Age | Commit message (Collapse) | Author |
|
Because there is no inode structure stored in the sandbox, inotify watches
must be held on the dentry. This would be an issue in the presence of hard
links, where multiple dentries would need to share the same set of watches,
but in VFS2, we do not support the internal creation of hard links on gofer
fs. As a result, we make the assumption that every dentry corresponds to a
unique inode.
Furthermore, dentries can be cached and then evicted, even if the underlying
file has not be deleted. We must prevent this from occurring if there are any
watches that would be lost. Note that if the dentry was deleted or invalidated
(d.vfsd.IsDead()), we should still destroy it along with its watches.
Additionally, when a dentry’s last watch is removed, we cache it if it also
has zero references. This way, the dentry can eventually be evicted from
memory if it is no longer needed. This is accomplished with a new dentry
method, OnZeroWatches(), which is called by Inotify.RmWatch and
Inotify.Release. Note that it must be called after all inotify locks are
released to avoid violating lock order. Stress tests are added to make sure
that inotify operations don't deadlock with gofer.OnZeroWatches.
Updates #1479.
PiperOrigin-RevId: 317958034
|
|
Per manual page:
"All applications must properly handle a return of DT_UNKNOWN."
PiperOrigin-RevId: 317957013
|
|
It preserves the same functionality (almost none) as in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317943522
|
|
PiperOrigin-RevId: 317941748
|
|
Updates #2923.
PiperOrigin-RevId: 317700049
|
|
Despite what the man page says, linux will return EINVAL when calling
getdents() an a /proc/[tid]/net file corresponding to a zombie task. This
causes readdir() to return a null pointer AND errno=EINVAL.
See fs/proc/proc_net.c:proc_tgid_net_readdir() for where this occurs.
We have tests that recursively read /proc, and are likely to hit this when
running natively, so we must catch and handle this case.
PiperOrigin-RevId: 317674168
|
|
I forgot to update getdents earlier. Several thousand runs of the fsync and
proc_net_unix tests all passed as well.
Updates #2923.
PiperOrigin-RevId: 317415488
|
|
PiperOrigin-RevId: 317377571
|
|
Like vfs1, we have a trivial implementation that ignores all valid advice.
Updates #2923.
PiperOrigin-RevId: 317349505
|
|
Check for unsupported flags, and silently support RWF_HIPRI by doing nothing.
From pkg/abi/linux/file.go: "gVisor does not implement the RWF_HIPRI feature,
but the flag is accepted as a valid flag argument for preadv2/pwritev2."
Updates #2923.
PiperOrigin-RevId: 317330631
|
|
Updates #2923.
PiperOrigin-RevId: 317314460
|
|
Always check if a synthetic file already exists at a location before creating a
file there, and do not try to delete synthetic gofer files from the remote fs.
This fixes runsc_ptrace socket tests that create/unlink synthetic, named socket
files.
Updates #2923.
PiperOrigin-RevId: 317293648
|
|
Updates #2923.
PiperOrigin-RevId: 317246916
|
|
Updates #2923
PiperOrigin-RevId: 317185798
|
|
Updates #2972
PiperOrigin-RevId: 317113059
|
|
Updates #173,#6
Fixes #2888
PiperOrigin-RevId: 317087652
|
|
This currently doesn't work with VSF2. Add test to ensure
it's not missed.
Updates #1487
PiperOrigin-RevId: 317013792
|
|
Separate mount configuration from links and move it to
RunOpts, like the other options.
PiperOrigin-RevId: 317010158
|
|
PiperOrigin-RevId: 316974863
|
|
The test was expecting that the root mount pathname was "/", but it doesn't
need to be. Only the mount point actually should be "/" (otherwise it is not
the root).
PiperOrigin-RevId: 316968025
|
|
Different flavors of linux seem to use different defaults we accept 64
or 127 as the TtlDefault in the test.
PiperOrigin-RevId: 316961150
|
|
Updates #2972
PiperOrigin-RevId: 316942245
|
|
- Change FileDescriptionImpl Lock/UnlockPOSIX signature to
take {start,length,whence}, so the correct offset can be
calculated in the implementations.
- Create PosixLocker interface to make it possible to share
the same locking code from different implementations.
Closes #1480
PiperOrigin-RevId: 316910286
|
|
Closes #2996.
