Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 373854462
|
|
PiperOrigin-RevId: 369993733
|
|
PiperOrigin-RevId: 366907152
|
|
Allow user mounting a verity fs on an existing mount by specifying mount
flags root_hash and lower_path.
PiperOrigin-RevId: 366843846
|
|
PiperOrigin-RevId: 366573366
|
|
A skeleton implementation of cgroupfs. It supports trivial cpu and
memory controllers with no support for hierarchies.
PiperOrigin-RevId: 366561126
|
|
With /proc/sys/net/ipv4/ip_local_port_range implemented, the socket stress
test runs in a more normal time and doesn't need to sacrifice coverage to
prevent timeouts.
PiperOrigin-RevId: 362443366
|
|
PiperOrigin-RevId: 356868412
|
|
Reported-by: syzbot+9ffc71246fe72c73fc25@syzkaller.appspotmail.com
PiperOrigin-RevId: 356536113
|
|
PiperOrigin-RevId: 354615220
|
|
On ARM64, when ptrace stops on a system call, it uses the x7 register to
indicate whether the stop has been signalled from syscall entry or syscall
exit. This means that we can't get a value of this register and we can't change
it. More details are in the comment for tracehook_report_syscall in
arch/arm64/kernel/ptrace.c.
This happens only if we stop on a system call, so let's queue a signal, resume
a stub thread and catch it on a signal handling.
Fixes: #5238
PiperOrigin-RevId: 352668695
|
|
PiperOrigin-RevId: 350438564
|
|
IPv4 was always supported but UDP never supported joining/leaving IPv6
multicast groups via socket options.
Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP
Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP
Test: integration_test.TestUDPAddRemoveMembershipSocketOption
PiperOrigin-RevId: 350396072
|
|
There are surprisingly few syscall tests that run with hostinet. For example
running the following command only returns two results:
`bazel query test/syscalls:all | grep hostnet`
I think as a result, as our control messages evolved, hostinet was left
behind. Update it to support all control messages netstack supports.
This change also updates sentry's control message parsing logic to make it up to
date with all the control messages we support.
PiperOrigin-RevId: 347508892
|
|
PiperOrigin-RevId: 345399936
|
|
In the docker container, the ipv6 loopback address is not set,
and connect("::1") has to return ENEADDRNOTAVAIL in this case.
Without this fix, it returns EHOSTUNREACH.
PiperOrigin-RevId: 340002915
|
|
Updates #267
PiperOrigin-RevId: 335713923
|
|
Fixes #1479, #317.
PiperOrigin-RevId: 334258052
|
|
This mainly involved enabling kernfs' client filesystems to provide a
StatFS implementation.
Fixes #3411, #3515.
PiperOrigin-RevId: 329009864
|
|
In Linux, a kernel configuration is set that compiles the kernel with a
custom function that is called at the beginning of every basic block, which
updates the memory-mapped coverage information. The Go coverage tool does not
allow us to inject arbitrary instructions into basic blocks, but it does
provide data that we can convert to a kcov-like format and transfer them to
userspace through a memory mapping.
Note that this is not a strict implementation of kcov, which is especially
tricky to do because we do not have the same coverage tools available in Go
that that are available for the actual Linux kernel. In Linux, a kernel
configuration is set that compiles the kernel with a custom function that is
called at the beginning of every basic block to write program counters to the
kcov memory mapping. In Go, however, coverage tools only give us a count of
basic blocks as they are executed. Every time we return to userspace, we
collect the coverage information and write out PCs for each block that was
executed, providing userspace with the illusion that the kcov data is always
up to date. For convenience, we also generate a unique synthetic PC for each
block instead of using actual PCs. Finally, we do not provide thread-specific
coverage data (each kcov instance only contains PCs executed by the thread
owning it); instead, we will supply data for any file specified by --
instrumentation_filter.
Also, fix issue in nogo that was causing pkg/coverage:coverage_nogo
compilation to fail.
PiperOrigin-RevId: 328426526
|
|
When a loopback interface is configurd with an address and associated
subnet, the loopback should treat all addresses in that subnet as an
address it owns.
This is mimicking linux behaviour as seen below:
```
$ ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group ...
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
$ ping 192.0.2.1
PING 192.0.2.1 (192.0.2.1) 56(84) bytes of data.
^C
--- 192.0.2.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1018ms
$ ping 192.0.2.2
PING 192.0.2.2 (192.0.2.2) 56(84) bytes of data.
^C
--- 192.0.2.2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2039ms
$ sudo ip addr add 192.0.2.1/24 dev lo
$ ip addr show dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group ...
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.0.2.1/24 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
$ ping 192.0.2.1
PING 192.0.2.1 (192.0.2.1) 56(84) bytes of data.
64 bytes from 192.0.2.1: icmp_seq=1 ttl=64 time=0.131 ms
64 bytes from 192.0.2.1: icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from 192.0.2.1: icmp_seq=3 ttl=64 time=0.048 ms
^C
--- 192.0.2.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2042ms
rtt min/avg/max/mdev = 0.046/0.075/0.131/0.039 ms
$ ping 192.0.2.2
PING 192.0.2.2 (192.0.2.2) 56(84) bytes of data.
