Age | Commit message (Collapse) | Author |
|
Allow creation and management of subcontainers through cgroupfs
directory syscalls. Also add a mechanism to specify a default root
container to start new jobs in.
This implements the filesystem support for subcontainers, but doesn't
implement hierarchical resource accounting or task migration.
PiperOrigin-RevId: 390254870
|
|
Right now, it contains the code:
origState := atomic.LoadUint32(&c.state)
atomicbitops.AndUint32(&c.state, ^vCPUUser)
The problem here is that vCPU.bounce that is called from another thread can add
vCPUWaiter when origState has been read but vCPUUser isn't cleared yet. In this
case, vCPU.unlock doesn't notify other threads about changes and c.bounce will
be stuck in the futex_wait call.
PiperOrigin-RevId: 389697411
|
|
Reported-by: syzbot+63bde04529f701c76168@syzkaller.appspotmail.com
Reported-by: syzbot+69866b9a16ec29993e6a@syzkaller.appspotmail.com
PiperOrigin-RevId: 389084629
|
|
Go's dev.typeparams branch already claims to be Go 1.18, so our !go1.18 build
tags breaking testing gVisor with that branch.
Normally I would not want to bump the build tags this early, but I plan to
extend checklinkname to check the assumptions in these files and remove the
build tags ASAP. So we just go ahead and bump the tags until then to unblock
testing.
PiperOrigin-RevId: 389037239
|
|
PiperOrigin-RevId: 389035388
|
|
PiperOrigin-RevId: 388985968
|
|
AlignedAtomicUint64 is 15 bytes and it takes 16 bytes in structures. On
32-bit systems, variables and structure fields is guaranteed to be
32-bit aligned and this means that we need only 12 bytes to find 8
contiguous bytes.
|
|
In this case, the task is already a subreaper, so setting this bit is a noop.
Updates #2323
PiperOrigin-RevId: 388828034
|
|
Add Fs controls and implement "cat" command.
PiperOrigin-RevId: 388812540
|
|
Also change runsc pause/resume cmd to access Lifecycle instead of
containerManager.
PiperOrigin-RevId: 388534928
|
|
Implement Queue.Copy and add more tests for it.
Updates #135
|
|
Add support for msgsnd and msgrcv and enable syscall tests.
Updates #135
|
|
Receive implements the behaviour of msgrcv(2) without the MSG_COPY flag.
Updates #135
|
|
Send implements the functionality of msgsnd(2).
Updates #135
|
|
PiperOrigin-RevId: 388129112
|
|
This change will allow us to remove the default link in a packetimpact test so
we can reduce indeterministic behaviors as required in https://fxbug.dev/78430.
This will also help with testing #1388.
Updates #578, #1388.
PiperOrigin-RevId: 387896847
|
|
PiperOrigin-RevId: 387885663
|
|
This CL introduces a 'checklinkname' analyzer, which provides rudimentary
type-checking that verifies that function signatures on the local and remote
sides of //go:linkname directives match expected values.
If the Go standard library changes the definitions of any of these function,
checklinkname will flag the change as a finding, providing an error informing
the gVisor team to adapt to the upstream changes. This allows us to eliminate
the majority of gVisor's forward-looking negative build tags, as we can catch
mismatches in testing [1].
The remaining forward-looking negative build tags are covering shared struct
definitions, which I hope to add to checklinkname in a future CL.
[1] Of course, semantics/requirements can change without the signature
changing, so we still must be careful, but this covers the common case.
PiperOrigin-RevId: 387873847
|
|
PiperOrigin-RevId: 387513118
|
|
For comparison:
```
$ docker run --rm -it ubuntu:focal bash -c 'cat /proc/self/status'
Name: cat
Umask: 0022
State: R (running)
Tgid: 1
Ngid: 0
Pid: 1
PPid: 0
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 64
Groups:
NStgid: 1
NSpid: 1
NSpgid: 1
NSsid: 1
VmPeak: 2660 kB
VmSize: 2660 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 528 kB
VmRSS: 528 kB
...
$ docker run --runtime=runsc-vfs2 --rm -it ubuntu:focal bash -c 'cat /proc/self/status'
Name: cat
State: R (running)
Tgid: 1
Pid: 1
PPid: 0
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 4
Groups:
VmSize: 10708 kB
VmRSS: 3124 kB
VmData: 316 kB
...
```
Fixes #6374
PiperOrigin-RevId: 387465655
|
|
PiperOrigin-RevId: 387442805
|
|
PiperOrigin-RevId: 387427887
|
|
Make hasSlot scan allocated slot, rather than the whole slice.
It is supposed to store physicalStart in usedSlot.
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
|
|
PiperOrigin-RevId: 386577891
|
|
Reported-by: syzbot+beb099a67f670386a367@syzkaller.appspotmail.com
PiperOrigin-RevId: 386521361
|
|
PiperOrigin-RevId: 386511818
|
|
We opted to move forward with FUSE instead.
PiperOrigin-RevId: 386344258
|
|
CR0.NE enables internal x87 floating point error reporting when set, else
enables PC style x87 error detection.
On AMD, the #MF exception isn't generated if CR0.NE isn't set.
PiperOrigin-RevId: 386340269
|
|
PiperOrigin-RevId: 386323389
|
|
PiperOrigin-RevId: 386312456
|
|
Since cgroupfs.dir embedes cgroupfs.implStatFS, and dir.StatFS and
implStatFS.StatFS are identical, dir.StatFS is not needed.
|
|
- Creates new metric "/tcp/segments_acked_with_dsack" to count the number of
segments acked with DSACK.
- Added check to verify the metric is getting incremented when a DSACK is sent
in the unit tests.
PiperOrigin-RevId: 386135949
|
|
Reported-by: syzbot+59550b48e06cc0d3b638@syzkaller.appspotmail.com
PiperOrigin-RevId: 386075453
|
|
PiperOrigin-RevId: 385944428
|
|
PiperOrigin-RevId: 385940836
|
|
PiperOrigin-RevId: 385919423
|
|
PiperOrigin-RevId: 385894869
|
|
Fixes #6300
PiperOrigin-RevId: 385840917
|
|
fs.renameMu is released and reacquired in `dentry.destroyLocked()` allowing
a dentry to be in `fs.syncableDentries` with a negative reference count.
Fixes #5263
PiperOrigin-RevId: 385054337
|
|
TCP is fully supported. As with SO_RCVBUF, other transport protocols perform
no-ops per DefaultSocketOptionsHandler.OnSetReceiveBufferSize.
PiperOrigin-RevId: 385023239
|
|
PiperOrigin-RevId: 384776517
|
|
PiperOrigin-RevId: 384586164
|
|
Remove the hack in gVisor vfs that allows verity to bypass the O_PATH
check, since ioctl is not allowed on fds opened with O_PATH in linux.
Verity still opens the lowerFD with O_PATH to open it as a symlink, but
the API no longer expects O_PATH to open a fd to be verity enabled.
Now only O_FOLLOW should be specified when opening and enabling verity
features.
PiperOrigin-RevId: 384567833
|
|
Add support for msgget, and msgctl(IPC_RMID), and enable msgqueue
syscall tests.
Updates #135
|
|
Remove implements the behaviour or msgctl(IPC_RMID).
Updates #135
|
|
FindOrCreate implements the behaviour of msgget(2).
Updates #135
|
|
Create package msgqueue, define primitives to be used for message
queues, and add a msgqueue.Registry to IPCNamespace.
Updates #135
|
|
Updates #135
|
|
Create ipc.Registry to hold fields, and define functionality common to
all SysV registries, and have registries use it.
|