PiperOrigin-RevId: 316900535
|
|
In passive open cases, we transition to Established state after
initializing endpoint's sender and receiver. With this we lose out
on any updates coming from the ACK that completes the handshake.
This change ensures that we uniformly transition to Established in all
cases and does minor cleanups.
Fixes #2938
PiperOrigin-RevId: 316567014
|
|
Updates #2972
PiperOrigin-RevId: 316534165
|
|
PiperOrigin-RevId: 316492839
|
|
Also fix test bugs uncovered now that they aren't silently skipped on
VFS2.
Updates #1487.
PiperOrigin-RevId: 316415807
|
|
I am not really sure what the point of this is, but someone filed a bug about
it, so I assume something relies on it.
PiperOrigin-RevId: 316225127
|
|
Moved the function for generating a payload of random byets of a specified
length into the testbench package so that it's availbale for all tests to use.
Added a test case to the IPv4 ID uniqueness test which uses a payload length
of 512 bytes. This test case passes for gVisor currently, whereas the test case
with a small payload of 11 bytes fails because gVisor only assigns the ID field
if the IP payload is sufficiently large.
PiperOrigin-RevId: 316185097
|
|
PiperOrigin-RevId: 316148074
|
|
PiperOrigin-RevId: 316027588
|
|
Fixes #701
PiperOrigin-RevId: 316025635
|
|
PiperOrigin-RevId: 316022884
|
|
Tests the effect of reordering on retransmission and window size.
Test covers the expected behavior of both Linux and netstack, however, netstack
does not behave as expected. Further, the current expected behavior of netstack
is not ideal and should be adjusted in the future.
PiperOrigin-RevId: 316015184
|
|
PiperOrigin-RevId: 315979564
|
|
Reorganize the Connection types such that the defined types no longer expose
the lower-level functions SendFrame and CreateFrame. These methods are still
exported on the underlying Connection type, and thus can be accessed via a
type-cast. In future, defined types should have one or more type-safe versions
of the send() method on Connection, e.g. UDPIPv4 has Send() which allows the UDP
header to be overridden and SendIP() which allows both the IPv4 and UDP headers
to be modified.
testbench.Connection gets a SendFrameStateless method which sends frames
without updating the state of any of the layers. This should be used when
sending out-of-band control messages such as ICMP messages, as using the
normal Send method can result in errors when attempting to update the TCP
state using an ICMP packet.
Also remove the localAddr field of testbench.Connection and instead compute
it on the fly as needed for UDPIPv4 and TCPIPv4.
PiperOrigin-RevId: 315969714
|
|
On UDP sockets, SO_REUSEADDR allows multiple sockets to bind to the same
address, but only delivers packets to the most recently bound socket. This
differs from the behavior of SO_REUSEADDR on TCP sockets. SO_REUSEADDR for TCP
sockets will likely need an almost completely independent implementation.
SO_REUSEADDR has some odd interactions with the similar SO_REUSEPORT. These
interactions are tested fairly extensively and all but one particularly odd
one (that honestly seems like a bug) behave the same on gVisor and Linux.
PiperOrigin-RevId: 315844832
|
|
The setsockopt with nullptr can fail with either EFAULT or zero.
PiperOrigin-RevId: 315777107
|
|
TCP_KEEPCNT is used to set the maximum keepalive probes to be
sent before dropping the connection.
WANT_LGTM=jchacon
PiperOrigin-RevId: 315758094
|
|
In case of SOCK_SEQPACKET, it has to be ignored.
In case of SOCK_STREAM, EISCONN or EOPNOTSUPP has to be returned.
PiperOrigin-RevId: 315755972
|
|
LockFD is the generic implementation that can be embedded in
FileDescriptionImpl implementations. Unique lock ID is
maintained in vfs.FileDescription and is created on demand.
Updates #1480
PiperOrigin-RevId: 315604825
|
|
After this change e.mu is only promoted to exclusively locked during
route.Resolve. It downgrades back to read-lock afterwards.
This prevents the second RLock() call gets stuck later in the stack.
https://syzkaller.appspot.com/bug?id=065b893bd8d1d04a4e0a1d53c578537cde1efe99
Syzkaller logs does not contain interesting stack traces.
