summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-02-07Merge release-20200127.0-94-g3700221 (automated)gVisor bot
2020-02-06Auto-generate link-local address as a SLAAC addressGhanan Gowripalan
Auto-generated link-local addresses should have the same lifecycle hooks as global SLAAC addresses. The Stack's NDP dispatcher should be notified when link-local addresses are auto-generated and invalidated. They should also be removed when a NIC is disabled (which will be supported in a later change). Tests: - stack_test.TestNICAutoGenAddrWithOpaque - stack_test.TestNICAutoGenAddr PiperOrigin-RevId: 293706760
2020-02-07Merge release-20200127.0-92-g940d255 (automated)gVisor bot
2020-02-06Perform DAD on IPv6 addresses when enabling a NICGhanan Gowripalan
Addresses may be added before a NIC is enabled. Make sure DAD is performed on the permanent IPv6 addresses when they get enabled. Test: - stack_test.TestDoDADWhenNICEnabled - stack.TestDisabledRxStatsWhenNICDisabled PiperOrigin-RevId: 293697429
2020-02-06Merge release-20200127.0-90-g736775e (automated)gVisor bot
2020-02-06Make gonet consistent both internally and with the net package.Ian Gudger
The types gonet.Conn and gonet.PacketConn were confusingly named as both implemented net.Conn. Further, gonet.Conn was perhaps unexpectedly TCP-specific (net.Conn is not). This change renames them to gonet.TCPConn and gonet.UDPConn. Renames gonet.NewListener to gonet.ListenTCP and adds a new gonet.NewTCPListner function to be consistent with both the gonet.DialXxx and gonet.NewXxxConn functions as well as net.ListenTCP. Updates #1632 PiperOrigin-RevId: 293671303
2020-02-06Merge release-20200127.0-88-g6bd59b4 (automated)gVisor bot
2020-02-06Update link address for targets of Neighbor AdvertsGhanan Gowripalan
Get the link address for the target of an NDP Neighbor Advertisement from the NDP Target Link Layer Address option. Tests: - ipv6.TestNeighorAdvertisementWithTargetLinkLayerOption - ipv6.TestNeighorAdvertisementWithInvalidTargetLinkLayerOption PiperOrigin-RevId: 293632609
2020-02-06Merge release-20200127.0-86-g5ff7808 (automated)gVisor bot
2020-02-06Move p9.pool to a separate packageAndrei Vagin
PiperOrigin-RevId: 293617493
2020-02-06Merge release-20200127.0-85-g1b6a12a (automated)gVisor bot
2020-02-05Add notes to relevant tests.Adin Scannell
These were out-of-band notes that can help provide additional context and simplify automated imports. PiperOrigin-RevId: 293525915
2020-02-06Merge release-20200127.0-84-gf3d9560 (automated)gVisor bot
2020-02-05recv() on a closed TCP socket returns ENOTCONNEyal Soha
From RFC 793 s3.9 p58 Event Processing: If RECEIVE Call arrives in CLOSED state and the user has access to such a connection, the return should be "error: connection does not exist" Fixes #1598 PiperOrigin-RevId: 293494287
2020-02-05Merge release-20200127.0-82-geea0eee (automated)gVisor bot
2020-02-05Disable get/set xattrs until list/remove exist too.Nicolas Lacasse
PiperOrigin-RevId: 293411655
2020-02-05Merge release-20200127.0-80-g665b614 (automated)gVisor bot
2020-02-04Support RTM_NEWADDR and RTM_GETLINK in (rt)netlink.Ting-Yu Wang
PiperOrigin-RevId: 293271055
2020-02-05Merge release-20200127.0-79-gb29aeeb (automated)gVisor bot
2020-02-04Merge pull request #1683 from kevinGC:ipt-udp-matchersgVisor bot
PiperOrigin-RevId: 293243342
2020-02-05Merge release-20200127.0-67-ga26a954 (automated)gVisor bot
2020-02-04Add socket connection stress test.Ian Gudger
