL build benchmark).
That is 10% of all RPCs made while running that workload.
PiperOrigin-RevId: 371225633
|
|
|
|
PiperOrigin-RevId: 371198372
|
|
|
|
PiperOrigin-RevId: 371015541
|
|
Weirdness metric contains fields to track the number of clock fallback,
partial result and vsyscalls. This metric will avoid the overhead of
having three different metrics (fallbackMetric, partialResultMetric,
vsyscallCount).
PiperOrigin-RevId: 369970218
|
|
|
|
PiperOrigin-RevId: 369724358
|
|
|
|
PiperOrigin-RevId: 369686285
|
|
|
|
The gofer client's LRU cache has a default limit of 1000 dentries. Any attempt
to cache more dentries than that will make the LRU cache evict and destroy the
least recently used dentry. However, the eviction is expensive because it
requires holding fs.renameMu for writing - which in turn creates a lot of
contention. All filesystem operations that involve path traversal require
fs.renameMu for reading atleast.
Therefore, it is in our best interest to keep the cache small and clean.
When a dentry is inserted in the dentry tree, it grabs a ref on its parent for
its entire lifetime. Hence the parent is longer evictable (because refs > 0).
This change additionally calls checkCachingLocked on directories that have been
added to so that they can be removed from the LRU cache if needed.
This change implies that the LRU cache will only contain the leaves from the
filesystem tree which significantly reduces the LRU cache size and consequently
reduces the number of expensive LRU cache evictions.
> Why are opened dentries not removed from LRU cache?
When a file description is open(2)-ed, the file description holds a ref on its
dentry for its entire lifetime. However, calling checkCachingLocked() on opened
dentries actually ends up hurting performance. Applications usually open file
descriptors for a short duration. So upon close(2), the dentry is reinserted
into the cache anyway. So the precautionary work done in removing the opened
dentry from the cache went for waste as it did not really reduce an eviction.
Local benchmarking has shown that this change improves performance by 3-4%.
Across 6 runs, without this change it took 296.127 seconds to build runsc while
with this change it took only 285.136 seconds.
PiperOrigin-RevId: 369510494
|