summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2021-01-12Drop TransportEndpointID from HandleControlPacketGhanan Gowripalan
When a control packet is delivered, it is delivered to a transport endpoint with a matching stack.TransportEndpointID so there is no need to pass the ID to the endpoint as it already knows its ID. PiperOrigin-RevId: 351497588
2021-01-12Remove unnecessary closureTamir Duberstein
PiperOrigin-RevId: 351491836
2021-01-12Remove useless cached stateTamir Duberstein
Simplify some logic while I'm here. PiperOrigin-RevId: 351491593
2021-01-12Delete shim v1Fabricio Voznika
gvisor-containerd-shim is not compatible with containerd 1.1 or earlier. Starting from containerd 1.2, shim v2 is the preferred interface. PiperOrigin-RevId: 351485556
2021-01-12[rack] Set up TLP timer and configure timeout.Ayush Ranjan
This change implements TLP details enumerated in https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.5.1. Fixes #5083 PiperOrigin-RevId: 351467357
2021-01-12Fix simple mistakes identified by goreportcard.Adin Scannell
These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971
2021-01-11Fix Go branch for arm64.Adin Scannell
This requires several changes: * Templates must preserve relevant tags. * Pagetables templates are split into two targets, each preserving tags. * The binary VDSO is similarly split into two targets, with some juggling. * The top level tools/go_branch.sh now does a crossbuild of ARM64 as well, and checks and merges the results of the two branches together. Fixes #5178 PiperOrigin-RevId: 351304330
2021-01-11Make segment range type split safe.Adin Scannell
This allows for use in restricted contexts. Updates #5039 PiperOrigin-RevId: 351265378
2021-01-11Make ilist split safe.Adin Scannell
This allows for use in restricted contexts. Updates #5039 PiperOrigin-RevId: 351220385
2021-01-08Merge pull request #4933 from lubinszARM:pr_kvm_el0_exceptionsgVisor bot
PiperOrigin-RevId: 350862699
2021-01-08Create console test library.Etienne Perot
This creates a TTY pair and runs `/bin/sh` in interactive mode within it. It provides useful helper functions to interact with the shell and read the output of commands run within it. This is meant to be used for testing upcoming changes allowing `runsc exec` to work in `-detach=false -tty=true` mode. PiperOrigin-RevId: 350841006
2021-01-07Merge pull request #5207 from avagin:arm64-crossgVisor bot
PiperOrigin-RevId: 350691246
2021-01-07netstack: Refactor tcpip.Endpoint.ReadTing-Yu Wang
Read now takes a destination io.Writer, count, options. Keeping the method name Read, in contrast to the Write method. This enables: * direct transfer of views under VV * zero copy It also eliminates the need for sentry to keep a slice of view because userspace had requested a read that is smaller than the view returned, removing the complexity there. Read/Peek/ReadPacket are now consolidated together and some duplicate code is removed. PiperOrigin-RevId: 350636322
2021-01-07Implement the semtimedop syscallAndrei Vagin
Signed-off-by: Andrei Vagin <avagin@gmail.com>
2021-01-06Do not filter frames in ethernet link endpointGhanan Gowripalan
Ethernet frames are usually filtered at the hardware-level so there is no need to filter the frames in software. For test purposes, a new link endpoint was introduced to filter frames based on their destination. PiperOrigin-RevId: 350422941
2021-01-06Support add/remove IPv6 multicast group sock optGhanan Gowripalan
IPv4 was always supported but UDP never supported joining/leaving IPv6 multicast groups via socket options. Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP Test: integration_test.TestUDPAddRemoveMembershipSocketOption PiperOrigin-RevId: 350396072
2021-01-06Merge pull request #5177 from lubinszARM:pr_kernel_globalgVisor bot
PiperOrigin-RevId: 350375461
2021-01-05Make type sanity checking happen only in race builds.Adin Scannell
This adds significant costs to startup, since it is done for every type in the system. Since the state package already saves sanity checks for race builds, use this for type registration. PiperOrigin-RevId: 350259336
2021-01-05Fix panic when parsing SO_TIMESTAMP cmsgKevin Krakauer
PiperOrigin-RevId: 350223482
2021-01-05Add benchmarks targets to BuildKite.Adin Scannell
This includes minor fix-ups: * Handle SIGTERM in runsc debug, to exit gracefully. * Fix cmd.debug.go opening all profiles as RDONLY. * Fix the test name in fio_test.go, and encode the block size in the test. PiperOrigin-RevId: 350205718
2021-01-05fs/fuse: check that a task has a specified file descriptorAndrei Vagin
Reported-by: syzbot+814105309d2ae8651084@syzkaller.appspotmail.com PiperOrigin-RevId: 350159452
2020-12-31Add missing error checks for FileDescription.Init.Dean Deng
