summaryrefslogtreecommitdiffhomepage
path: root/runsc
AgeCommit message (Collapse)Author
2021-09-16runsc: add global profile collection flagsMichael Pratt
Add global flags -profile-{block,cpu,heap,mutex} and -trace which enable collection of the specified profile for the entire duration of a container execution. This provides a way to definitively start profiling before that application starts, rather than attempting to race with an out-of-band `runsc debug`. Note that only the main boot process is profiled. This exposed a bug in Task.traceExecEvent: a crash when tracing and -race are enabled. traceExecEvent is called off of the task goroutine, but uses the Task as a context, which is a violation of the Task contract. Switching to the AsyncContext fixes the issue. Fixes #220
2021-09-13runsc/cmd: alphabetize runsc debug profiling optionsMichael Pratt
Updates #220
2021-09-09Use accessor for runsc ControlConfig proto.Rahat Mahmood
PiperOrigin-RevId: 395859347
2021-09-09Remove link/packetsocketGhanan Gowripalan
This change removes NetworkDispatcher.DeliverOutboundPacket. Since all packet writes go through the NIC (the only NetworkDispatcher), we can deliver outgoing packets to interested packet endpoints before writing the packet to the link endpoint as the stack expects that all packets that get delivered to a link endpoint are transmitted on the wire. That is, link endpoints no longer need to let the stack know when it writes a packet as the stack already knows about the packet it writes through a link endpoint. PiperOrigin-RevId: 395761629
2021-09-09Add EthernetHeader only if underlying NIC has a mac address.Bhasker Hariharan
Fixes #6532 PiperOrigin-RevId: 395741741
2021-09-01Support sending with packet socketsGhanan Gowripalan
...through the loopback interface, only. This change only supports sending on packet sockets through the loopback interface as the loopback interface is the only interface used in packet socket syscall tests - the other link endpoints are not excercised with the existing test infrastructure. Support for sending on packet sockets through the other interfaces will be added as needed. BUG: https://fxbug.dev/81592 PiperOrigin-RevId: 394368899
2021-08-20[op] Prevent file leak in MultiGetAttr's error path.Ayush Ranjan
The old implementation was mostly correct but error prone - making way for the issue in question here. In its error path, it would leak the intermediate file being walked. Each return/break needed explicit cleanup. This change implements a more clean way to cleaning up intermediate directories. If the code were to evolve to be more complex, it would still work. PiperOrigin-RevId: 392102826
2021-08-19Add loopback interface as an ethernet-based deviceGhanan Gowripalan
...to match Linux behaviour. We can see evidence of Linux representing loopback as an ethernet-based device below: ``` # EUI-48 based MAC addresses. $ ip link show lo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 # tcpdump showing ethernet frames when sniffing loopback and logging the # link-type as EN10MB (Ethernet). $ sudo tcpdump -i lo -e -c 2 -n tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes 03:09:05.002034 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: 127.0.0.1.9557 > 127.0.0.1.36828: Flags [.], ack 3562800815, win 15342, options [nop,nop,TS val 843174495 ecr 843159493], length 0 03:09:05.002094 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: 127.0.0.1.36828 > 127.0.0.1.9557: Flags [.], ack 1, win 6160, options [nop,nop,TS val 843174496 ecr 843159493], length 0 2 packets captured 116 packets received by filter 0 packets dropped by kernel ``` Wireshark shows a similar result as the tcpdump example above. Linux's loopback setup: https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/drivers/net/loopback.c#L162 PiperOrigin-RevId: 391836719
2021-08-18Add control configsChong Cai
Also plumber the controls through runsc PiperOrigin-RevId: 391594318
2021-08-13Add Event controlsChong Cai
Add Event controls and implement "stream" commands. PiperOrigin-RevId: 390691702
2021-08-12Add Usage controlsChong Cai
Add Usage controls and implement "usage/usagefd" commands. PiperOrigin-RevId: 390507423
2021-08-12Clear Merkle files before measuring verity fsChong Cai
PiperOrigin-RevId: 390467957
2021-08-06[SMT] Refactor runsc mititgateZach Koopmans
Refactor mitigate to use /sys/devices/system/cpu/smt/control instead of individual CPU control files. PiperOrigin-RevId: 389215975
