A socket mount where anonymous sockets will reside is added to the
VirtualFilesystem. Socketfs is built on top of kernfs.
Updates #1476, #1478, #1484, #1485.
PiperOrigin-RevId: 304095251
When copyUp fails, we attempt to clean up the upper filesystem by removing any
files that have already been copied-up. If the cleanup fails, we panic because
the "overlay filesystem is in an inconsistent state".
This CL adds the original copy-up error to the panic information, to hopefully
make it easier to track down how the overlay filesystem got into the
inconsistent state.
PiperOrigin-RevId: 304053370
In the case of other signals (preemption), inject a normal bounce and
defer the signal until the vCPU has been returned from guest mode.
PiperOrigin-RevId: 303799678
Both have analogues in Linux:
* struct file_system_type has a char *name field.
* struct super_block keeps a pointer to the file_system_type.
These fields are necessary to support the `filesystem type` field in
/proc/[pid]/mountinfo.
PiperOrigin-RevId: 303434063
Enables handling the Hop by Hop and Destination Options extension
headers, but options are not yet supported. All options will be
treated as unknown and their respective action will be followed.
Note, the stack does not yet support sending ICMPv6 error messages in
response to options that cannot be handled/parsed. That will come
in a later change (Issue #2211).
Tests:
- header_test.TestIPv6UnknownExtHdrOption
- header_test.TestIPv6OptionsExtHdrIterErr
- header_test.TestIPv6OptionsExtHdrIter
- ipv6_test.TestReceiveIPv6ExtHdrs
PiperOrigin-RevId: 303433085
BoundEndpointAt() is needed to support Unix sockets bound at a
file path, corresponding to BoundEndpoint() in VFS1.
Updates #1476.
PiperOrigin-RevId: 303258251
Using the host-defined file owner matches VFS1. It is more correct to use the
host-defined mode, since the cached value may become out of date. However,
kernfs.Inode.Mode() does not return an error--other filesystems on kernfs are
in-memory so retrieving mode should not fail. Therefore, if the host syscall
fails, we rely on a cached value instead.
Updates #1672.
PiperOrigin-RevId: 303220864
Enables the reassembly of fragmented IPv6 packets and handling of the
Routing extension header with a Segments Left value of 0. Atomic
fragments are handled as described in RFC 6946 to not interfere with
"normal" fragment traffic. No specific routing header type is supported.
Note, the stack does not yet support sending ICMPv6 error messages in
response to IPv6 packets that cannot be handled/parsed. That will come
in a later change (Issue #2211).
Test:
- header_test.TestIPv6RoutingExtHdr
- header_test.TestIPv6FragmentExtHdr
- header_test.TestIPv6ExtHdrIterErr
- header_test.TestIPv6ExtHdrIter
- ipv6_test.TestReceiveIPv6ExtHdrs
- ipv6_test.TestReceiveIPv6Fragments
RELNOTES: n/a
PiperOrigin-RevId: 303189584
This feature will match UID and GID of the packet creator, for locally
generated packets. This match is only valid in the OUTPUT and POSTROUTING
chains. Forwarded packets do not have any socket associated with them.
Packets from kernel threads do have a socket, but usually no owner.
This enables all relevant santizers (though most analyzers will not find
much, it will prevent instances from creeping in), and codifies existing
exceptions in tools/nogo.js to be fixed.
There is a canonical naming convention for Examples, which are checked
by analyzers. This must be fixed since adding exceptions for generated
code will be more challenging.
It's possible to execute the command that checks user's
$HOME dir before the user is created. Move the code that
creates the user inside exec so it can be serialized.
PiperOrigin-RevId: 302986184
Pushing it down requires all implementation to check for
exec individualy which is not maintanable. Making it part
of GenericCheckPermissions add extra cost to everyone that
calls it. So it's better to keep is in
VirtualFilesystem.OpenAt.
Updates #1193
PiperOrigin-RevId: 302982993
When copybara migrates changes, it creates a new branch and then creates a
pull-requests which is based on this branch. In this case, travis-ci
triggers build twice for the branch and for the pull-request.
PiperOrigin-RevId: 302930634
- Fix definitions of Futex* wrappers.
- Correctly handle glibc syscall() (which returns -1 and sets errno instead of
returning the raw syscall return value).
- De-parameterize FutexWaitBitset, which was apparently intended to test with
deadlines of between 0 and 100000 nanoseconds after the Unix epoch, but was
broken due to the preceding two issues.
- Use wall time to measure the durations of tests that are expected to block
(and thus stop accumulating CPU time).
- Require 5s for all tests to improve robustness in the presence of sentry GC.
- Remove FutexContend and FutexContendDeadline; it's unclear what these are
supposed to measure, given that (1) FutexLock is unrealistically inefficient
and (2) the benchmark rewards slow scheduling (since this reduces
contention).
PiperOrigin-RevId: 302925246
This allows the link layer endpoints to consistenly hash a TCP
segment to a single underlying queue in case a link layer endpoint
does support multiple underlying queues.
Updates #231
PiperOrigin-RevId: 302760664
In cl/302130790, we started using a temp directory which is provided by bazel.
By default, a test process has enough permissions to open it, but there is not
any guarantee that it still will be able to do this after changing credentials.
PiperOrigin-RevId: 302702337
This is a precursor to be being able to build an intrusive list
of PacketBuffers for use in queuing disciplines being implemented.
Updates #2214
PiperOrigin-RevId: 302677662
The posix_server works fine when run in locally or in docker but fails in the
kokoro GCP build environment. Linking libpthread statically fixes it.
PiperOrigin-RevId: 302139082
The root mount is not shared by default, but all other mounts are shared.
So if we create the /tmp mount, this means that we run tests on a shared mount
even if tests run without the --shared option.
PiperOrigin-RevId: 302130790
Dean Deng
Zach Koopmans
Nicolas Lacasse
Michael Pratt
Adin Scannell
gVisor bot
Jamie Liu
Ghanan Gowripalan
Nayana Bidari
Jay Zhuang
Kevin Krakauer
Fabricio Voznika
Andrei Vagin
Bhasker Hariharan
Ian Lewis
Eyal Soha