Syzkaller discovered this bug in pipefs by doing something quite strange: creat(&(0x7f0000002a00)='./file1\x00', 0x0) mount(&(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='devtmpfs\x00', 0x20000d, 0x0) creat(&(0x7f0000000000)='./file1/file0\x00', 0x0) This can be reproduced with: touch mymount mkfifo /dev/mypipe mount -o ro -t devtmpfs devtmpfs mymount echo 123 > mymount/mypipe PiperOrigin-RevId: 349687714
2020-12-29Simplify profiling and benchmarks.Adin Scannell
- Tweak the benchmarks to work with b.N where appropriate. In many cases, b.N was simply being ignored. This creates an implicit dependency in the user passing a reasonable benchtime (less than or equal to the actual runtime of the test, or using the X syntax) otherwise the test runs forever. - In cases where the above is impossible, explicitly set benchtime from the test wrapper, to prevent the above behavior (tensorflow). - Drop the *Reverse variants, which are simply hey benchmarks. We should just add a hey benchmark. The platforms benchmarks already include a native platform, and thus these benchmarks are incredibly confusing. (In other words, BenchmarkNginxReverse has nothing to do with an nginx benchmark for runsc.) - Remove the redunant Harness object, which contains no state, in order to slightly simplify the code. - Make Block and Heap profiling actually work, but setting appropriate runtime parameters (and plumbing them through the config). - Split the profiling into two phases: start and stop, since some will need to be started early, and others will need to happen at the end. PiperOrigin-RevId: 349495377
2020-12-29Make profiling commands synchronous.Adin Scannell
This allows for a model of profiling when you can start collection, and it will terminate when the sandbox terminates. Without this synchronous call, it is effectively impossible to collect length blocking and mutex profiles. PiperOrigin-RevId: 349483418
2020-12-29arm64 kvm: revert some kpti related codes, and configure upper pagetable as ↵Robin Luk
global In order to improve the performance, some kpti related codes(TCR.A1) have been reverted, and set kernel pagetable as global. Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
2020-12-23vfs1: don't allow to open socket filesAndrei Vagin
open() has to return ENXIO in this case. O_PATH isn't supported by vfs1. PiperOrigin-RevId: 348820478
2020-12-22Move SO_BINDTODEVICE to socketops.Nayana Bidari
PiperOrigin-RevId: 348696094
2020-12-22Correctly log sniffed ARP packetsTamir Duberstein
This condition was inverted in 360006d. PiperOrigin-RevId: 348679088
2020-12-22Invoke address resolution upon subsequent traffic to Failed neighborPeter Johnston
Removes the period of time in which subseqeuent traffic to a Failed neighbor immediately fails with ErrNoLinkAddress. A Failed neighbor is one in which address resolution fails; or in other words, the neighbor's IP address cannot be translated to a MAC address. This means removing the Failed state for linkAddrCache and allowing transitiong out of Failed into Incomplete for neighborCache. Previously, both caches would transition entries to Failed after address resolution fails. In this state, any subsequent traffic requested within an unreachable time would immediately fail with ErrNoLinkAddress. This does not follow RFC 4861 section 7.3.3: If address resolution fails, the entry SHOULD be deleted, so that subsequent traffic to that neighbor invokes the next-hop determination procedure again. Invoking next-hop determination at this point ensures that alternate default routers are tried. The API for getting a link address for a given address, whether through the link address cache or the neighbor table, is updated to optionally take a callback which will be called when address resolution completes. This allows `Route` to handle completing link resolution internally, so callers of (*Route).Resolve (e.g. endpoints) don’t have to keep track of when it completes and update the Route accordingly. This change also removes the wakers from LinkAddressCache, NeighborCache, and Route in favor of the callbacks, and callers that previously used a waker can now just pass a callback to (*Route).Resolve that will notify the waker on resolution completion. Fixes #4796 Startblock: has LGTM from sbalana and then add reviewer ghanan PiperOrigin-RevId: 348597478
2020-12-21Prefer matching labels and longest matching prefixGhanan Gowripalan
...when performing source address selection for IPv6. These are defined in RFC 6724 section 5 rule 6 (prefer matching label) and rule 8 (use longest matching prefix). This change also considers ULA of global scope instead of its own scope, as per RFC 6724 section 3.1: Also, note that ULAs are considered as global, not site-local, scope but are handled via the prefix policy table as discussed in Section 10.6. Test: stack_test.TestIPv6SourceAddressSelectionScope Startblock: has LGTM from peterjohnston and then add reviewer brunodalbo PiperOrigin-RevId: 348580996
