summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2021-04-22Merge release-20210419.0-22-g2739cf462 (automated)gVisor bot
2021-04-22Fix AF_UNIX listen() w/ zero backlog.Bhasker Hariharan
In https://github.com/google/gvisor/commit/f075522849fa a check to increase zero to a minimum backlog length was removed from sys_socket.go to bring it in parity with linux and then in tcp/endpoint.go we bump backlog by 1. But this broke calling listen on a AF_UNIX socket w/ a zero backlog as in linux it does allow 1 connection even with a zero backlog. This was caught by a php runtime test socket_abstract_path.phpt. PiperOrigin-RevId: 369974744
2021-04-22Merge release-20210419.0-21-g0a6eaed50 (automated)gVisor bot
2021-04-22Add weirdness sentry metric.Nayana Bidari
Weirdness metric contains fields to track the number of clock fallback, partial result and vsyscalls. This metric will avoid the overhead of having three different metrics (fallbackMetric, partialResultMetric, vsyscallCount). PiperOrigin-RevId: 369970218
2021-04-22Merge release-20210419.0-20-gd93907110 (automated)gVisor bot
2021-04-22Also report mount options through /proc/<pid>/mounts.Rahat Mahmood
PiperOrigin-RevId: 369967629
2021-04-22Merge release-20210419.0-18-g47bc11515 (automated)gVisor bot
2021-04-21Only carry GSO options in the packet bufferGhanan Gowripalan
With this change, GSO options no longer needs to be passed around as a function argument in the write path. This change is done in preparation for a later change that defers segmentation, and may change GSO options for a packet as it flows down the stack. Updates #170. PiperOrigin-RevId: 369774872
2021-04-21Merge release-20210419.0-17-g6f9db949d (automated)gVisor bot
2021-04-21Merge pull request #5737 from dqminh:tsc-scalinggVisor bot
PiperOrigin-RevId: 369758655
2021-04-21Merge release-20210419.0-15-ge3a5da8ce (automated)gVisor bot
2021-04-21Stub the custom "job" controller required by some workloads.Rahat Mahmood
PiperOrigin-RevId: 369724358
2021-04-21Merge release-20210419.0-12-gc2955339d (automated)gVisor bot
2021-04-21Merge pull request #5749 from zhlhahaha:2126gVisor bot
PiperOrigin-RevId: 369686298
2021-04-21Automated rollback of changelist 369325957Michael Pratt
PiperOrigin-RevId: 369686285
2021-04-21Fallback to legacy system time logic when host does not have TSC_CONTROLDaniel Dao
If the host doesn't have TSC scaling feature, then scaling down TSC to the lowest value will fail, and we will fall back to legacy logic anyway, but we leave an ugly log message in host's kernel log. kernel: user requested TSC rate below hardware speed Instead, check for KVM_CAP_TSC_CONTROL when initializing KVM, and fall back to legacy logic early if host's cpu doesn't support that. Signed-off-by: Daniel Dao <dqminh89@gmail.com>
2021-04-20Merge release-20210412.0-40-g07a78ecb2 (automated)gVisor bot
2021-04-20[perf] Remove non-empty directory dentries from gofer LRU cache.Ayush Ranjan
The gofer client's LRU cache has a default limit of 1000 dentries. Any attempt to cache more dentries than that will make the LRU cache evict and destroy the least recently used dentry. However, the eviction is expensive because it requires holding fs.renameMu for writing - which in turn creates a lot of contention. All filesystem operations that involve path traversal require fs.renameMu for reading atleast. Therefore, it is in our best interest to keep the cache small and clean. When a dentry is inserted in the dentry tree, it grabs a ref on its parent for its entire lifetime. Hence the parent is longer evictable (because refs > 0). This change additionally calls checkCachingLocked on directories that have been added to so that they can be removed from the LRU cache if needed. This change implies that the LRU cache will only contain the leaves from the filesystem tree which significantly reduces the LRU cache size and consequently reduces the number of expensive LRU cache evictions. > Why are opened dentries not removed from LRU cache? When a file description is open(2)-ed, the file description holds a ref on its dentry for its entire lifetime. However, calling checkCachingLocked() on opened dentries actually ends up hurting performance. Applications usually open file descriptors for a short duration. So upon close(2), the dentry is reinserted into the cache anyway. So the precautionary work done in removing the opened dentry from the cache went for waste as it did not really reduce an eviction. Local benchmarking has shown that this change improves performance by 3-4%. Across 6 runs, without this change it took 296.127 seconds to build runsc while with this change it took only 285.136 seconds. PiperOrigin-RevId: 369510494
2021-04-20Clean test tags.Adin Scannell
PiperOrigin-RevId: 369505182