The following stack trace is obtained by running repro locally.
goroutine 53 [semacquire, 3 minutes]:
runtime.gopark(0xfd4278, 0x1896320, 0xc000301912, 0x4)
GOROOT/src/runtime/proc.go:304 +0xe0 fp=0xc0000e25f8 sp=0xc0000e25d8 pc=0x437170
runtime.goparkunlock(...)
GOROOT/src/runtime/proc.go:310
runtime.semacquire1(0xc0001220b0, 0xc00000a300, 0x1, 0x0)
GOROOT/src/runtime/sema.go:144 +0x1c0 fp=0xc0000e2660 sp=0xc0000e25f8 pc=0x4484e0
sync.runtime_Semacquire(0xc0001220b0)
GOROOT/src/runtime/sema.go:56 +0x42 fp=0xc0000e2690 sp=0xc0000e2660 pc=0x448132
gvisor.dev/gvisor/pkg/sync.(*RWMutex).RLock(...)
pkg/sync/rwmutex_unsafe.go:76
gvisor.dev/gvisor/pkg/tcpip/transport/udp.(*endpoint).HandleControlPacket(0xc000122000, 0x7ee5, 0xc00053c16c, 0x4, 0x5e21, 0xc00053c224, 0x4, 0x1, 0x0, 0xc00007ed00)
pkg/tcpip/transport/udp/endpoint.go:1345 +0x169 fp=0xc0000e26d8 sp=0xc0000e2690 pc=0x9843f9
......
gvisor.dev/gvisor/pkg/tcpip/transport/udp.(*protocol).HandleUnknownDestinationPacket(0x18bb5a0, 0xc000556540, 0x5e21, 0xc00053c16c, 0x4, 0x7ee5, 0xc00053c1ec, 0x4, 0xc00007e680, 0x4)
pkg/tcpip/transport/udp/protocol.go:143 +0xb9a fp=0xc0000e8260 sp=0xc0000e7510 pc=0x9859ba
......
gvisor.dev/gvisor/pkg/tcpip/transport/udp.sendUDP(0xc0001220d0, 0xc00053ece0, 0x1, 0x1, 0x883, 0x1405e217ee5, 0x11100a0, 0xc000592000, 0xf88780)
pkg/tcpip/transport/udp/endpoint.go:924 +0x3b0 fp=0xc0000ed390 sp=0xc0000ec750 pc=0x981af0
gvisor.dev/gvisor/pkg/tcpip/transport/udp.(*endpoint).write(0xc000122000, 0x11104e0, 0xc00020a460, 0x0, 0x0, 0x0, 0x0, 0x0)
pkg/tcpip/transport/udp/endpoint.go:510 +0x4ad fp=0xc0000ed658 sp=0xc0000ed390 pc=0x97f2dd
PiperOrigin-RevId: 315590041
|
|
PiperOrigin-RevId: 315353408
|
|
PiperOrigin-RevId: 315166991
|
|
PiperOrigin-RevId: 315041419
|
|
Loopback traffic is not affected by rules in the PREROUTING chain.
This change is also necessary for istio's envoy to talk to other
components in the same pod.
|
|
This change has multiple small components.
First, the chunk size is bumped to 1GB in order to avoid creating excessive
VMAs in the Sentry, which can lead to VMA exhaustion (and hitting limits).
Second, gap-tracking is added to the usage set in order to efficiently scan
for available regions.
Third, reclaim is moved to a simple segment set. This is done to allow the
order of reclaim to align with the Allocate order (which becomes much more
complex when trying to track a "max page" as opposed to "min page", so we
just track explicit segments instead, which should make reclaim scanning
faster anyways).
Finally, the findAvailable function attempts to scan from the top-down, in
order to maximize opportunities for VMA merging in applications (hopefully
preventing the same VMA exhaustion that can affect the Sentry).
PiperOrigin-RevId: 315009249
|
|
The current task can share its fdtable with a few other tasks,
but after exec, this should be a completely separate process.
PiperOrigin-RevId: 314999565
|
|
For TCP sockets gVisor incorrectly returns EAGAIN when no ephemeral ports are
available to bind during a connect. Linux returns EADDRNOTAVAIL. This change
fixes gVisor to return the correct code and adds a test for the same.
This change also fixes a minor bug for ping sockets where connect() would fail
with EINVAL unless the socket was bound first.
Also added tests for testing UDP Port exhaustion and Ping socket port
exhaustion.
PiperOrigin-RevId: 314988525
|