summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-06-01Merge pull request #2689 from lubinszARM:pr_prot_nonegVisor bot
PiperOrigin-RevId: 314186752
2020-06-01Enable TCP Receive buffer moderation in gonet and benchmark.Bhasker Hariharan
Fixes #1666 PiperOrigin-RevId: 314148384
2020-05-29Refactor the ResolveExecutablePath logic.Nicolas Lacasse
PiperOrigin-RevId: 313871804
2020-05-29Update Go version build tagsMichael Pratt
None of the dependencies have changed in 1.15. It may be possible to simplify some of the wrappers in rawfile following 1.13, but that can come in a later change. PiperOrigin-RevId: 313863264
2020-05-29Merge pull request #2807 from kevinGC:iptables-sourcegVisor bot
PiperOrigin-RevId: 313842690
2020-05-29Update WritePacket* API to take ownership of packets to be written.Ting-Yu Wang
Updates #2404. PiperOrigin-RevId: 313834784
2020-05-29Move TCP to CLOSED from SYN-RCVD on RST.Mithun Iyer
RST handling is broken when the TCP state transitions from SYN-SENT to SYN-RCVD in case of simultaneous open. An incoming RST should trigger cleanup of the endpoint. RFC793, section 3.9, page 70. Fixes #2814 PiperOrigin-RevId: 313828777
2020-05-29Implement IN_EXCL_UNLINK inotify option in vfs2.Dean Deng
Limited to tmpfs. Inotify support in other filesystem implementations to follow. Updates #1479 PiperOrigin-RevId: 313828648
2020-05-29Internal change.gVisor bot
PiperOrigin-RevId: 313821986
2020-05-29Fix the smallest of typos.Dean Deng
PiperOrigin-RevId: 313817646
2020-05-29Port inotify to vfs2, with support in tmpfs.Dean Deng
Support in other filesystem impls is still needed. Unlike in Linux and vfs1, we need to plumb inotify down to each filesystem implementation in order to keep track of links/inode structures properly. IN_EXCL_UNLINK still needs to be implemented, as well as a few inotify hooks that are not present in either vfs1 or vfs2. Those will be addressed in subsequent changes. Updates #1479. PiperOrigin-RevId: 313781995
2020-05-28Split VFS.MountAt into VFS.MountDisconnected and VFS.ConnectMountAt.Jamie Liu
This makes it straightforward to create bind mounts internally in VFS2: Given a bind mount root represented by vfs.VirtualDentry vd: - Create a new mount with VFS.NewDisconnectedMount(vd.Mount().Filesystem(), vd.Dentry()). - Connect the resulting mount in the appropriate namespace with VFS.ConnectMountAt(). Note that the resulting bind mount is non-recursive; recursive bind mounting requires explicitly duplicating all children of the original mount, which is best handled internally by VFS. Updates #179 PiperOrigin-RevId: 313703963
2020-05-28Enable iptables source filtering (-s/--source)Kevin Krakauer
2020-05-28Move Cleanup to its own packageFabricio Voznika
PiperOrigin-RevId: 313663382
2020-05-28Merge pull request #2792 from avagin:g3doc/fuse/refsgVisor bot
PiperOrigin-RevId: 313600051
2020-05-27Correctly update link and ref counts in rmdir.Dean Deng
Inotify sends events when a watch target is reaches a link count of 0 (see include/linux/fsnotify.h:fsnotify_inoderemove). Currently, we do not account for both dir/ and dir/.. in unlink, causing syscalls/linux/inotify.cc:WatchTargetDeletionGeneratesEvent to fail because the expected inotify events are not generated. Furthermore, we should DecRef() once the inode reaches zero links; otherwise, we will leak a reference. PiperOrigin-RevId: 313502091
2020-05-27Remove linkEP from DeliverNetworkPacketSam Balana
The specified LinkEndpoint is not being used in a significant way. No behavior change, existing tests pass. This change is a breaking change. PiperOrigin-RevId: 313496602
2020-05-27Fix tiny typo.Kevin Krakauer
PiperOrigin-RevId: 313414690
2020-05-27g3doc/fuse: add more referencesAndrei Vagin
2020-05-26Support dfltuid and dfltgid mount options in the VFS2 gofer client.Jamie Liu
PiperOrigin-RevId: 313332542
2020-05-26Implement splice(2) and tee(2) for VFS2.Jamie Liu
Updates #138 PiperOrigin-RevId: 313326354
2020-05-26Merge pull request #2751 from mrahatm:fusegVisor bot
PiperOrigin-RevId: 313300882
2020-05-26Automated rollback of changelist 311424257gVisor bot
