summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2019-02-13Add support for using PACKET_RX_RING to receive packets.Bhasker Hariharan
PACKET_RX_RING allows the use of an mmapped buffer to receive packets from the kernel. This should cut down the number of host syscalls that need to be made to receive packets when the underlying fd is a socket of the AF_PACKET type. PiperOrigin-RevId: 233834998 Change-Id: I8060025c6ced206986e94cc46b8f382b81bfa47f
2019-02-13Improve safecopy sanity checks.Jamie Liu
- Fix CopyIn/CopyOut/ZeroOut range checks. - Include the faulting signal number in the panic message. PiperOrigin-RevId: 233829501 Change-Id: I8959ead12d05dbd4cd63c2b908cddeb2a27eb513
2019-02-13Internal change.Googler
PiperOrigin-RevId: 233802562 Change-Id: I40e1b13fd571daaf241b00f8df4bcedd034dc3f1
2019-02-13Expose XSAVES in /proc/cpuinfoMichael Pratt
Linux started doing this in b8be15d588060a03569ac85dc4a0247460988f5b ("x86/fpu/xstate: Re-enable XSAVES"), which first appeared in 4.8. PiperOrigin-RevId: 233800931 Change-Id: Icac2c2b03ccf1a91f3070431efb5152ca619fca3
2019-02-11Do not drop packets w/ missing TCP timestamps.Bhasker Hariharan
RFC7323 recommends that if the timestamp option was negotiated then all packets should carry a TCP Timestamp and any packets that do not should be dropped. Netstack implemented this behaviour. Linux OTOH does not and will accept such packets. This change makes Netstack behaviour compatible with Linux. Also now that we allow such packets, we do need to update RTO calculations based on these packets even if timestamp option is enabled. PiperOrigin-RevId: 233432268 Change-Id: I9f4742ae6b63930ac3b5e37d8c238761e6a4b29f
2019-02-08Add fs.AsyncWithContext and call it in fs/gofer/inodeOperations.Release.Nicolas Lacasse
fs/gofer/inodeOperations.Release does some asynchronous work. Previously it was calling fs.Async with an anonymous function, which caused the function to be allocated on the heap. Because Release is relatively hot, this results in a lot of small allocations and increased GC pressure, noticeable in perf profiles. This CL adds a new function, AsyncWithContext, which is just like Async, but passes a context to the async function. It avoids the need for an extra anonymous function in fs/gofer/inodeOperations.Release. The Async function itself still requires a single anonymous function. PiperOrigin-RevId: 233141763 Change-Id: I1dce4a883a7be9a8a5b884db01e654655f16d19c
2019-02-08Encode stat to bytes manually, instead of calling CopyObjectOut.Nicolas Lacasse
CopyObjectOut grows its destination byte slice incrementally, causing many small slice allocations on the heap. This leads to increased GC and noticeably slower stat calls. PiperOrigin-RevId: 233140904 Change-Id: Ieb90295dd8dd45b3e56506fef9d7f86c92e97d97
2019-02-08Fix build error.Ian Gudger
PiperOrigin-RevId: 233139020 Change-Id: I2e7089fa25d20e5662eb941054a684d41f5d3e12
2019-02-08Internal change.Christopher Koch
PiperOrigin-RevId: 233124342 Change-Id: Id4b4857af89815ffb9254cc30df4244b2768d9f2
2019-02-08CopyObjectOut should allocate a byte slice the size of the encoded object.Nicolas Lacasse
This adds an extra Reflection call to CopyObjectOut, but avoids many small slice allocations if the object is large, since without this we grow the backing slice incrementally as we encode more data. PiperOrigin-RevId: 233110960 Change-Id: I93569af55912391e5471277f779139c23f040147
2019-02-08Keep FilePayloads open on server side until after RPC completed.Christopher Koch