2021-04-20Merge release-20210412.0-38-gbf1e14cf8 (automated)gVisor bot
2021-04-20Speed up O_APPEND with remote revalidatingFabricio Voznika
Remote revalidating requires to update file size on every write on a file opened with O_APPEND. If host FD exists, it can be used to update the size and skip round trip to the gofer. With this change, O_APPEND writes with remote revalidating is almost as fast as exclusive mode: BM_Append VFS1 60.7us VFS2 56.8us VFS2 exclusive 14.2us This change 15.8us Updates #1792 PiperOrigin-RevId: 369486801
2021-04-20Merge release-20210412.0-37-g3fff4c4a0 (automated)gVisor bot
2021-04-20Move SO_RCVBUF to socketops.Nayana Bidari
Fixes #2926, #674 PiperOrigin-RevId: 369457123
2021-04-20Merge release-20210412.0-36-g2c8379d95 (automated)gVisor bot
2021-04-20Expose header methods that validate checksumsArthur Sfez
This is done for IPv4, UDP and TCP headers. This also changes the packet checkers used in tests to error on zero-checksum, not sure why it was allowed before. And while I'm here, make comments' case consistent. RELNOTES: n/a Fixes #5049 PiperOrigin-RevId: 369383862
2021-04-20Merge release-20210412.0-35-g82eecd2e9 (automated)gVisor bot
2021-04-19Change verity action to be a fs memberChong Cai
Currently the verity action is a global variable, which causes the same action for all verity mounts, and is overwritten for each new verity mount. Changed it to a member of verity fs. PiperOrigin-RevId: 369348522
2021-04-19Merge release-20210412.0-34-g20b1c3c63 (automated)gVisor bot
2021-04-19Move runsc reference leak checking to better locations.Dean Deng
In the previous spot, there was a roughly 50% chance that leak checking would actually run. Move it to the waitContainer() call on the root container, where it is guaranteed to run before the sandbox process is terminated. Add it to runsc/cli/main.go as well for good measure, in case the sandbox exit path does not involve waitContainer(). PiperOrigin-RevId: 369329796
2021-04-19De-duplicate TCP state in TCPEndpointState vs tcp.endpointNick Brown
This change replaces individual private members in tcp.endpoint with a single private TCPEndpointState member. Some internal substructures within endpoint (receiver, sender) have been broken into a public substructure (which is then copied into the TCPEndpointState returned from completeState()) alongside other private fields. Fixes #4466 PiperOrigin-RevId: 369329514
2021-04-19Merge release-20210412.0-32-g276ff149a (automated)gVisor bot
2021-04-19Add MultiGetAttr message to 9PFabricio Voznika
While using remote-validation, the vast majority of time spent during FS operations is re-walking the path to check for modifications and then closing the file given that in most cases it has not been modified externally. This change introduces a new 9P message called MultiGetAttr which bulks query attributes of several files in one shot. The returned attributes are then used to update cached dentries before they are walked. File attributes are updated for files that still exist. Dentries that have been deleted are removed from the cache. And negative cache entries are removed if a new file/directory was created externally. Similarly, synthetic dentries are replaced if a file/directory is created externally. The bulk update needs to be carefull not to follow symlinks, cross mount points, because the gofer doesn't know how to resolve symlinks and where mounts points are located. It also doesn't walk to the parent ("..") to avoid deadlocks. Here are the results: Workload VFS1 VFS2 Change bazel action 115s 70s 28.8s Stat/100 11,043us 7,623us 974us Updates #1638 PiperOrigin-RevId: 369325957
2021-04-19Fix TCP RACK flaky unit tests.Nayana Bidari
- Added delay to increase the RTT: In DSACK tests with RACK enabled and low RTT, TLP can be detected before sending ACK and the tests flake. Increasing the RTT will ensure that TLP does not happen before the ACK is sent. - Fix TestRACKOnePacketTailLoss: The ACK does not contain DSACK, which means either the original or retransmission (probe) was lost and SACKRecovery count must be incremented. Before: http://sponge2/c9bd51de-f72f-481c-a7f3-e782e7524883 After: http://sponge2/1307a796-103a-4a45-b699-e8d239220ed1 PiperOrigin-RevId: 369305720
2021-04-19Merge release-20210412.0-30-gb0333d33a (automated)gVisor bot
2021-04-19Optimize safemem.ZeroAndrei Vagin
There is a loop that fills a byte array with zero-s. Let's use copy() instead of setting elements one by one. The new implementation is two time faster than the previous one and it is more than 10x faster with the race detector. Reported-by: syzbot+5f57d988a5f929af5a91@syzkaller.appspotmail.com PiperOrigin-RevId: 369283919
2021-04-17Merge release-20210408.0-48-g9b4cc3d43 (automated)gVisor bot
