Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 315991648
|
|
During inititalization inode struct was copied around, but
it isn't great pratice to copy it around since it contains
ref count and sync.Mutex.
Updates #1480
PiperOrigin-RevId: 315983788
|
|
doAction()->log.TracebackAll() will append a colon.
PiperOrigin-RevId: 315842611
|
|
When I do high-performance networking,
the value of wmem_max is often set very high,
specially for 10/25/50 Gigabit NIC.
I think maybe this restriction is not suitable.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 315812219
|
|
gaurav1086:sentry_kernel_timekeeper_use_buffered_channel
PiperOrigin-RevId: 315803553
|
|
TCP_KEEPCNT is used to set the maximum keepalive probes to be
sent before dropping the connection.
WANT_LGTM=jchacon
PiperOrigin-RevId: 315758094
|
|
In case of SOCK_SEQPACKET, it has to be ignored.
In case of SOCK_STREAM, EISCONN or EOPNOTSUPP has to be returned.
PiperOrigin-RevId: 315755972
|
|
PiperOrigin-RevId: 315734425
|
|
Closes #1623
PiperOrigin-RevId: 315681993
|
|
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
|
|
LockFD is the generic implementation that can be embedded in
FileDescriptionImpl implementations. Unique lock ID is
maintained in vfs.FileDescription and is created on demand.
Updates #1480
PiperOrigin-RevId: 315604825
|
|
PiperOrigin-RevId: 315599736
|
|
PiperOrigin-RevId: 315595602
|
|
When the file closes, it attempts to write dirty cached
attributes to the file. This should not be done when the
mount is readonly.
PiperOrigin-RevId: 315585058
|
|
findAvailableLocked() may return a non-aligned FileRange.End after expansion
since it may round FileRange.Start down to a hugepage boundary.
PiperOrigin-RevId: 315520321
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
We need to initialize an empty fp state area for the sentry.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Run vs. exec, VFS1 vs. VFS2 were executable lookup were
slightly different from each other. Combine them all
into the same logic.
PiperOrigin-RevId: 315426443
|
|
As in VFS1, the mode, uid, and gid options are supported.
Updates #1197
PiperOrigin-RevId: 315340510
|
|
Netstack has traditionally parsed headers on-demand as a packet moves up the
stack. This is conceptually simple and convenient, but incompatible with
iptables, where headers can be inspected and mangled before even a routing
decision is made.
This changes header parsing to happen early in the incoming packet path, as soon
as the NIC gets the packet from a link endpoint. Even if an invalid packet is
found (e.g. a TCP header of insufficient length), the packet is passed up the
stack for proper stats bookkeeping.
PiperOrigin-RevId: 315179302
|
|
This is mostly syscall plumbing, VFS2 already implements the internals of
mounts. In addition to the syscall defintions, the following mount-related
mechanisms are updated:
- Implement MS_NOATIME for VFS2, but only for tmpfs and goferfs. The other VFS2
filesystems don't implement node-level timestamps yet.
- Implement the 'mode', 'uid' and 'gid' mount options for VFS2's tmpfs.
- Plumb mount namespace ownership, which is necessary for checking appropriate
capabilities during mount(2).
Updates #1035
PiperOrigin-RevId: 315035352
|
|
This analysis also catches a potential bug, which is a split on mapPhysical.
This would have led to potential guest-exit during Mapping (although this
would have been handled by the now-unecessary retryInGuest loop).
PiperOrigin-RevId: 315025106
|
|
This change has multiple small components.
First, the chunk size is bumped to 1GB in order to avoid creating excessive
VMAs in the Sentry, which can lead to VMA exhaustion (and hitting limits).
Second, gap-tracking is added to the usage set in order to efficiently scan
for available regions.
Third, reclaim is moved to a simple segment set. This is done to allow the
order of reclaim to align with the Allocate order (which becomes much more
complex when trying to track a "max page" as opposed to "min page", so we
just track explicit segments instead, which should make reclaim scanning
faster anyways).
Finally, the findAvailable function attempts to scan from the top-down, in
order to maximize opportunities for VMA merging in applications (hopefully
preventing the same VMA exhaustion that can affect the Sentry).
PiperOrigin-RevId: 315009249
|
|
The current task can share its fdtable with a few other tasks,
but after exec, this should be a completely separate process.
PiperOrigin-RevId: 314999565
|
|
For TCP sockets gVisor incorrectly returns EAGAIN when no ephemeral ports are
available to bind during a connect. Linux returns EADDRNOTAVAIL. This change
fixes gVisor to return the correct code and adds a test for the same.