PiperOrigin-RevId: 313300554
2020-05-26Write initial design doc for FUSE.Rahat Mahmood
2020-05-21Fix TestTmpFileFabricio Voznika
Split check for file in /tmp from working directory test. Fix readonly case which should not fail to create working dir. PiperOrigin-RevId: 312702930
2020-05-20Implement gap tracking in the segment set.Reapor-Yurnero
This change was derived from a change by: Reapor-Yurnero <reapor.yurnero@gmail.com> And has been modified by: Adin Scannell <ascannell@google.com> (The original change author is preserved for the commit.) This change implements gap tracking in the segment set by adding additional information in each node, and using that information to speed up gap finding from a linear scan to a O(log(n)) walk of the tree. This gap tracking is optional, and will default to off except for segment instances that set gapTracking equal to 1 in their const lists. PiperOrigin-RevId: 312621607
2020-05-20Remove implicit dependencies for leaf packages.Rahat Mahmood
These packages don't actually use go_stateify or go_marshal, but end up implicitly dependent on the respective packages due to our build rules. These unnecessary dependencies make them unusuable in certain contexts due to circular dependency. PiperOrigin-RevId: 312595738
2020-05-20Test that we have PAWS mechanismZeling Feng
If there is a Timestamps option in the arriving segment and SEG.TSval < TS.Recent and if TS.Recent is valid, then treat the arriving segment as not acceptable: Send an acknowledgement in reply as specified in RFC-793 page 69 and drop the segment. https://tools.ietf.org/html/rfc1323#page-19 PiperOrigin-RevId: 312590678
2020-05-20Internal change.gVisor bot
PiperOrigin-RevId: 312559963
2020-05-20Move fsimpl/host file offset from inode to fileDescription.Dean Deng
PiperOrigin-RevId: 312559861
2020-05-20Merge pull request #2688 from lubinszARM:pr_goidgVisor bot
PiperOrigin-RevId: 312524376
2020-05-19Implement mmap for host fs in vfs2.Dean Deng
In VFS1, both fs/host and fs/gofer used the same utils for host file mappings. Refactor parts of fsimpl/gofer to create similar utils to share with fsimpl/host (memory accounting code moved to fsutil, page rounding arithmetic moved to usermem). Updates #1476. PiperOrigin-RevId: 312345090
2020-05-19Fix flaky udp tests by polling before reading.Dean Deng
On native Linux, calling recv/read right after send/write sometimes returns EWOULDBLOCK, if the data has not made it to the receiving socket (even though the endpoints are on the same host). Poll before reading to avoid this. Making this change also uncovered a hostinet bug (gvisor.dev/issue/2726), which is noted in this CL. PiperOrigin-RevId: 312320587
2020-05-19Merge pull request #2687 from lubinszARM:pr_tls_1gVisor bot
PiperOrigin-RevId: 312299234
2020-05-18Remove IfChange/ThenChange lint from VFS2Fabricio Voznika
As new functionality is added to VFS2, corresponding files in VFS1 don't need to be changed. PiperOrigin-RevId: 312153799
2020-05-15Minor formatting updates for gvisor.dev.Adin Scannell
* Aggregate architecture Overview in "What is gVisor?" as it makes more sense in one place. * Drop "user-space kernel" and use "application kernel". The term "user-space kernel" is confusing when some platform implementation do not run in user-space (instead running in guest ring zero). * Clear up the relationship between the Platform page in the user guide and the Platform page in the architecture guide, and ensure they are cross-linked. * Restore the call-to-action quick start link in the main page, and drop the GitHub link (which also appears in the top-right). * Improve image formatting by centering all doc and blog images, and move the image captions to the alt text. PiperOrigin-RevId: 311845158
2020-05-15Remove debug log left behind by mistake.Bhasker Hariharan
PiperOrigin-RevId: 311808460
2020-05-14Make utimes_test pass on VFS2.Jamie Liu
PiperOrigin-RevId: 311657502
2020-05-14Port memfd_create to vfs2 and finish implementation of file seals.Nicolas Lacasse
Closes #2612. PiperOrigin-RevId: 311548074
2020-05-13Fix TCP segment retransmit timeout handling.Mithun Iyer
