This change moves all Docker images to a standard location, and abstracts the
build process so that they can be maintained in an automated fashion. This also
allows the images to be architecture-independent.
All images will now be referred to by the test framework via the canonical
`gvisor.dev/images/<name>`, where `<name>` is a function of the path within the
source tree.
In a subsequent change, continuous integration will be added so that the images
will always be correct and available locally.
In the end, using `bazel` for Docker containers is simply not possible. Given
that we already have the need to use `make` with the base container (for
Docker), we extend this approach to get more flexibility.
This change also adds a self-documenting and powerful Makefile that is intended
to replace the collection of scripts in scripts. Canonical (self-documenting)
targets can be added here for targets that understand which images need to be
loaded and/or built.
PiperOrigin-RevId: 308322438
A CancellableTimer's AfterFunc timer instance creates a closure over the
CancellableTimer's address. This closure makes a CancellableTimer unsafe
to copy.
No behaviour change, existing tests pass.
PiperOrigin-RevId: 308306664
- Return ENOENT for /proc/[pid]/task if task is zoombied or terminated
- Allow directory to be Seek() to the end
- Construct synthetic files for /proc/[pid]/ns/*
- Changed GenericDirectoryFD.Init to not register with FileDescription,
otherwise other implementation cannot change behavior.
Updates #1195,1193
PiperOrigin-RevId: 308294649
This is needed to set up host fds passed through a Unix socket. Note that
the host package depends on kernel, so we cannot set up the hostfs mount
directly in Kernel.Init as we do for sockfs and pipefs.
Also, adjust sockfs to make its setup look more like hostfs's and pipefs's.
PiperOrigin-RevId: 308274053
Just call syscall.Fstat directly each time mode/file owner are needed. This
feels more natural than using i.getPermissions().
PiperOrigin-RevId: 308257405
These methods let users eaily break the VectorisedView abstraction, and
allowed netstack to slip into pseudo-enforcement of the "all headers are
in the first View" invariant. Removing them and replacing with PullUp(n)
breaks this reliance and will make it easier to add iptables support and
rework network buffer management.
The new View.PullUp(n) method is low cost in the common case, when when
all the headers fit in the first View.
PiperOrigin-RevId: 308163542
Tested:
Intentionally introduce an error and then run:
blaze test --test_output=streamed //third_party/gvisor/test/packetimpact/tests:tcp_outside_the_window_linux_test
PiperOrigin-RevId: 308114194
This is the first automated GitHub actions workflow, and it simply applies
labels to pull request in a best-effort fashion.
PiperOrigin-RevId: 308112191
This change adds a layer of abstraction around the internal Docker APIs,
and eliminates all direct dependencies on Dockerfiles in the infrastructure.
A subsequent change will automated the generation of local images (with
efficient caching). Note that this change drops the use of bazel container
rules, as that experiment does not seem to be viable.
PiperOrigin-RevId: 308095430
Even though the default build option is to use 1.14, we want to be
want to keep the ability to target different Go versions for testing
and in case the new release has bugs.
PiperOrigin-RevId: 308078876
This just provides some sane reminders and ticks a box on the GitHub UI. This
change also cleans up the issue template, as there is already an automatic
link to the repository's security disclosure policy.
PiperOrigin-RevId: 307868833
Even though BoundEndpointAt is not yet implemented for gofer fs, allow path
resolution errors to be returned so that we can jump to tmpfs, where it is
implemented.
Updates #1476.
PiperOrigin-RevId: 307718335
This allows us to specify a richer configuration for the issue template, that
effectively moves a lot of the "metadata" from the template itself to the main
issue page.
PiperOrigin-RevId: 307666509
bazel run :benchmarks only works from the benchmarks directory.
bazel run //benchmarks works from anywhere in the workspace.
Also fix help commands, which should be a multiline code section.
See tools/nogo/README.md.
The checkescape tool is able to perform recursive escape analysis, using the
actual generated binary to confirm the results produced by the compiler itself.
As an initial use case, this replaces the manual escape analysis tests used for
go_marshal, and validates that the CopyIn and CopyOut paths will not require
any allocation or stack splits.
Updates #2243
PiperOrigin-RevId: 307532986
Capture a timer's locker for each instance of a CancellableTimer so that
reassigning a tcpip.CancellableTimer does not cause a data race.
Reassigning a tcpip.CancellableTimer updates its underlying locker. When
a timer fires, it does a read of the timer's locker variable to lock it.
This read of the locker was not synchronized so a race existed where one
goroutine may reassign the timer (updating the locker) and another
handles the timer firing (attempts to lock the timer's locker).
Test: tcpip_test.TestCancellableTimerReassignment
PiperOrigin-RevId: 307499822
This change renames the tools/images directory to tools/vm for clarity, and
adds a functional vm_test. Sharding is also added to the same test, and some
documentation added around key flags & variables to describe how they work.
Subsequent changes will add vm_tests for other cases, such as the runtime tests.
PiperOrigin-RevId: 307492245
Instead of plumbing error through kernfs.Inode.Mode, panic if err != nil.
The errors that can result from an fstat syscall all indicate that something
is fundamentally wrong, and panicking should be acceptable.
PiperOrigin-RevId: 307406847
Eyal Soha
Adin Scannell
Dean Deng
Andrei Vagin
Ghanan Gowripalan
Fabricio Voznika
gVisor bot
Rahat Mahmood
Nicolas Lacasse
Kevin Krakauer
Jamie Liu
Michael Pratt
Dave Bailey
Ting-Yu Wang