summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2021-03-06Merge release-20210301.0-20-gfb733cdb8 (automated)gVisor bot
2021-03-05Increment the counters when sending Echo requestsArthur Sfez
Updates #5597 PiperOrigin-RevId: 361252003
2021-03-05Merge release-20210301.0-19-g2db8f7485 (automated)gVisor bot
2021-03-05Fix network protocol/endpoint lock order violationGhanan Gowripalan
IPv4 would violate the lock ordering of protocol > endpoint when closing network endpoints by calling `ipv4.protocol.forgetEndpoint` while holding the network endpoint lock. PiperOrigin-RevId: 361232817
2021-03-05Merge release-20210301.0-18-g498709250 (automated)gVisor bot
2021-03-05Include duplicate address holder info in DADResultGhanan Gowripalan
The integrator may be interested in who owns a duplicate address so pass this information (if available) along. Fixes #5605. PiperOrigin-RevId: 361213556
2021-03-05Implement IterDirent in verity fsChong Cai
PiperOrigin-RevId: 361196154
2021-03-05Merge release-20210301.0-15-g3e8e2cad8 (automated)gVisor bot
2021-03-05Make stack.DADResult an interfaceGhanan Gowripalan
While I'm here, update NDPDispatcher.OnDuplicateAddressDetectionStatus to take a DADResult and rename it to OnDuplicateAddressDetectionResult. Fixes #5606. PiperOrigin-RevId: 360965416
2021-03-04Merge release-20210301.0-14-ga9face757 (automated)gVisor bot
2021-03-04Nit fix: Should use maxTimeout in backoffTimerTing-Yu Wang
The only user is in (*handshake).complete and it specifies MaxRTO, so there is no behavior changes. PiperOrigin-RevId: 360954447
2021-03-03Deflake //pkg/tcpip/tests/integration:forward_testTing-Yu Wang
clientEP.Connect may fail because serverEP was not listening. PiperOrigin-RevId: 360780667
2021-03-04Merge release-20210301.0-12-g1cd76d958 (automated)gVisor bot
2021-03-03Make dedicated methods for data operations in PacketBufferTing-Yu Wang
One of the preparation to decouple underlying buffer implementation. There are still some methods that tie to VectorisedView, and they will be changed gradually in later CLs. This CL also introduce a new ICMPv6ChecksumParams to replace long list of parameters when calling ICMPv6Checksum, aiming to be more descriptive. PiperOrigin-RevId: 360778149
2021-03-03Merge release-20210301.0-11-gcfd2c3196 (automated)gVisor bot
2021-03-03Remove dependency on golang.org/x/sys/unixTamir Duberstein
(*os.PathError).Timeout does the same thing. PiperOrigin-RevId: 360756784
2021-03-03Merge release-20210301.0-10-g9c80bcf32 (automated)gVisor bot
2021-03-03Merge release-20210301.0-8-g3e69f5d08 (automated)gVisor bot
2021-03-03Assert UpdatedAtNanos in neighbor cache testsSam Balana
Changes the neighbor_cache_test.go tests to always assert UpdatedAtNanos. Completes the assertion of UpdatedAtNanos in every NUD test, a field that was historically not checked due to the lack of a deterministic, controllable clock. This is no longer true with the tcpip.Clock interface. While the tests have been adjusted to use Clock, asserting by the UpdatedAtNanos was neglected. Fixes #4663 PiperOrigin-RevId: 360730077
2021-03-03Merge release-20210301.0-7-g80bc67c26 (automated)gVisor bot
2021-03-03Add checklocks analyzer.Bhasker Hariharan
This validates that struct fields if annotated with "// checklocks:mu" where "mu" is a mutex field in the same struct then access to the field is only done with "mu" locked. All types that are guarded by a mutex must be annotated with // +checklocks:<mutex field name> For more details please refer to README.md. PiperOrigin-RevId: 360729328
2021-03-03Export stats that were forgottenArthur Sfez
While I'm here, simplify the comments and unify naming of certain stats across protocols. PiperOrigin-RevId: 360728849
2021-03-03Merge release-20210301.0-5-ga9441aea2 (automated)gVisor bot
2021-03-03[op] Replace syscall package usage with golang.org/x/sys/unix in pkg/.Ayush Ranjan
The syscall package has been deprecated in favor of golang.org/x/sys. Note that syscall is still used in the following places: - pkg/sentry/socket/hostinet/stack.go: some netlink related functionalities are not yet available in golang.org/x/sys. - syscall.Stat_t is still used in some places because os.FileInfo.Sys() still returns it and not unix.Stat_t. Updates #214 PiperOrigin-RevId: 360701387
2021-03-02Merge release-20210208.0-107-g6bc27946a (automated)gVisor bot
2021-03-02Plumb link address request errors up to requesterTamir Duberstein
Prevent the situation where callers to (*stack).GetLinkAddress provide incorrect arguments and are unable to observe this condition. Updates #5583. PiperOrigin-RevId: 360481557
2021-03-01Merge release-20210208.0-106-g865ca64ee (automated)gVisor bot
2021-03-01tcp: endpoint.Write has to send all data that has been read from payloadAndrei Vagin
io.Reader.ReadFull returns the number of bytes copied and an error if fewer bytes were read. PiperOrigin-RevId: 360247614
2021-02-27Merge release-20210208.0-105-g037bb2f45 (automated)gVisor bot
2021-02-26Fix panic due to zero length writes in TCP.Bhasker Hariharan
