Age | Commit message (Collapse) | Author |
|
|
|
Linux controls socket send/receive buffers using a few sysctl variables
- net.core.rmem_default
- net.core.rmem_max
- net.core.wmem_max
- net.core.wmem_default
- net.ipv4.tcp_rmem
- net.ipv4.tcp_wmem
The first 4 control the default socket buffer sizes for all sockets
raw/packet/tcp/udp and also the maximum permitted socket buffer that can be
specified in setsockopt(SOL_SOCKET, SO_(RCV|SND)BUF,...).
The last two control the TCP auto-tuning limits and override the default
specified in rmem_default/wmem_default as well as the max limits.
Netstack today only implements tcp_rmem/tcp_wmem and incorrectly uses it
to limit the maximum size in setsockopt() as well as uses it for raw/udp
sockets.
This changelist introduces the other 4 and updates the udp/raw sockets to use
the newly introduced variables. The values for min/max match the current
tcp_rmem/wmem values and the default value buffers for UDP/RAW sockets is
updated to match the linux value of 212KiB up from the really low current value
of 32 KiB.
Updates #3043
Fixes #3043
PiperOrigin-RevId: 318089805
|
|
|
|
Previously, it was not possible to encode/decode an object graph which
contained a pointer to a field within another type. This was because the
encoder was previously unable to disambiguate a pointer to an object and a
pointer within the object.
This CL remedies this by constructing an address map tracking the full memory
range object occupy. The encoded Refvalue message has been extended to allow
references to children objects within another object. Because the encoding
process may learn about object structure over time, we cannot encode any
objects under the entire graph has been generated.
This CL also updates the state package to use standard interfaces intead of
reflection-based dispatch in order to improve performance overall. This
includes a custom wire protocol to significantly reduce the number of
allocations and take advantage of structure packing.
As part of these changes, there are a small number of minor changes in other
places of the code base:
* The lists used during encoding are changed to use intrusive lists with the
objectEncodeState directly, which required that the ilist Len() method is
updated to work properly with the ElementMapper mechanism.
* A bug is fixed in the list code wherein Remove() called on an element that is
already removed can corrupt the list (removing the element if there's only a
single element). Now the behavior is correct.
* Standard error wrapping is introduced.
* Compressio was updated to implement the new wire.Reader and wire.Writer
inteface methods directly. The lack of a ReadByte and WriteByte caused issues
not due to interface dispatch, but because underlying slices for a Read or
Write call through an interface would always escape to the heap!
* Statify has been updated to support the new APIs.
See README.md for a description of how the new mechanism works.
PiperOrigin-RevId: 318010298
|
|
|
|
Also refactor HandleDeletion().
Updates #1479.
PiperOrigin-RevId: 317989000
|
|
|
|
This CL does a handful of things:
- Support O_DSYNC, O_SYNC
- Support O_APPEND and document an unavoidable race condition
- Ignore O_DIRECT; we probably don't want to allow applications to set O_DIRECT
on the host fd itself.
- Leave a TODO for supporting O_NONBLOCK, which is a simple fix once RWF_NOWAIT
is supported.
- Get rid of caching TODO; force_page_cache is not configurable for host fs in
vfs1 or vfs2 after whitelist fs was removed.
- For the remaining TODOs, link to more specific bugs.
Fixes #1672.
PiperOrigin-RevId: 317985269
|
|
|
|
Support is limited to the functionality that exists in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317981417
|
|
|
|
Events were only skipped on parent directories after their children were
unlinked; events on the unlinked file itself need to be skipped as well.
As a result, all Watches.Notify() calls need to know whether the dentry where
the call came from was unlinked.
Updates #1479.
PiperOrigin-RevId: 317979476
|
|
|
|
Because there is no inode structure stored in the sandbox, inotify watches
must be held on the dentry. This would be an issue in the presence of hard
links, where multiple dentries would need to share the same set of watches,
but in VFS2, we do not support the internal creation of hard links on gofer
fs. As a result, we make the assumption that every dentry corresponds to a
unique inode.
Furthermore, dentries can be cached and then evicted, even if the underlying
file has not be deleted. We must prevent this from occurring if there are any
watches that would be lost. Note that if the dentry was deleted or invalidated
(d.vfsd.IsDead()), we should still destroy it along with its watches.
Additionally, when a dentry’s last watch is removed, we cache it if it also
has zero references. This way, the dentry can eventually be evicted from
memory if it is no longer needed. This is accomplished with a new dentry
method, OnZeroWatches(), which is called by Inotify.RmWatch and
Inotify.Release. Note that it must be called after all inotify locks are
released to avoid violating lock order. Stress tests are added to make sure
that inotify operations don't deadlock with gofer.OnZeroWatches.
