aboutsummaryrefslogtreecommitdiffstats
path: root/vm/gvisor
Commit message (Collapse)AuthorAgeFilesLines
* vm: add context to Pool.Create()Aleksandr Nogikh2025-10-011-1/+1
| | | | | | | | | | Enable external abortion of the instance creation process. This is especially useful for the qemu case where we retry the creation/boot up to 1000 times, which can take significant time (e.g. it timeouts syz-cluster pods on unstable kernels). The context can be further propagated to WaitForSSH, but that requires another quite significant vm/ refactoring.
* vm/gvisor: allow to set a number of cpu-sAndrei Vagin2025-05-221-3/+13
| | | | Signed-off-by: Andrei Vagin <avagin@google.com>
* vm: func Run accepts contextTaras Madan2025-05-191-4/+3
| | | | It allows to use context as a single termination signal source.
* vm: dedup VM count restriction in debug modeDmitry Vyukov2024-11-251-4/+0
| | | | | | | Move the VM count restriction logic info vm package. This avoids lots of duplication, makes it supported for VM types that failed to do this, and allows to unify more VM count logic in future.
* vmimpl: refactor VM type registrationDmitry Vyukov2024-07-231-1/+4
| | | | | | | | | Pass Type struct directly during registration. This allows to add additional optional parameters to VM types without changing all VM implementations. We we will need to add SupportsSnapshots flag and one flag to resolve #5028. With this change it will be possible to add "SupportsSnapshots: true" to just one VM type implemenetation.
* vm: make Instance implement io.CloserAleksandr Nogikh2024-07-111-1/+2
| | | | It's better to follow standard interfaces.
* vm/gvisor: make stdin address less specialDmitry Vyukov2024-06-251-1/+1
| | | | Make it also "host:port" form ("stdin:0").
* executor: add runner modeDmitry Vyukov2024-06-241-8/+0
| | | | | | | Move all syz-fuzzer logic into syz-executor and remove syz-fuzzer. Also restore syz-runtest functionality in the manager. Update #4917 (sets most signal handlers to SIG_IGN)
* sys/targets: add consts for gvisor/starnixDmitry Vyukov2024-05-271-3/+4
| | | | | Lint started warning about duplicate "gvisor" const in pkg/cover. Add gvisor/starnix consts to sys/targets package to avoid duplication.
* pkg/rpctype: prepare for not using for target communicationDmitry Vyukov2024-05-031-1/+1
| | | | | | Remove things that are only needed for target VM communication: conditional compression, timeout scaling, traffic stats. To minimize diffs when we switch target VM communication to flatrpc.
* pkg/rpctype: make RPC compression optionalDmitry Vyukov2024-04-031-1/+1
| | | | | | | | RPC compression take up to 10% of CPU time in profiles, but it's unlikely to be beneficial for local VM runs (we are mostly copying memory in this case). Enable RPC compression based on the VM type (local VM don't use it, remove machines use it).
* all: refactor pprof endpoint configurationAleksandr Nogikh2024-01-221-0/+8
| | | | | | | | | | | | | In some cases (e.g. gVisor instances using host's network namespace) attempts to bind() all syz-fuzzer processes to the same port result in conflicts and fuzzing breakages. Refactor the code to enable custom pprof configuration depending on the vm type. For now, just disable pprof endpoints for gVisor VMs. Once we actually need the feature there, we can generate custom ports for every gVisor VM.
* vm/gvisor: set the fs.nr_open limitAndrei Vagin2023-11-091-21/+24
| | | | | | | | By default, gVisor is set fs.nr_open to the maximum. In this case, large allocations can be triggered in the Sentry and it can cause OOM-s on the test node. Signed-off-by: Andrei Vagin <avagin@google.com>
* vm/gvisor: apply memory limit to gvisor instancesKonstantin Bogomolov2023-10-061-3/+19
|
* all: use special placeholder for errorsTaras Madan2023-07-241-2/+2
|
* gvisor: disable glibc rseq (#3869)Andrei Vagin2023-05-051-0/+4
|
* gvisor: set cpu cgroups for VM-sAndrei Vagin2023-05-051-2/+11
| | | | | | In this case, CPU time will be divided equally between vm-s. Signed-off-by: Andrei Vagin <avagin@google.com>
* vm/gvisor: implement vmimpl.Infoer for runsc instances (#3622)Etienne Perot2023-01-201-3/+11
| | | | This adds VM info for runsc (gVisor) instances, showing the flags passed to runsc.