Prevents URPC FDs from being closed mid-call, especially if they are used as raw FDs. PiperOrigin-RevId: 233087955 Change-Id: I815a2ff32cc5f03774605aef0b35a32862f8e633
2019-02-07Plumb IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP to netstack.Ian Gudger
Also includes a few fixes for IPv4 multicast support. IPv6 support is coming in a followup CL. PiperOrigin-RevId: 233008638 Change-Id: If7dae6222fef43fda48033f0292af77832d95e82
2019-02-07Implement /proc/net/unix.Rahat Mahmood
PiperOrigin-RevId: 232948478 Change-Id: Ib830121e5e79afaf5d38d17aeef5a1ef97913d23
2019-02-07Make context.Background return a global background context.Nicolas Lacasse
It currently allocates a new context on the heap each time it is called. Some of these are in relatively hot paths like signal delivery and releasing gofer inodes. It is also called very commonly in afterLoad. All of these should benefit from fewer heap allocations. PiperOrigin-RevId: 232938873 Change-Id: I53cec0ca299f56dcd4866b0b4fd2ec4938526849
2019-02-07Internal change.Googler
PiperOrigin-RevId: 232937200 Change-Id: I5c3709cc8f1313313ff618a45e48c14a3a111cb4
2019-02-07Implement semctl(2) SETALL and GETALLFabricio Voznika
PiperOrigin-RevId: 232914984 Change-Id: Id2643d7ad8e986ca9be76d860788a71db2674cda
2019-02-05Change /proc/PID/cmdline to read environment vector.Zach Koopmans
- Change proc to return envp on overwrite of argv with limitations from upstream. - Add unit tests - Change layout of argv/envp on the stack so that end of argv is contiguous with beginning of envp. PiperOrigin-RevId: 232506107 Change-Id: I993880499ab2c1220f6dc456a922235c49304dec
2019-02-01CachingInodeOperations was over-dirtying cached attributesFabricio Voznika
Dirty should be set only when the attribute is changed in the cache only. Instances where the change was also sent to the backing file doesn't need to dirty the attribute. Also remove size update during WriteOut as writing dirty page would naturaly grow the file if needed. RELNOTES: relnotes is needed for the parent CL. PiperOrigin-RevId: 232068978 Change-Id: I00ba54693a2c7adc06efa9e030faf8f2e8e7f188
2019-02-01Factor the subtargets method into a helper method with tests.Nicolas Lacasse
PiperOrigin-RevId: 232047515 Change-Id: I00f036816e320356219be7b2f2e6d5fe57583a60
2019-01-31Move package sync to third_partyMichael Pratt
PiperOrigin-RevId: 231889261 Change-Id: I482f1df055bcedf4edb9fe3fe9b8e9c80085f1a0
2019-01-31Fix commentMichael Pratt
PiperOrigin-RevId: 231861005 Change-Id: I134d4e20cc898d44844219db0a8aacda87e11ef0
2019-01-31Invalidate COW mappings when file is truncatedFabricio Voznika
This changed required making fsutil.HostMappable use a backing file to ensure the correct FD would be used for read/write operations. RELNOTES: relnotes is needed for the parent CL. PiperOrigin-RevId: 231836164 Change-Id: I8ae9639715529874ea7d80a65e2c711a5b4ce254
2019-01-31Don't mask out sticky bit to/from goferFabricio Voznika
RELNOTES: sticky bit propagates to gofers now. PiperOrigin-RevId: 231822453 Change-Id: I73426170b9457350480a3b144a2baf937e7cb477
2019-01-31Remove license commentsMichael Pratt
Nothing reads them and they can simply get stale. Generated with: $ sed -i "s/licenses(\(.*\)).*/licenses(\1)/" **/BUILD PiperOrigin-RevId: 231818945 Change-Id: Ibc3f9838546b7e94f13f217060d31f4ada9d4bf0
2019-01-30Add muldiv/rd_tsc support for arm64 platform.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: If35459be78e023346a140184401172f8e023c7f9 PiperOrigin-RevId: 231638020
2019-01-29Fix IsLost check to match the description in RFC6675.Bhasker Hariharan