There is a short race where in Write an endpoint can transition from writable to non-writable state due to say an incoming RST during the time we release the endpoint lock and reacquire after copying the payload. In such a case if the write happens to be a zero sized write we end up trying to call sendData() even though nothing was queued. This can panic when trying to enable/disable TCP timers if the endpoint had already transitioned to a CLOSED/ERROR state due to the incoming RST as we cleanup timers when the protocol goroutine terminates. Sadly the race window is small enough that my attempts at reproducing the panic in a syscall test has not been successful. PiperOrigin-RevId: 359887905
2021-02-26Assert UpdatedAtNanos in neighbor entry testsSam Balana
Changes the neighbor_entry_test.go tests to always assert UpdatedAtNanos. This field was historically not checked due to the lack of a deterministic, controllable clock. This is no longer true with the tcpip.Clock interface. While the tests have been adjusted to use Clock, asserting by the UpdatedAtNanos was neglected. Subsequent work is needed to assert UpdatedAtNanos in the neighbor cache tests. Updates #4663 PiperOrigin-RevId: 359868254
2021-02-26Embed sync.Mutex for entryTestLinkResolver and testNUDDispatcherSam Balana
Converts entryTestLinkResolver and testNUDDispatcher to use the embedded sync.Mutex pattern for fields that may be accessed concurrently from different gorountines. Fixes #5541 PiperOrigin-RevId: 359826169
2021-02-26Use helper functions in neighbor entry testsSam Balana
Adds helper functions for transitioning into common states. This reduces the boilerplate by a fair amount, decreasing the barriers to entry for new features added to neighborEntry. PiperOrigin-RevId: 359810465
2021-02-26Merge release-20210208.0-101-gda2505df9 (automated)gVisor bot
2021-02-26Use closure to avoid manual unlockingTamir Duberstein
Also increase refcount of raw.endpoint.route while in use. Avoid allocating an array of size zero. PiperOrigin-RevId: 359797788
2021-02-26Merge release-20210208.0-99-gf3de211bb (automated)gVisor bot
2021-02-25RACK: recovery logic should check for receive window before re-transmitting.Nayana Bidari
Use maybeSendSegment while sending segments in RACK recovery which checks if the receiver has space and splits the segments when the segment size is greater than MSS. PiperOrigin-RevId: 359641097
2021-02-25Merge release-20210208.0-97-g38c42bbf4 (automated)gVisor bot
2021-02-25Remove deadlock in raw.endpoint caused by recursive read lockingKevin Krakauer
Prevents the following deadlock: - Raw packet is sent via e.Write(), which read locks e.mu - Connect() is called, blocking on write locking e.mu - The packet is routed to loopback and back to e.HandlePacket(), which read locks e.mu Per the atomic.RWMutex documentation, this deadlocks: "If a goroutine holds a RWMutex for reading and another goroutine might call Lock, no goroutine should expect to be able to acquire a read lock until the initial read lock is released. In particular, this prohibits recursive read locking. This is to ensure that the lock eventually becomes available; a blocked Lock call excludes new readers from acquiring the lock." Also, release eps.mu earlier in deliverRawPacket. PiperOrigin-RevId: 359600926
2021-02-25Merge release-20210208.0-96-ge50ee2620 (automated)gVisor bot
2021-02-25Implement SEM_STAT_ANY cmd of semctl.Jing Chen
PiperOrigin-RevId: 359591577
2021-02-25Merge release-20210208.0-94-g0462dfe9f (automated)gVisor bot
2021-02-24Use sync.Gate in p9.connState.Jamie Liu
sync.WaitGroup.Add(positive delta) is illegal if the WaitGroup counter is zero and WaitGroup.Wait() may be called concurrently. This is problematic for p9.connState.pendingWg, which counts inflight requests (so transitions from zero are normal) and is waited-upon when receiving from the underlying Unix domain socket returns an error, e.g. during connection shutdown. (Even if the socket has been closed, new requests can still be concurrently received via flipcall channels.) PiperOrigin-RevId: 359416057
2021-02-25Merge release-20210208.0-93-g1d2975ffb (automated)gVisor bot
2021-02-24Validate MLD packetsArthur Sfez
Fixes #5490 PiperOrigin-RevId: 359401532
2021-02-24Merge release-20210208.0-92-gf5692f7dc (automated)gVisor bot
2021-02-24Kernfs should not try to rename a file to itself.Nicolas Lacasse
One precondition of VFS.PrepareRenameAt is that the `from` and `to` dentries are not the same. Kernfs was not checking this, which could lead to a deadlock. PiperOrigin-RevId: 359385974
2021-02-24Merge release-20210208.0-91-g303c913c5 (automated)gVisor bot
2021-02-24Use mapped device number + topmost inode number for all files in VFS2 overlay.Jamie Liu
Before this CL, VFS2's overlayfs uses a single private device number and an autoincrementing generated inode number for directories; this is consistent with Linux's overlayfs in the non-samefs non-xino case. However, this breaks some applications more consistently than on Linux due to more aggressive caching of Linux overlayfs dentries. Switch from using mapped device numbers + the topmost layer's inode number for just non-copied-up non-directory files, to doing so for all files. This still allows directory dev/ino numbers to change across copy-up, but otherwise keeps them consistent. Fixes #5545: ``` $ docker run --runtime=runsc-vfs2-overlay --rm ubuntu:focal bash -c "mkdir -p 1/2/3/4/5/6/7/8 && rm -rf 1 && echo done" done ``` PiperOrigin-RevId: 359350716
2021-02-24Merge release-20210208.0-90-gfcd4ff4fc (automated)gVisor bot