* vm/gvisor: stop instances properly (#2624)Andrei Vagin2021-06-151-2/+14
| | | | | | | Let's stop instances with "runsc kill" instead of killing sandbox processes. This will guarantee that ongoing rpc calls will not fail with unexpected errors. Reported-by: syzbot+084fca334720887441e7@syzkaller.appspotmail.com
* vm: pass Report to DiagnoseDmitry Vyukov2020-11-211-1/+3
| | | | | | | | | The way to diagnose generally depends on the issue. E.g. do we need register dump to debug this issue? Do we need host dmesg dump? Some diagnosis may be directly specific to a particular problem (e.g. dumping a particular debugfs/procfs file). Pass Report to Diagnose to make this possible.
* vm/gvisor: Send debug logs to stderr so they can be read by syzkallerNicolas Lacasse2020-06-131-1/+3
| | | | | | | | The -alsologtostderr flag is a noop if -panic-log is also set. So before this change, debug logs were not included in the syzkaller output logs. By setting -debug-log=/dev/stderr, all debug logs are sent to stderr, which syzkaller scrapes and includes in the output logs.
* gvisor: code cleanupsAndrei Vagin2020-03-041-4/+4
| | | | | | | * use RunCmd instead of osutil.Run. * remove unneeded type casting from string to []byte. Signed-off-by: Andrei Vagin <avagin@google.com>
* vm/gvisor: allocate a separate stream of GO's runtime messgesAndrei Vagin2020-03-011-1/+29
| | | | | | | | | | | | | | GO's runtime calls the write system call twice to print "panic:" and "the reason of this panic", so here is a race window when other threads can print something to the log and we will see something like this: panic: log messages from another thread The reason of the panic. This confuses the syzkaller blacklist and dedup detection. Signed-off-by: Andrei Vagin <avagin@google.com>
* vm/gvisor: fix potential deadlockDmitry Vyukov2020-02-131-1/+3
| | | | Fixes #1591
* vm/gvisor: show a list of processes in case of any failuresAndrei Vagin2019-12-121-1/+1
| | | Signed-off-by: Andrei Vagin <avagin@google.com>
* vm/gvisor: run runsc with the alsologtostderr optionAndrei Vagin2019-07-231-0/+1
| | | | | | | | | | $ runsc -h ... -alsologtostderr=false: send log messages to stderr ... Now gvisor doesn't send log messages on stderr by default, and if we want to see these messages, we need to specify the alsologtostderr option.
* all: fix warnings pointed to by golangci-lintDmitry Vyukov2019-03-281-1/+1
| | | | Update #977
* vm/gvisor: use runsc debug --stacks to diagnoseMichael Pratt2018-12-211-3/+5
| | | | | This feature has been around longer than -trace-signal. It returns the stacks directly, which we then append to the kernel log.
* vm: allow Diagnose to directly return diagnosisMichael Pratt2018-12-211-2/+2
| | | | | | Rather than writing the diagnosis to the kernel console, Diagnose can now directly return the extra debugging info, which will be appended ot the kernel console log.
* vm/gvisor: don't close conn on errorMichael Pratt2018-12-131-1/+0
| | | If net.Dial returns an error, conn is nil and closing it will panic.
