Atomic operations here significantly slow down gVisor builds with
kcov/coverage enabled. Also mark these functions go:norace to avoid
complaints from the race detector.
PiperOrigin-RevId: 353281865
The GH Build action has been failing with the error message:
```
--- BUILD -c opt //runsc
tee: /proc/self/fd/2: No such device or address
```
tee /dev/fd/2 seems to be the canonical way of copying stdin to stderr.
So use that instead.
PiperOrigin-RevId: 353259087
If a network address has a static mapping to a link address, calculate
it in GetLinkAddress.
Test: stack_test.TestStaticGetLinkAddress
PiperOrigin-RevId: 353179616
We have support for the output interface name, but not for the input
interface name.
This change adds the support for the input interface name, and adds the
test cases for it.
Fixes#5300
PiperOrigin-RevId: 353179389
- Moves the id to the <tr> tag so that the page aligns properly when using an
anchor.
- Makes the syscall number a link to the anchor.
- Fixes some broken links to syscalls without man pages.
PiperOrigin-RevId: 353159903
GetLinkAddress's callback will be called immediately with a
stack.LinkResolutionResult which will hold the link address
so no need to also return the link address from the function.
Fixes#5151.
PiperOrigin-RevId: 353157857
...unless explicitly requested via ResolveWith.
Remove cancelled channels from pending packets as we can use the link
resolution channel in a FIFO to limit the number of maximum pending
resolutions we should queue packets for.
This change also defers starting the goroutine that handles link
resolution completion to when link resolution succeeds, fails or
gets cancelled due to the max number of pending resolutions being
reached.
Fixes#751.
PiperOrigin-RevId: 353130577
Previously fsgofer was skipping chown call if the uid and gid
were the same as the current user/group. However, when setgid
is set, the group may not be the same as the caller. Instead,
compare the actual uid/gid of the file after it has been
created and change ownership only if needed.
Updates #180
PiperOrigin-RevId: 353118733
The error messages are not needed or used as these are not processing errors
so much as errors to be reported back to the packet sender. Implicitly
describe whether each error should generate ICMP packets or not. Most do
but there are a couple that do not.
Slightly alter some test expectations for Linux compatibility and add a
couple more. Improve Linux compatibility on error packet returns. Some
cosmetic changes to tests to match the upcoming packet impact version
of the same tests.
PiperOrigin-RevId: 352889785
Link addresses are cached on a per NIC basis so instead of having a
single cache that includes the NIC ID for neighbor entry lookups,
use a single cache per NIC.
PiperOrigin-RevId: 352684111
On ARM64, when ptrace stops on a system call, it uses the x7 register to
indicate whether the stop has been signalled from syscall entry or syscall
exit. This means that we can't get a value of this register and we can't change
it. More details are in the comment for tracehook_report_syscall in
arch/arm64/kernel/ptrace.c.
This happens only if we stop on a system call, so let's queue a signal, resume
a stub thread and catch it on a signal handling.
Fixes: #5238
PiperOrigin-RevId: 352668695
To facilitate the debugging of multi-homed setup, track Network
protocols statistics for each endpoint. Note that the original
stack-wide stats still exist.
A new type of statistic counter is introduced, which track two
versions of a stat at the same time. This lets a network endpoint
increment both the local stat and the stack-wide stat at the same
time.
Fixes#4605
PiperOrigin-RevId: 352663276
#5274 broke `make load-basic_fsstress` target. It works locally but for some
inconceivable reason it fails to build on Kokoro.
Error message:
```
Step 1/12 : FROM alpine
---> 1fca6fe4a1ec
Step 2/12 : RUN apk add git
---> Running in 109a5326259a
standard_init_linux.go:207: exec user process caused "no such file or directory"
The command '/bin/sh -c apk add git' returned a non-zero code: 1
make: *** [load-basic_fsstress] Error 1
tools/images.mk:149: recipe for target 'load-basic_fsstress' failed
```
Copied the approach from the following issue to achieve the same goal:
https://github.com/nodejs/docker-node/issues/586#issue-273737852.
PiperOrigin-RevId: 352602945
Packets may be pending on link resolution to complete before being sent.
Link resolution is performed for neighbors which are unique to a NIC so
hold link resolution related state under the NIC, not the stack.
Note, this change may result in more queued packets but that is okay as
RFC 4861 section 7.2.2 recommends that the stack maintain a queue of
packets for each neighbor that is waiting for link resolution to
complete, not a fixed limit per stack.
PiperOrigin-RevId: 352322155
If a Route is being created through a link that requires link address
resolution and a remote address that has a known mapping to a link
address, populate the link address when the route is created.
This removes the need for neighbor/link address caches to perform this
check.
Fixes#5149
PiperOrigin-RevId: 352122401
stack.Route is used to send network packets and resolve link addresses.
A LinkEndpoint does not need to do either of these and only needs the
route's fields at the time of the packet write request.
Since LinkEndpoints only need the route's fields when writing packets,
pass a stack.RouteInfo instead.
PiperOrigin-RevId: 352108405
IPv4 previously accepts the packet, while IPv6 panics. Neither is the behavior
in Linux.
splice() in Linux has different behavior than in gVisor. This change documents
it in the SpliceTooLong test.
Reported-by: syzbot+b550e78e5c24d1d521f2@syzkaller.appspotmail.com
PiperOrigin-RevId: 352091286
We loop over the list of packets anyways so setting these aren't
expensive.
Now that they are populated only by the link endpoint that uses them,
TCP does not need to.
PiperOrigin-RevId: 352090853
io.Writer.Write requires err to be non-nil if n < len(v).
We could allow this but it will be irreversible if users depend on this
behavior.
Ported the test that discovered this.
PiperOrigin-RevId: 352065946
- Remove the pipe package's dependence on the buffer package, which becomes
unused as a result. The buffer package is currently intended to serve two use
cases, pipes and temporary buffers, and does neither optimally as a result;
this change facilitates retooling the buffer package to better serve the
latter.
- Pass callbacks taking safemem.BlockSeq to the internal pipe I/O methods,
which makes most callbacks trivial.
- Fix VFS1's splice() and tee() to immediately return if a pipe returns a
partial write.
PiperOrigin-RevId: 351911375
Dean Deng
Tamir Duberstein
Nayana Bidari
Zach Koopmans
Fabricio Voznika
Ayush Ranjan
Ghanan Gowripalan
Toshi Kikuchi
Ian Lewis
Adin Scannell
Zeling Feng
Jamie Liu
Julian Elischer
Michaël Lévesque-Dion
Andrei Vagin
Arthur Sfez
Kevin Krakauer
Ting-Yu Wang
Mithun Iyer
gVisor bot