2021-08-04Add Fs controlsChong Cai
Add Fs controls and implement "cat" command. PiperOrigin-RevId: 388812540
2021-08-03Add Lifecycle controlsChong Cai
Also change runsc pause/resume cmd to access Lifecycle instead of containerManager. PiperOrigin-RevId: 388534928
2021-07-26Merge pull request #6292 from btw616:local-timezonegVisor bot
PiperOrigin-RevId: 386988406
2021-07-23Add support for SIOCGIFCONF ioctl in hostinet.Lucas Manning
PiperOrigin-RevId: 386511818
2021-07-22runsc: Wait child processes without timeoutsAndrei Vagin
* First, we don't need to poll child processes. * Second, the 5 seconds timeout is too small if a host is overloaded. * Third, this can hide bugs in the code when we wait a process that isn't going to exit. PiperOrigin-RevId: 386337586
2021-07-20Don't kill container when volume is unmountedFabricio Voznika
The gofer session is killed when a gofer backed volume is unmounted. The gofer monitor catches the disconnect and kills the container. This changes the gofer monitor to only care about the rootfs connections, which cannot be unmounted. Fixes #6259 PiperOrigin-RevId: 385929039
2021-07-20Add go:build directives as required by Go 1.17's gofmt.Jamie Liu
PiperOrigin-RevId: 385894869
2021-07-13Replace whitelist with allowlistFabricio Voznika
PiperOrigin-RevId: 384586164
2021-07-13Use consistent naming for subcontainersFabricio Voznika
It was confusing to find functions relating to root and non-root containers. Replace "non-root" and "subcontainer" and make naming consistent in Sandbox and controller. PiperOrigin-RevId: 384512518
2021-07-12Fix stdios ownershipFabricio Voznika
Set stdio ownership based on the container's user to ensure the user can open/read/write to/from stdios. 1. stdios in the host are changed to have the owner be the same uid/gid of the process running the sandbox. This ensures that the sandbox has full control over it. 2. stdios owner owner inside the sandbox is changed to match the container's user to give access inside the container and make it behave the same as runc. Fixes #6180 PiperOrigin-RevId: 384347009
2021-07-12Fix GoLand analyzer errors under runsc/...Fabricio Voznika
PiperOrigin-RevId: 384344990
2021-07-09runsc: fix the local timezone support in logsTiwei Bie
This patch fixes the local timezone support in logs by creating etc/localtime in the rootfs of sandbox process and gofer process based on the current /etc/localtime on host. Before this patch, the timestamps in sandbox and gofer logs will fallback to UTC timezone after execving "/proc/self/exe" which may not be very convenient for users to analyse the logs: I0708 15:37:43.825100 1 chroot.go:69] Setting up sandbox chroot in "/tmp" I0708 15:37:43.825189 1 chroot.go:31] Mounting "proc" at "/tmp/proc" ...... I0708 15:37:43.850926 1 cmd.go:73] Execve "/proc/self/exe" again, bye! I0708 07:37:43.856719 1 main.go:218] *************************** I0708 07:37:43.856751 1 main.go:219] Args: [runsc-sandbox --root=/run/...] I0708 07:37:43.856785 1 main.go:220] Version release-20210628.0-27-g02fec8dba5a6 I0708 07:37:43.856795 1 main.go:221] GOOS: linux I0708 07:37:43.856803 1 main.go:222] GOARCH: amd64 ...... Fixes #1984 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2021-07-09runsc: check the error when preparing tree for pivot_rootTiwei Bie
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2021-07-08clarify safemount behaviorKevin Krakauer
PiperOrigin-RevId: 383750666
2021-07-08Replace kernel.ExitStatus with linux.WaitStatus.Jamie Liu
PiperOrigin-RevId: 383705129
2021-07-02runsc: validate mount targetsKevin Krakauer
PiperOrigin-RevId: 382845950
2021-07-01Mix checklocks and atomic analyzers.Adin Scannell
This change makes the checklocks analyzer considerable more powerful, adding: * The ability to traverse complex structures, e.g. to have multiple nested fields as part of the annotation. * The ability to resolve simple anonymous functions and closures, and perform lock analysis across these invocations. This does not apply to closures that are passed elsewhere, since it is not possible to know the context in which they might be invoked. * The ability to annotate return values in addition to receivers and other parameters, with the same complex structures noted above. * Ignoring locking semantics for "fresh" objects, i.e. objects that are allocated in the local frame (typically a new-style function). * Sanity checking of locking state across block transitions and returns, to ensure