* Merge pull request #872 from prattmic/patch-2Michael Pratt2018-12-131-1/+1
| | | vm/gvisor: support forwarding on IPv6
* vm/gvisor: replace signal panic with logMichael Pratt2018-12-121-1/+1
| | | | | | | | | | | | | | | | | | | | | Diagnose currently sends the panic signal to generate a traceback for additional context. However, Diagnose is also called in otherwise successful scenarios (vm.Instance.MonitorExecution -> vm.monitor.extractError). Triggering a panic will make this successful scenario look like a failure. We could simply suppress this panic, but 1) that means we never shutdown cleanly (not important, but ugly), and 2) we're less likely to detect delayed crashes since we kill the sandbox immediately (that's what MonitorExecution is checking for). Instead, switch from -panic-signal to -trace-signal, which simply logs a traceback without exiting. This option was added to runsc in https://github.com/google/gvisor/commit/24c1158b9c21f7f8b7126e810d623a518422052e. The other uses of Diagnose will always generate a report regardless of an additional panic, so we're not losing any reports.
* vm/qemu: improve debug outputMichael Tüxen2018-11-301-1/+3
| | | | | | | | | | | | | | | | | | | | | | * vm/qemu: Improve debug output. When running in debug mode, the number of VMs is reduced to 1. State this in the debug output. * vm/qemu: Don't start debug output with a capital letter. As requested by Dimitry. * vm: Provide debug message when reduing number of VMs. Apply this change to all affected platforms for consistency. Suggested by Dmitry. * Add myself to AUTHORS/CONTRIBUTORS files. * vm: Fix compilation issues missed in earlier commit. * vm: Use logging to write debug message.
* Pass -debug flag to runsc.Nicolas Lacasse2018-10-171-0/+1
| | | | | | | | | | | | As of commit 3f053259, gVisor sentry panics are no longer sent to the stderr for "runsc run" by default, as that stderr belongs exclusively to the application. As a result, syzbot never sees the gVisor panic stack trace, and is only reporting errors that occur when waiting for a dead sandbox. Passing the "-debug" flag to runsc will make the sentry panics visible to syzbot again.
* vm/vmm: increase maximum number of VMsDmitry Vyukov2018-09-201-2/+2
| | | | | 8 is way too low. A modern beefy machine can host a hundred of VMs freely. Make the limit consistent for all of qemu/kvm/gvisor/vmm and set it to 128.
* syz-ci: de-hardcode list of VMs that support overcommitDmitry Vyukov2018-09-111-1/+1
| | | | | | | | We currently have this list in multiple places (somewhat diverged). Specify this "overcommit" property in VM implementations. In particular, we also want to allow overcommit for "vmm" type. Update #712
* vm/gvisor: use new signal-based diagnoseDmitry Vyukov2018-08-291-1/+2
| | | | | Presumably "debug -stacks" sometimes fails to actually dump stacks (some runtime hangs?). Use new mechanism that just sends a signal.
* vm/gvisor: fix current binary lookupDmitry Vyukov2018-08-031-1/+5
| | | | | | os.Args[0] can be just binary name which was looked up using $PATH. In such case copy will fail because the path does not exist. Lookup binary name using $PATH.
* vm/gvisor: enable watchdog panicDmitry Vyukov2018-07-051-0/+1
| | | | We need it to crash to detect hangs.
* vm/gvisor: fix empty runsc_argsDmitry Vyukov2018-06-221-1/+3
|
* vm/gvisor: always give vm all capsDmitry Vyukov2018-06-221-3/+18
| | | | | runsc can crash on nil deref without any caps. So give all of them all the time.
* vm/gvisor: allow specifying arbitrary runsc flagsDmitry Vyukov2018-06-221-1/+3
|
* vm/gvisor: use timeout for all runsc invocationsDmitry Vyukov2018-06-221-4/+4
| | | | runsc likes to hang dead. Add timeouts to all invocations.
* executor: rework fallback coverageDmitry Vyukov2018-06-221-1/+1
| | | | | | | | | | We have fallback coverage implmentation for freebsd. 1. It's broken after some recent changes. 2. We need it for fuchsia, windows, akaros, linux too. 3. It's painful to work with C code. Move fallback coverage to ipc package, fix it and provide for all OSes.
* vm/gvisor: add packageDmitry Vyukov2018-06-221-0/+347
gvisor package provides support for gVisor, user-space kernel, testing. See https://github.com/google/gvisor
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 17:35:42 +0000