Tests 65k connection attempts on common types of sockets to check for port leaks. Also fixes a bug where dual-stack sockets wouldn't properly re-queue segments received while closing. PiperOrigin-RevId: 293241166
2020-02-04Merge release-20200127.0-65-g95ce8bb (automated)gVisor bot
2020-02-04Merge release-20200127.0-63-g6823b5e (automated)gVisor bot
2020-02-04timer_create(2) should return 0 on successMichael Pratt
The timer ID is copied out to the argument. Fixes #1738 PiperOrigin-RevId: 293210801
2020-02-04Merge release-20200127.0-61-gf5072ca (automated)gVisor bot
2020-02-04Fix safecopy test.Adin Scannell
This is failing in Go1.14 due to new checkptr constraints. This version should avoid hitting this constraints by doing "dangerous" pointer math less dangerously? PiperOrigin-RevId: 293205764
2020-02-04Merge release-20200127.0-60-gdcffddf (automated)gVisor bot
2020-02-04Remove argument from vfs.MountNamespace.DecRef()Fabricio Voznika
Updates #1035 PiperOrigin-RevId: 293194631
2020-02-04Merge release-20200127.0-59-g492229d (automated)gVisor bot
2020-02-04VFS2 gofer clientJamie Liu
Updates #1198 Opening host pipes (by spinning in fdpipe) and host sockets is not yet complete, and will be done in a future CL. Major differences from VFS1 gofer client (sentry/fs/gofer), with varying levels of backportability: - "Cache policies" are replaced by InteropMode, which control the behavior of timestamps in addition to caching. Under InteropModeExclusive (analogous to cacheAll) and InteropModeWritethrough (analogous to cacheAllWritethrough), client timestamps are *not* written back to the server (it is not possible in 9P or Linux for clients to set ctime, so writing back client-authoritative timestamps results in incoherence between atime/mtime and ctime). Under InteropModeShared (analogous to cacheRemoteRevalidating), client timestamps are not used at all (remote filesystem clocks are authoritative). cacheNone is translated to InteropModeShared + new option filesystemOptions.specialRegularFiles. - Under InteropModeShared, "unstable attribute" reloading for permission checks, lookup, and revalidation are fused, which is feasible in VFS2 since gofer.filesystem controls path resolution. This results in a ~33% reduction in RPCs for filesystem operations compared to cacheRemoteRevalidating. For example, consider stat("/foo/bar/baz") where "/foo/bar/baz" fails revalidation, resulting in the instantiation of a new dentry: VFS1 RPCs: getattr("/") // fs.MountNamespace.FindLink() => fs.Inode.CheckPermission() => gofer.inodeOperations.check() => gofer.inodeOperations.UnstableAttr() walkgetattr("/", "foo") = fid1 // fs.Dirent.walk() => gofer.session.Revalidate() => gofer.cachePolicy.Revalidate() clunk(fid1) getattr("/foo") // CheckPermission walkgetattr("/foo", "bar") = fid2 // Revalidate clunk(fid2) getattr("/foo/bar") // CheckPermission walkgetattr("/foo/bar", "baz") = fid3 // Revalidate clunk(fid3) walkgetattr("/foo/bar", "baz") = fid4 // fs.Dirent.walk() => gofer.inodeOperations.Lookup getattr("/foo/bar/baz") // linux.stat() => gofer.inodeOperations.UnstableAttr() VFS2 RPCs: getattr("/") // gofer.filesystem.walkExistingLocked() walkgetattr("/", "foo") = fid1 // gofer.filesystem.stepExistingLocked() clunk(fid1) // No getattr: walkgetattr already updated metadata for permission check walkgetattr("/foo", "bar") = fid2 clunk(fid2) walkgetattr("/foo/bar", "baz") = fid3 // No clunk: fid3 used for new gofer.dentry // No getattr: walkgetattr already updated metadata for stat() - gofer.filesystem.unlinkAt() does not require instantiation of a