quoting what "rscheff@gmx.at" pointed out over email. "IsLost in RFC3517 is defined as >= (DupThresh * SMSS) while RFC6675 improves upon this, and defines IsLost as > ((DupThresh - 1) * SMSS + 1). The latter addresses situations where partial segments (size < MSS) are sent (eg. last segment of a http protocol message sent with PSH being less than MSS is common)." PiperOrigin-RevId: 231512331 Change-Id: I1addd4a92e3e7baeb0bdda46463ebfae435da958
2019-01-29Fix NIC endpoint forwarding.Ian Gudger
Also adds a test for regular NIC forwarding. PiperOrigin-RevId: 231495279 Change-Id: Ic7edec249568e9ad0280cea77eac14478c9073e1
2019-01-29Use recvmmsg() instead of readv() to read packets from NIC.Bhasker Hariharan
This should reduce the number of syscalls required to process packets significantly and improve throughputs. PiperOrigin-RevId: 231366886 Change-Id: I8b38077262bf9c53176bc4a94b530188d3d7c0ca
2019-01-28Convert TODO into FIXME.Zhaozhong Ni
PiperOrigin-RevId: 231301228 Change-Id: I3e18f3a12a35fb89a22a8c981188268d5887dc61
2019-01-28Fix data race in InodeSimpleAttributes.Unstable.Nicolas Lacasse
We were modifying InodeSimpleAttributes.Unstable.AccessTime without holding the necessary lock. Luckily for us, InodeSimpleAttributes already has a NotifyAccess method that will do the update while holding the lock. In addition, we were holding dfo.dir.mu.Lock while setting AccessTime, which is unnecessary, so that lock has been removed. PiperOrigin-RevId: 231278447 Change-Id: I81ed6d3dbc0b18e3f90c1df5e5a9c06132761769
2019-01-28Drop the one-page limit for /proc/[pid]/{cmdline,environ}.Jamie Liu
It never actually should have applied to environ (the relevant change in Linux 4.2 is c2c0bb44620d "proc: fix PAGE_SIZE limit of /proc/$PID/cmdline"), and we claim to be Linux 4.4 now anyway. PiperOrigin-RevId: 231250661 Change-Id: I37f9c4280a533d1bcb3eebb7803373ac3c7b9f15
2019-01-25Make cacheRemoteRevalidating detect changes to file sizeFabricio Voznika
When file size changes outside the sandbox, page cache was not refreshing file size which is required for cacheRemoteRevalidating. In fact, cacheRemoteRevalidating should be skipping the cache completely since it's not really benefiting from it. The cache is cache is already bypassed for unstable attributes (see cachePolicy.cacheUAttrs). And althought the cache is called to map pages, they will always miss the cache and map directly from the host. Created a HostMappable struct that maps directly to the host and use it for files with cacheRemoteRevalidating. Closes #124 PiperOrigin-RevId: 230998440 Change-Id: Ic5f632eabe33b47241e05e98c95e9b2090ae08fc
2019-01-24cleanup: extract the kernel from contextAdin Scannell
Change-Id: I94704a90beebb53164325e0cce1fcb9a0b97d65c PiperOrigin-RevId: 230817308
2019-01-18Display /proc/net entries for all network configurations.Rahat Mahmood
Most of the entries are stubbed out at the moment, but even those were only displayed if IPv6 support was enabled. The entries should be displayed with IPv4-support only, and with only loopback devices. PiperOrigin-RevId: 229946441 Change-Id: I18afaa3af386322787f91bf9d168ab66c01d5a4c
2019-01-17Allow fsync on a directory.Nicolas Lacasse
PiperOrigin-RevId: 229781337 Change-Id: I1f946cff2771714fb1abd83a83ed454e9febda0a
2019-01-15test: Tag tcp_test as flaky.Kevin Krakauer
PiperOrigin-RevId: 229427852 Change-Id: I9de8ed63f4a7672dacd3b282c863c599d00acd52
2019-01-14Remove fs.Handle, ramfs.Entry, and all the DeprecatedFileOperations.Nicolas Lacasse
More helper structs have been added to the fsutil package to make it easier to implement fs.InodeOperations and fs.FileOperations. PiperOrigin-RevId: 229305982 Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b