This change also fixes a minor bug for ping sockets where connect() would fail
with EINVAL unless the socket was bound first.
Also added tests for testing UDP Port exhaustion and Ping socket port
exhaustion.
PiperOrigin-RevId: 314988525
|
|
IPTables.connections contains a sync.RWMutex. Copying it will trigger copylocks
analysis. Tested by manually enabling nogo tests.
sync.RWMutex is added to IPTables for the additional race condition discovered.
PiperOrigin-RevId: 314817019
|
|
In race mode, when calling the go function in asm code,
there will be an missing stack maps issue.
The root cause is:
The function of 'muldiv64' has a non-empty frame,
so it needs stack maps for locals, for which the macro NO_LOCAL_POINTERS will do.
Also, the macro GO_ARGS can covers arguments.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Historically we've been passing PacketBuffer by shallow copying through out
the stack. Right now, this is only correct as the caller would not use
PacketBuffer after passing into the next layer in netstack.
With new buffer management effort in gVisor/netstack, PacketBuffer will
own a Buffer (to be added). Internally, both PacketBuffer and Buffer may
have pointers and shallow copying shouldn't be used.
Updates #2404.
PiperOrigin-RevId: 314610879
|
|
We must hold f.mu to write f.offset.
PiperOrigin-RevId: 314582968
|
|
PiperOrigin-RevId: 314570894
|
|
Updates #179
PiperOrigin-RevId: 314563830
|
|
PiperOrigin-RevId: 314450191
|
|
PiperOrigin-RevId: 314449030
|
|
PiperOrigin-RevId: 314415253
|
|
This change adds more information about what needs to be done
to implement `/dev/fuse`
|
|
Splice, setxattr and removexattr should generate events. Note that VFS2 already
generates events for extended attributes.
Updates #1479.
PiperOrigin-RevId: 314244261
|
|
gofer.filesystem.createAndOpenChildLocked() doesn't need to take a reference on
the new dentry since vfs.FileDescription.Init() will do so.
PiperOrigin-RevId: 314242127
|
|
Using tee instead of read to detect when a O_RDONLY|O_NONBLOCK pipe FD has a
writer circumvents the problem of what to do with the byte read from the pipe,
avoiding much of the complexity of the fdpipe package.
PiperOrigin-RevId: 314216146
|
|
PiperOrigin-RevId: 314186752
|
|
PiperOrigin-RevId: 313871804
|
|
None of the dependencies have changed in 1.15. It may be possible to simplify
some of the wrappers in rawfile following 1.13, but that can come in a later
change.
PiperOrigin-RevId: 313863264
|
|
PiperOrigin-RevId: 313842690
|
|
Limited to tmpfs. Inotify support in other filesystem implementations to
follow.
Updates #1479
PiperOrigin-RevId: 313828648
|
|
PiperOrigin-RevId: 313817646
|
|
Support in other filesystem impls is still needed. Unlike in Linux and vfs1, we
need to plumb inotify down to each filesystem implementation in order to keep
track of links/inode structures properly.
IN_EXCL_UNLINK still needs to be implemented, as well as a few inotify hooks
that are not present in either vfs1 or vfs2. Those will be addressed in
subsequent changes.
Updates #1479.
PiperOrigin-RevId: 313781995
|
|
This makes it straightforward to create bind mounts internally in VFS2: Given a
bind mount root represented by vfs.VirtualDentry vd:
- Create a new mount with VFS.NewDisconnectedMount(vd.Mount().Filesystem(),
vd.Dentry()).
- Connect the resulting mount in the appropriate namespace with
VFS.ConnectMountAt().
Note that the resulting bind mount is non-recursive; recursive bind mounting
requires explicitly duplicating all children of the original mount, which is
best handled internally by VFS.
Updates #179
PiperOrigin-RevId: 313703963
|
|
|
|
PiperOrigin-RevId: 313600051
|
|
Inotify sends events when a watch target is reaches a link count of 0 (see
include/linux/fsnotify.h:fsnotify_inoderemove). Currently, we do not account
for both dir/ and dir/.. in unlink, causing
syscalls/linux/inotify.cc:WatchTargetDeletionGeneratesEvent to fail because
the expected inotify events are not generated.
Furthermore, we should DecRef() once the inode reaches zero links; otherwise,
we will leak a reference.
PiperOrigin-RevId: 313502091
|