2020-12-21Don't modify a packet header when it can be used by other endpointsAndrei Vagin
Reported-by: syzbot+48c43f82fe7738fceae9@syzkaller.appspotmail.com PiperOrigin-RevId: 348540796
2020-12-21RLock Endpoint in raw.Endpoint.HandlePacketKevin Krakauer
PiperOrigin-RevId: 348530530
2020-12-17Set verityMu to be state nosaveChong Cai
PiperOrigin-RevId: 348092999
2020-12-17Fix seek on /proc/pid/cmdline when task is zombie.Nicolas Lacasse
PiperOrigin-RevId: 348056159
2020-12-17[netstack] Implement IP(V6)_RECVERR socket option.Ayush Ranjan
PiperOrigin-RevId: 348055514
2020-12-17Set process group and session on host TTYFabricio Voznika
Closes #5128 PiperOrigin-RevId: 348052446
2020-12-17[netstack] Implement MSG_ERRQUEUE flag for recvmsg(2).Ayush Ranjan
Introduces the per-socket error queue and the necessary cmsg mechanisms. PiperOrigin-RevId: 348028508
2020-12-17Remove duplicate `return`Tamir Duberstein
PiperOrigin-RevId: 347974624
2020-12-16Cleanup locking in multicast group protocol testsGhanan Gowripalan
Startblock: has LGTM from asfez and then add reviewer tamird PiperOrigin-RevId: 347928471
2020-12-16Automated rollback of changelist 346565589gVisor bot
PiperOrigin-RevId: 347911316
2020-12-16Merge pull request #4880 from lubinszARM:pr_tlbi_02gVisor bot
PiperOrigin-RevId: 347890782
2020-12-16Add support to count the number of packets SACKed.Nayana Bidari
sacked_out is required in RACK to check the number of duplicate acknowledgements during updating the reorder window. If there is no reordering and the value for sacked_out is greater than the classic threshold value 3, then reorder window is set to zero. It is calculated by counting the number of segments sacked in the ACK and is reduced when a cumulative ACK is received which covers the SACK blocks. This value is set to zero when the connection enters recovery. PiperOrigin-RevId: 347872246
2020-12-16Ensure correctness of saved receive windowMithun Iyer
When the scaled receive window size > 65535 (max uint16), we advertise the scaled value as 65535, but are not adjusting the saved receive window value when doing so. This would keep our current window calculation logic to be incorrect, as the saved receive window value is different from what was advertised. Fixes #4903 PiperOrigin-RevId: 347771340
2020-12-15Validate router alert's data lengthGhanan Gowripalan
RFC 2711 specifies that the router alert's length field is always 2 so we should make sure only 2 bytes are read from a router alert option's data field. Test: header.TestIPv6OptionsExtHdrIterErr PiperOrigin-RevId: 347727876
2020-12-15Internal change.Andrei Vagin
PiperOrigin-RevId: 347720083
2020-12-15Don't split enabled flag across multicast group stateGhanan Gowripalan
Startblock: has LGTM from asfez and then add reviewer brunodalbo PiperOrigin-RevId: 347716242
2020-12-15Implement command SEM_INFO and SEM_STAT for semctl.Jing Chen
PiperOrigin-RevId: 347711998
2020-12-15Change violation mode to an enumChong Cai
PiperOrigin-RevId: 347706953
2020-12-15[syzkaller] Avoid AIOContext from resurrecting after being marked dead.Ayush Ranjan
syzkaller reported the closing of a nil channel. This is only possible when the AIOContext was destroyed twice. Some scenarios that could lead to this: - It died and then some called aioCtx.Prepare() on it and then killed it again which could cause the double destroy. The context could have been destroyed in between the call to LookupAIOContext() and Prepare(). - aioManager was destroyed but it did not update the contexts map. So Lookup could still return a dead AIOContext and then someone could call Prepare on it and kill it again. So added a check in aioCtx.Prepare() for the context being dead. This will prevent a dead context from resurrecting. Also refactored code to destroy the aioContext consistently. Earlier we were not munmapping the aioContexts that were destroyed upon aioManager destruction. Reported-by: syzbot+ef6a588d0ce6059991d2@syzkaller.appspotmail.com PiperOrigin-RevId: 347704347
2020-12-15[netstack] Make recvmsg(2) call to host in hostinet even if dst is empty.Ayush Ranjan
We want to make the recvmsg syscall to the host regardless of if the dst is empty or not so that: - Host can populate the control messages if necessary. - Host can return sender address. - Host can return appropriate errors. Earlier because we were using the IOSequence.CopyOutFrom() API, the usermem package does not even call the Reader function if the destination is empty (as an optimization). PiperOrigin-RevId: 347684566