2019-01-14netstack: release port inline for listening sockets only.Zhaozhong Ni
PiperOrigin-RevId: 229243918 Change-Id: Ie14ef34e66ae851ed080f57b7d26a369a66f7664
2019-01-11Internal change.Googler
PiperOrigin-RevId: 228979583 Change-Id: I69bd82def48ceb19bc8558c890622b8528d98764
2019-01-10Fixing select call to not enforce RLIMIT_NOFILE.Zach Koopmans
Removing check to RLIMIT_NOFILE in select call. Adding unit test to select suite to document behavior. Moving setrlimit class from mlock to a util file for reuse. Fixing flaky test based on comments from Jamie. PiperOrigin-RevId: 228726131 Change-Id: Ie9dbe970bbf835ba2cca6e17eec7c2ee6fadf459
2019-01-09Minor memevent fixes.Jamie Liu
- Call MemoryEvents.done.Add(1) outside of MemoryEvents.run() so that if MemoryEvents.Stop() => MemoryEvents.done.Wait() is called before the goroutine starts running, it still waits for the goroutine to stop. - Use defer to call MemoryEvents.done.Done() in MemoryEvents.run() so that it's called even if the goroutine panics. PiperOrigin-RevId: 228623307 Change-Id: I1b0459e7999606c1a1a271b16092b1ca87005015
2019-01-09Fix lock order violation.Nicolas Lacasse
overlayFileOperations.Readdir was holding overlay.copyMu while calling DirentReaddir, which then attempts to take take the corresponding Dirent.mu, causing a lock order violation. (See lock order documentation in fs/copy_up.go.) We only actually need to hold copyMu during readdirEntries(), so holding the lock is moved in there, thus avoiding the lock order violation. A new lock was added to protect overlayFileOperations.dirCache. We were inadvertently relying on copyMu to protect this. There is no reason it should not have its own lock. PiperOrigin-RevId: 228542473 Change-Id: I03c3a368c8cbc0b5a79d50cc486fc94adaddc1c2
2019-01-08Allow MSG_OOB and MSG_DONTROUTE to be no-ops on recvmsg(2).Brian Geffon
PiperOrigin-RevId: 228428223 Change-Id: I433ba5ffc15ea4c2706ec944901b8269b1f364f8
2019-01-08Improve loader related error messages returned to users.Brian Geffon
PiperOrigin-RevId: 228382827 Change-Id: Ica1d30e0df826bdd77f180a5092b2b735ea5c804
2019-01-08Grant no initial capabilities to non-root UIDs.Jamie Liu
See modified comment in auth.NewUserCredentials(); compare to the behavior of setresuid(2) as implemented by //pkg/sentry/kernel/task_identity.go:kernel.Task.setKUIDsUncheckedLocked(). PiperOrigin-RevId: 228381765 Change-Id: I45238777c8f63fcf41b99fce3969caaf682fe408
2019-01-08Implement Stringer for tcpip.StatCounterBert Muthalaly
This enables formatting tcpip.Stats readably with %+v. PiperOrigin-RevId: 228379088 Change-Id: I6a9876454a22f151ee752cf94589b4188729458f
2019-01-07Add usermem support for arm64 platform.Jamie Liu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> PiperOrigin-RevId: 228249611 Change-Id: I1046e70bec4274f18b9948eefd6b0d546e4c48bb
2019-01-07Implement /proc/[pid]/smaps.Jamie Liu
PiperOrigin-RevId: 228245523 Change-Id: I5a4d0a6570b93958e51437e917e5331d83e23a7e
2019-01-03Allow creating syserr.Errors at runtime.Ian Gudger
Not allowing this was an oversight. PiperOrigin-RevId: 227757813 Change-Id: I845800ab69028b7320afca36d832c477ff17c5ce
2019-01-03Rename linux.Errno.Error to linux.Errno.String.Ian Gudger
Using linux.Errno as an error doesn't work very well as none of the sentry code expects error to contain a linux.Errno. This moves using syserr.Error.ToLinux as an error in a syscall handler from a runtime error to a compile error. PiperOrigin-RevId: 227744312 Change-Id: Iea63108a5b198296c908614e09c01733dd684da0