that no unexpected locks are held. Note that initially, most of these findings are excluded by a comprehensive nogo.yaml. The findings that are included are fundamental lock violations. The changes here should be relatively low risk, minor refactorings to either include necessary annotations to simplify the code structure (in general removing closures in favor of methods) so that the analyzer can be easily track the lock state. This change additional includes two changes to nogo itself: * Sanity checking of all types to ensure that the binary and ast-derived types have a consistent objectpath, to prevent the bug above from occurring silently (and causing much confusion). This also requires a trick in order to ensure that serialized facts are consumable downstream. This can be removed with https://go-review.googlesource.com/c/tools/+/331789 merged. * A minor refactoring to isolation the objdump settings in its own package. This was originally used to implement the sanity check above, but this information is now being passed another way. The minor refactor is preserved however, since it cleans up the code slightly and is minimal risk. PiperOrigin-RevId: 382613300
2021-07-01[syserror] Update several syserror errors to linuxerr equivalents.Zach Koopmans
Update/remove most syserror errors to linuxerr equivalents. For list of removed errors, see //pkg/syserror/syserror.go. PiperOrigin-RevId: 382574582
2021-06-29Add SIOCGIFFLAGS ioctl support to hostinet.Lucas Manning
PiperOrigin-RevId: 382194711
2021-06-28Exit early with error message on checkpoint/pause w/ hostinet.Ian Lewis
PiperOrigin-RevId: 381964660
2021-06-25Merge pull request #6222 from avagin:stopgVisor bot
PiperOrigin-RevId: 381561785
2021-06-22[syserror] Add conversions to linuxerr with temporary Equals method.Zach Koopmans
Add Equals method to compare syserror and unix.Errno errors to linuxerr errors. This will facilitate removal of syserror definitions in a followup, and finding needed conversions from unix.Errno to linuxerr. PiperOrigin-RevId: 380909667
2021-06-22runsc: don't kill sandbox, let it stop properlyAndrei Vagin
The typical sequence of calls to start a container looks like this ct, err := container.New(conf, containerArgs) defer ct.Destroy() ct.Start(conf) ws, err := ct.Wait() For the root container, ct.Destroy() kills the sandbox process. This doesn't look like a right wait to stop it. For example, all ongoing rpc calls are aborted in this case. If everything is going alright, we can just wait and it will exit itself. Reported-by: syzbot+084fca334720887441e7@syzkaller.appspotmail.com Signed-off-by: Andrei Vagin <avagin@gmail.com>
2021-06-17Move tcpip.Clock impl to TimekeeperTamir Duberstein
...and pass it explicitly. This reverts commit b63e61828d0652ad1769db342c17a3529d2d24ed. PiperOrigin-RevId: 380039167
2021-06-10Set RLimits during `runsc exec`Fabricio Voznika
PiperOrigin-RevId: 378726430
2021-06-10Parse mmap protection and flags in straceFabricio Voznika
PiperOrigin-RevId: 378712518
2021-06-10[op] Move SignalInfo to abi/linux package.Ayush Ranjan
Fixes #214 PiperOrigin-RevId: 378680466
2021-06-10remove the erroneous (5th) filter argument to sendmmsg.gVisor bot
PiperOrigin-RevId: 378677167
2021-06-09Remove --overlayfs-stale-read flagFabricio Voznika
It defaults to true and setting it to false can cause filesytem corruption. PiperOrigin-RevId: 378518663
2021-06-03Add additional mmap seccomp ruleFabricio Voznika
HostFileMapper.RegenerateMappings calls mmap with MAP_SHARED|MAP_FIXED and these were not allowed. Closes #6116 PiperOrigin-RevId: 377428463
2021-06-03Initialize metrics at initTamir Duberstein
Avoids a race condition at kernel initialization. Updates #6057. PiperOrigin-RevId: 377357723
2021-05-31Update comments on ambient caps to point to bugIan Lewis
PiperOrigin-RevId: 376747671
2021-05-26Use the stack RNG everywhereTamir Duberstein
...except in tests. Note this replaces some uses of a cryptographic RNG with a plain RNG. PiperOrigin-RevId: 376070666
2021-05-25Initialize Kernel.Timekeeper before network NSTamir Duberstein
PiperOrigin-RevId: 375843579
2021-05-25Use specific fmt verbs (avoid %v)Tamir Duberstein
Remove useless conversions. Avoid unhandled errors. PiperOrigin-RevId: 375834275
2021-05-20Suppress log message when there is no errorFabricio Voznika
PiperOrigin-RevId: 374981100
2021-05-14Resolve remaining O_PATH TODOs.Dean Deng
O_PATH is now implemented in vfs2. Fixes #2782. PiperOrigin-RevId: 373861410