dentry that represents the file to be deleted. Updates #898. - gofer.regularFileFD.OnClose() skips Tflushf for regular files under InteropModeExclusive, as it's nonsensical to request a remote file flush without flushing locally-buffered writes to that remote file first. - Symlink targets are cached when InteropModeShared is not in effect. - p9.QID.Path (which is already required to be unique for each file within a server, and is accordingly already synthesized from device/inode numbers in all known gofers) is used as-is for inode numbers, rather than being mapped along with attr.RDev in the client to yet another synthetic inode number. - Relevant parts of fsutil.CachingInodeOperations are inlined directly into gofer package code. This avoids having to duplicate part of its functionality in fsutil.HostMappable. PiperOrigin-RevId: 293190213
2020-02-04Merge release-20200127.0-58-gd7cd484 (automated)gVisor bot
2020-02-04Add support for sentry internal pipe for gofer mountsFabricio Voznika
Internal pipes are supported similarly to how internal UDS is done. It is also controlled by the same flag. Fixes #1102 PiperOrigin-RevId: 293150045
2020-02-04Merge release-20200127.0-57-gf37e913 (automated)gVisor bot
2020-02-03seccomp: allow to filter syscalls by instruction pointerAndrei Vagin
PiperOrigin-RevId: 293029446
2020-01-31Merge release-20200127.0-51-g02997af (automated)gVisor bot
2020-01-31Fix method comment to match method name.Ian Gudger
PiperOrigin-RevId: 292624867
2020-01-31Implement file locks for regular tmpfs files in VFSv2.Dean Deng
Add a file lock implementation that can be embedded into various filesystem implementations. Updates #1480 PiperOrigin-RevId: 292614758
2020-01-31Merge release-20200127.0-48-g77bf586 (automated)gVisor bot
2020-01-31Use multicast Ethernet address for multicast NDPGhanan Gowripalan
As per RFC 2464 section 7, an IPv6 packet with a multicast destination address is transmitted to the mapped Ethernet multicast address. Test: - ipv6.TestLinkResolution - stack_test.TestDADResolve - stack_test.TestRouterSolicitation PiperOrigin-RevId: 292610529
2020-01-31Merge release-20200127.0-47-g528dd1e (automated)gVisor bot
2020-01-31Extract multicast IP to Ethernet address mappingGhanan Gowripalan
Test: header.TestEthernetAddressFromMulticastIPAddress PiperOrigin-RevId: 292604649
2020-01-31Internal change.gVisor bot
PiperOrigin-RevId: 292587459
2020-01-30Merge release-20200127.0-38-g4ee64a2 (automated)gVisor bot
2020-01-30Fix for panic in endpoint.Close().Bhasker Hariharan
When sending a RST on shutdown we need to double check the state after acquiring the work mutex as the endpoint could have transitioned out of a connected state from the time we checked it and we acquired the workMutex. I added two tests but sadly neither reproduce the panic. I am going to leave the tests in as they are good to have anyway. PiperOrigin-RevId: 292393800
2020-01-30Merge release-20200127.0-37-g757b2b8 (automated)gVisor bot
2020-01-30Merge pull request #1288 from lubinszARM:pr_ring0_6gVisor bot
PiperOrigin-RevId: 292369598
2020-01-30Merge release-20200127.0-35-gede8dfa (automated)gVisor bot
2020-01-30Enforce splice offset limitsMichael Pratt
Splice must not allow negative offsets. Writes also must not allow offset + size to overflow int64. Reads are similarly broken, but not just in splice (b/148095030). Reported-by: syzbot+0e1ff0b95fb2859b4190@syzkaller.appspotmail.com PiperOrigin-RevId: 292361208
2020-01-30Merge release-20200127.0-34-gec06797 (automated)gVisor bot