64 bytes from 192.0.2.2: icmp_seq=1 ttl=64 time=0.131 ms
64 bytes from 192.0.2.2: icmp_seq=2 ttl=64 time=0.069 ms
64 bytes from 192.0.2.2: icmp_seq=3 ttl=64 time=0.049 ms
64 bytes from 192.0.2.2: icmp_seq=4 ttl=64 time=0.035 ms
^C
--- 192.0.2.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3049ms
rtt min/avg/max/mdev = 0.035/0.071/0.131/0.036 ms
```
Test: integration_test.TestLoopbackAcceptAllInSubnet
PiperOrigin-RevId: 328188546
|
|
It frequently times out under GoTSAN.
PiperOrigin-RevId: 327894343
|
|
This is done to ease troubleshooting when tests fail. runsc
logs are not stored when tests passe, so this will only
affect failing tests and should not increase log storage
too badly.
PiperOrigin-RevId: 327717551
|
|
Tests that we have the correct initial (empty) state for ip6tables.
#3549
PiperOrigin-RevId: 327477657
|
|
PiperOrigin-RevId: 326553620
|
|
Fixes #2923
PiperOrigin-RevId: 325904734
|
|
PiperOrigin-RevId: 325490674
|
|
Updates #2923
PiperOrigin-RevId: 322953552
|
|
And do some refactoring of the wait logic in sendfile/splice/tee.
Updates #1035 #2923
PiperOrigin-RevId: 322815521
|
|
This change gates all FUSE commands (by gating /dev/fuse) behind a runsc
flag. In order to use FUSE commands, use the --fuse flag with the --vfs2
flag. Check if FUSE is enabled by running dmesg in the sandbox.
|
|
This change fixes a few things:
- creating sockets using mknod(2) is supported via vfs2
- fsgofer can create regular files via mknod(2)
- mode = 0 for mknod(2) will be interpreted as regular file in vfs2 as well
Updates #2923
PiperOrigin-RevId: 320074267
|
|
We do not support RWF_SYNC/RWF_DSYNC and probably shouldn't silently accept
them, since the user may incorrectly believe that we are synchronizing I/O.
Remove the pwritev2 test verifying that we support these flags.
gvisor.dev/issue/2601 is the tracking bug for deciding which RWF_.* flags
we need and supporting them.
Updates #2923, #2601.
PiperOrigin-RevId: 319351286
|
|
We were not invalidating mappings when the file size changed in shared mode.
Enabled the syscall test for vfs2.
Updates #2923
PiperOrigin-RevId: 319346569
|
|
Currently, we always perform a full-file sync which could be extremely
expensive for some applications. Although vfs1 did not fully support
sync_file_range, there were some optimizations that allowed us skip some
unnecessary write-outs.
Updates #2923, #1897.
PiperOrigin-RevId: 319324213
|
|
PiperOrigin-RevId: 319283715
|
|
- Support FIOASYNC, FIO{SET,GET}OWN, SIOC{G,S}PGRP (refactor getting/setting
owner in the process).
- Unset signal recipient when setting owner with pid == 0 and
valid owner type.
Updates #2923.
PiperOrigin-RevId: 319231420
|
|
Updates #2923.
PiperOrigin-RevId: 318648128
|
|
IPv6 raw sockets never include the IPv6 header.
PiperOrigin-RevId: 318582989
|
|
- Support writing on proc/[pid]/{uid,gid}map
- Return EIO for writing to static files.
Updates #2923.
PiperOrigin-RevId: 318188503
|
|
Updates #2912 #1035
PiperOrigin-RevId: 318162565
|
|
Support is limited to the functionality that exists in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317981417
|
|
It preserves the same functionality (almost none) as in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317943522
|
|
Updates #2923.
PiperOrigin-RevId: 317700049
|
|
I forgot to update getdents earlier. Several thousand runs of the fsync and
proc_net_unix tests all passed as well.
Updates #2923.
PiperOrigin-RevId: 317415488
|
|
Like vfs1, we have a trivial implementation that ignores all valid advice.
Updates #2923.
PiperOrigin-RevId: 317349505
|
|
Check for unsupported flags, and silently support RWF_HIPRI by doing nothing.
From pkg/abi/linux/file.go: "gVisor does not implement the RWF_HIPRI feature,
but the flag is accepted as a valid flag argument for preadv2/pwritev2."
Updates #2923.
PiperOrigin-RevId: 317330631
|
|
Updates #2923.
PiperOrigin-RevId: 317314460
|
|
Always check if a synthetic file already exists at a location before creating a
file there, and do not try to delete synthetic gofer files from the remote fs.
This fixes runsc_ptrace socket tests that create/unlink synthetic, named socket
files.
Updates #2923.
PiperOrigin-RevId: 317293648
|
|
Updates #2923.
PiperOrigin-RevId: 317246916
|
|
Updates #2923
PiperOrigin-RevId: 317185798
|