2021-04-17Avoid ignoring incoming packet by demuxer on endpoint lookup failureMithun Iyer
This fixes a race that occurs while the endpoint is being unregistered and the transport demuxer attempts to match the incoming packet to any endpoint. The race specifically occurs when the unregistration (and deletion of the endpoint) occurs, after a successful endpointsByNIC lookup and before the endpoints map is further looked up with ingress NICID of the packet. The fix is to notify the caller of lookup-with-NICID failure, so that the logic falls through to handling unknown destination packets. For TCP this can mean replying back with RST. The syscall test in this CL catches this race as the ACK completing the handshake could get silently dropped on a listener close, causing no RST sent to the peer and timing out the poll waiting for POLLHUP. Fixes #5850 PiperOrigin-RevId: 369023779
2021-04-17Merge release-20210408.0-47-g3b685753b (automated)gVisor bot
2021-04-16[perf] Reduce contention due to renameMu in gofer client.Ayush Ranjan
Runsc build benchmark's mutex profile shows that we are wasting roughly 25-30 seconds waiting for filesystem.renameMu to get unlocked. Earlier checkCachingLocked required the renameMu to be locked for writing. This is a filesystem wide lock which puts all other filesystem operations on hold and hence is really expensive. Something to note is that all path resolution operations hold renameMu for reading. With this change, we allow to check for caching without even holding renameMu. This change introduces more fine grained locks (fs.cacheMu and dentry.cachingMu) which protect the cache (removing the requirement to hold renameMu for writing to modify the cache) and synchronize concurrent dentry caching attempts on a per dentry basis. We still require to hold renameMu for writing while destroying dentries and evicting from the cache but this still significantly reduces the write locking critical section. Local benchmarking showed that this improved runsc build benchmark time by 4-5%. Across 6 runs, without this change it took 310.9025 seconds to build runsc while with this change it took 296.127 seconds. Runsc build benchmark's mutex profile: https://gvisor.dev/profile/gvisor-buildkite/78a3f968-36ca-4944-93f7-77a8792d56b4/28a1d260-790b-4a9e-94da-a4daede08ee3/tmp/profile/ptrace/BenchmarkBuildRunsc/page_cache.clean/filesystem.bindfs/benchmarks/runsc/mutex.pprof/flamegraph PiperOrigin-RevId: 368958136
2021-04-17Merge release-20210408.0-46-g0c3e8daf5 (automated)gVisor bot
2021-04-16Allow runsc to generate coverage reports.Dean Deng
Add a coverage-report flag that will cause the sandbox to generate a coverage report (with suffix .cov) in the debug log directory upon exiting. For the report to be generated, runsc must have been built with the following Bazel flags: `--collect_code_coverage --instrumentation_filter=...`. With coverage reports, we should be able to aggregate results across all tests to surface code coverage statistics for the project as a whole. The report is simply a text file with each line representing a covered block as `file:start_line.start_col,end_line.end_col`. Note that this is similar to the format of coverage reports generated with `go test -coverprofile`, although we omit the count and number of statements, which are not useful for us. Some simple ways of getting coverage reports: bazel test <some_test> --collect_code_coverage \ --instrumentation_filter=//pkg/... bazel build //runsc --collect_code_coverage \ --instrumentation_filter=//pkg/... runsc -coverage-report=dir/ <other_flags> do ... PiperOrigin-RevId: 368952911
2021-04-16Merge release-20210408.0-44-g32c18f443 (automated)gVisor bot
2021-04-16Enlarge port range and fix integer overflowKevin Krakauer
Also count failed TCP port allocations PiperOrigin-RevId: 368939619
2021-04-16Merge release-20210408.0-38-g14b7d775c (automated)gVisor bot
2021-04-15Add field support to the sentry metrics.Nayana Bidari
Fields allow counter metrics to have multiple tabular values. At most one field is supported at the moment. PiperOrigin-RevId: 368767040
2021-04-15Reduce tcp_x_test runtime and memory usageKevin Krakauer
Reduce the ephemeral port range, which decreases the calls to makeEP. PiperOrigin-RevId: 368748379
2021-04-16Merge release-20210408.0-35-g2e5022974 (automated)gVisor bot
2021-04-15Add S/R logic for host.ConnectedEndpointFabricio Voznika
Otherwise ConnectedEndpoint.sndbuf will be restored as 0 and writes to the socket will fail with EAGAIN. PiperOrigin-RevId: 368746660
2021-04-15Merge release-20210408.0-34-gb5919d306 (automated)gVisor bot
2021-04-15Generate notification when closing host fd.Dean Deng
Thanks ianlewis@ for discovering the bug/fix! PiperOrigin-RevId: 368740744