Updates #1479.
PiperOrigin-RevId: 317958034
|
|
|
|
It preserves the same functionality (almost none) as in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317943522
|
|
|
|
PiperOrigin-RevId: 317933650
|
|
|
|
PiperOrigin-RevId: 317796028
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317700049
|
|
|
|
Correct behavior when given zero size arguments and trying to set user.* xattrs
on files other than regular files or directories.
Updates #2923.
PiperOrigin-RevId: 317590409
|
|
|
|
- Return ENOENT if target path is empty.
- Make sure open(2) with O_CREAT|O_EXCL returns EEXIST when necessary.
- Correctly update atime in tmpfs using touchATime().
Updates #2923.
PiperOrigin-RevId: 317382655
|
|
|
|
Make proc/self/fd iteration work properly. Also, the comment on
kernfs.Inode.IterDirents did not accurately reflect how parameters should be
used/were used in kernfs.Inode impls other than fdDir.
Updates #2923.
PiperOrigin-RevId: 317370325
|
|
|
|
Like vfs1, we have a trivial implementation that ignores all valid advice.
Updates #2923.
PiperOrigin-RevId: 317349505
|
|
|
|
Test:
- TestIncrementChecksumErrors
Fixes #2943
PiperOrigin-RevId: 317348158
|
|
|
|
Check for unsupported flags, and silently support RWF_HIPRI by doing nothing.
From pkg/abi/linux/file.go: "gVisor does not implement the RWF_HIPRI feature,
but the flag is accepted as a valid flag argument for preadv2/pwritev2."
Updates #2923.
PiperOrigin-RevId: 317330631
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317314460
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317298186
|
|
|
|
Always check if a synthetic file already exists at a location before creating a
file there, and do not try to delete synthetic gofer files from the remote fs.
This fixes runsc_ptrace socket tests that create/unlink synthetic, named socket
files.
Updates #2923.
PiperOrigin-RevId: 317293648
|
|
|
|
Updates #2923.
PiperOrigin-RevId: 317246916
|
|
|
|
It accesses e.receiver which is protected by the endpoint lock.
WARNING: DATA RACE
Write at 0x00c0006aa2b8 by goroutine 189:
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect.func1()
pkg/sentry/socket/unix/transport/connectioned.go:359 +0x50
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).BidirectionalConnect()
pkg/sentry/socket/unix/transport/connectioned.go:327 +0xa3c
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).Connect()
pkg/sentry/socket/unix/transport/connectioned.go:363 +0xca
pkg/sentry/socket/unix.(*socketOpsCommon).Connect()
pkg/sentry/socket/unix/unix.go:420 +0x13a
pkg/sentry/socket/unix.(*SocketOperations).Connect()
<autogenerated>:1 +0x78
pkg/sentry/syscalls/linux.Connect()
pkg/sentry/syscalls/linux/sys_socket.go:286 +0x251
Previous read at 0x00c0006aa2b8 by goroutine 270:
pkg/sentry/socket/unix/transport.(*baseEndpoint).Connected()
pkg/sentry/socket/unix/transport/unix.go:789 +0x42
pkg/sentry/socket/unix/transport.(*connectionedEndpoint).State()
pkg/sentry/socket/unix/transport/connectioned.go:479 +0x2f
pkg/sentry/socket/unix.(*socketOpsCommon).State()
pkg/sentry/socket/unix/unix.go:714 +0xc3e
pkg/sentry/socket/unix.(*socketOpsCommon).SendMsg()
pkg/sentry/socket/unix/unix.go:466 +0xc44
pkg/sentry/socket/unix.(*SocketOperations).SendMsg()
<autogenerated>:1 +0x173
pkg/sentry/syscalls/linux.sendTo()
pkg/sentry/syscalls/linux/sys_socket.go:1121 +0x4c5
pkg/sentry/syscalls/linux.SendTo()
pkg/sentry/syscalls/linux/sys_socket.go:1134 +0x87
Reported-by: syzbot+c2be37eedc672ed59a86@syzkaller.appspotmail.com
PiperOrigin-RevId: 317236996
|
|
|
|
Metadata was useful for debugging and safety, but enough tests exist that we
should see failures when (de)serialization is broken. It made stack
initialization more cumbersome and it's also getting in the way of ip6tables.
PiperOrigin-RevId: 317210653
|
|
|
|
PiperOrigin-RevId: 317180925
|
|
|
|
Updates #2972
PiperOrigin-RevId: 317113059
|