As per RFC 1122 and Linux retransmit timeout handling: - The segment retransmit timeout needs to exponentially increase and cap at a predefined value. - TCP connection needs to timeout after a predefined number of segment retransmissions. - TCP connection should not timeout when the retranmission timeout exceeds MaxRTO, predefined upper bound. Fixes #2673 PiperOrigin-RevId: 311463961
2020-05-13Stub support for TCP_SYNCNT and TCP_WINDOW_CLAMP.Bhasker Hariharan
This change adds support for TCP_SYNCNT and TCP_WINDOW_CLAMP options in GetSockOpt/SetSockOpt. This change does not really change any behaviour in Netstack and only stores/returns the stored value. Actual honoring of these options will be added as required. Fixes #2626, #2625 PiperOrigin-RevId: 311453777
2020-05-13Resolve remaining TODOs for tmpfs.Nicolas Lacasse
Closes #1197 PiperOrigin-RevId: 311438223
2020-05-13Automated rollback of changelist 311285868Bhasker Hariharan
PiperOrigin-RevId: 311424257
2020-05-13Enable overlayfs_stale_read by default for runsc.Jamie Liu
Linux 4.18 and later make reads and writes coherent between pre-copy-up and post-copy-up FDs representing the same file on an overlay filesystem. However, memory mappings remain incoherent: - Documentation/filesystems/overlayfs.rst, "Non-standard behavior": "If a file residing on a lower layer is opened for read-only and then memory mapped with MAP_SHARED, then subsequent changes to the file are not reflected in the memory mapping." - fs/overlay/file.c:ovl_mmap() passes through to the underlying FD without any management of coherence in the overlay. - Experimentally on Linux 5.2: ``` $ cat mmap_cat_page.c #include <err.h> #include <fcntl.h> #include <stdio.h> #include <string.h> #include <sys/mman.h> #include <unistd.h> int main(int argc, char **argv) { if (argc < 2) { errx(1, "syntax: %s [FILE]", argv[0]); } const int fd = open(argv[1], O_RDONLY); if (fd < 0) { err(1, "open(%s)", argv[1]); } const size_t page_size = sysconf(_SC_PAGE_SIZE); void* page = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, 0); if (page == MAP_FAILED) { err(1, "mmap"); } for (;;) { write(1, page, strnlen(page, page_size)); if (getc(stdin) == EOF) { break; } } return 0; } $ gcc -O2 -o mmap_cat_page mmap_cat_page.c $ mkdir lowerdir upperdir workdir overlaydir $ echo old > lowerdir/file $ sudo mount -t overlay -o "lowerdir=lowerdir,upperdir=upperdir,workdir=workdir" none overlaydir $ ./mmap_cat_page overlaydir/file old ^Z [1]+ Stopped ./mmap_cat_page overlaydir/file $ echo new > overlaydir/file $ cat overlaydir/file new $ fg ./mmap_cat_page overlaydir/file old ``` Therefore, while the VFS1 gofer client's behavior of reopening read FDs is only necessary pre-4.18, replacing existing memory mappings (in both sentry and application address spaces) with mappings of the new FD is required regardless of kernel version, and this latter behavior is common to both VFS1 and VFS2. Re-document accordingly, and change the runsc flag to enabled by default. New test: - Before this CL: https://source.cloud.google.com/results/invocations/5b222d2c-e918-4bae-afc4-407f5bac509b - After this CL: https://source.cloud.google.com/results/invocations/f28c747e-d89c-4d8c-a461-602b33e71aab PiperOrigin-RevId: 311361267
2020-05-13PROT_NONE should be specially treated in the step of mapPhysicalBin Lu
It's a workaround to treat PROT_NONE as RDONLY temporarily. TODO(gvisor.dev/issue/2686): PROT_NONE should be specially treated. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-05-13add arm64 support to goidBin Lu
Adding a method to get g on Arm64 Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-05-13adding the methods to get/set TLS for Arm64 kvm platformBin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-05-13Replace test_runner.sh bash script with Go.Ian Gudger
PiperOrigin-RevId: 311285868
2020-05-12Merge pull request #2678 from nybidari:iptablesgVisor bot
PiperOrigin-RevId: 311203776
2020-05-12Don't allow rename across different gofer or tmpfs mounts.Nicolas Lacasse
Fixes #2651. PiperOrigin-RevId: 311193661