fix(namespace): pass mount and pivot_root conformance#2137
Conversation
Align mount namespaces, propagation, pivot_root, proc mount topology, VFS permissions, and tmpfs accounting with Linux 6.6 semantics. Make current-task publication and x86 fast CPU identification safe across context switches and AP startup, and harden page-cache allocation and rollback paths. Add focused dunit and gVisor coverage for mount, pivot_root, dangling symlinks, tmpfs quota, and propagation. Make both runners fail closed on incomplete XML, unexpected skips, timeouts, and stale results while always publishing CI artifacts. Validated with kernel builds, runner unit tests and linting, slab allocator tests, QEMU boot, the full dunit suite, focused namespace tests, and gVisor mount/pivot_root tests. Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c64eb42b9b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Make atime updates field-specific and synchronized in mutable filesystems, serialize FUSE and ext4 metadata updates, enforce O_NOATIME ownership, and cover directory access semantics. Compute tmpfs statfs data from atomic page accounting without taking a superblock write lock on every page operation. Preserve slab allocator soundness without clearing an entire object page. Restore the origin/master current-task implementation that predates the wait/epoll CI regressions, reject invalid open flag combinations, read complete symlink targets, and decouple existing mount topology traversal from mount-max admission limits. Add dunit coverage for metadata races, atime flags, tmpfs quota reporting, long symlinks, open errors, and lowered mount limits. Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c6a00c9be1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Use the optional filesystem lookup before checking mount state during access-time updates. Anonymous kernel objects such as sockets now report that they are not backed by a filesystem, matching Linux socket read semantics and avoiding a panic in readv and splice paths.\n\nDocument the expanded try_fs contract so callers can distinguish filesystem-backed inodes from anonymous objects without relying on a panicking fs implementation.\n\nThis fixes the gVisor TCP splice timeout and UDP writev/readv failure observed in the integration workflow. Signed-off-by: longjin <longjin@dragonos.org>
Preserve Linux open error precedence by applying O_NOATIME ownership checks after path, type, and DAC validation while keeping them ahead of direct-I/O and socket-open failures. Add regression coverage for final symlinks and directory O_DIRECT combinations.\n\nReuse one fallibly allocated PATH_MAX buffer across a symlink walk to avoid per-hop allocation and clearing.\n\nEnsure the gVisor runner terminates the full test process group and reaps its leader when try_wait fails, sharing the same cleanup path used for timeouts. Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 37ae945112
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Initialize new inode ownership before publication across tmpfs, ramfs, and ext4, including mknod and rename whiteouts. Preserve setgid directory inheritance while stripping unauthorized executable setgid modes. Harden transactional page-cache rollback against concurrent dirty publication, update regular-file atime on EOF reads, and avoid filesystem lookups for anonymous socket permission checks. Disable required-test manifest enforcement completely when requested and add regression coverage for ownership, SGID, EOF atime, and runner behavior. Signed-off-by: longjin <longjin@dragonos.org>
Use the initial root credential for kernel-owned filesystem objects created before ProcessManager installs a current task. Keep setgid directory inheritance intact while avoiding an early-boot current_pcb spin during procfs initialization. Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cab2716adb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Apply Linux-compatible write-side metadata effects after successful tmpfs fallocate allocation, including timestamp updates and setid removal, while preserving rollback atomicity. Cache ext4 atime updates in memory, track them through the existing dirty inode queue, and commit them with size and mtime during periodic or explicit metadata writeback instead of synchronously writing from the read path. Add dunitest coverage for fallocate metadata effects, failure stability, setid clearing, and ext4 atime visibility and persistence. Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b580875156
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Enforce Linux symlink creation semantics in the common syscall path, including empty targets, trailing slashes, parent search/write permission ordering, immutable directories, and an atomic tmpfs permission recheck under the parent inode lock. Keep ext4 inode timestamps authoritative in memory and evaluate relatime without io_lock or disk getattr. Add masked setattr support and generation-based atime/mtime writeback commits so concurrent reads, writes, mmap faults, setters, resize, and writeback cannot lose dirty timestamp updates. Add dunitest coverage for symlink error and permission semantics plus ext4 relatime behavior. Validated with make kernel and the full DragonOS dunitest suite (797 tests, 0 failures). Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 03dcd4ada2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Raise the syscall workflow timeout to cover its 50-minute guest monitor after the build and disk preparation phases, while preserving time for cleanup and diagnostic uploads. Apply the same outer-timeout invariant to dunitest so its 30-minute monitor can terminate QEMU and publish the serial artifact before the Actions job deadline. Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 53d58060ed
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Return authoritative attributes from the in-memory inode used by create, mkdir, and mknod transactions, while preserving the existing inode-number APIs. Initialize canonical VFS inodes from those attributes for regular creation, special nodes, and rename whiteouts. This removes the post-link getattr failure window that could report EIO after the directory entry was already committed. Keep lookup-time getattr behavior unchanged and add coverage for complete in-memory FileAttr conversion. Validated with make kernel, all 130 another_ext4 tests, and the full DragonOS dunitest suite (797 tests, 0 failures). Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
|
Codex Review: Didn't find any major issues. 👍 Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Replace the scheduler-dependent recursive propagation observer with explicit shared/private phase acknowledgements and a midpoint stress snapshot handshake. Preserve the two unsynchronized 512-transition halves, namespace copying, and concurrent topology mutation while reporting the exact failing child status. Allocate a fresh conceptual hidden-parent mount ID when copying an attached namespace so mountinfo never exposes the source namespace's parent identity. Keep ordinary overlay traversal single-pass for the common shallow path and defer cycle detection to pathological depths without imposing a semantic limit. Require the recursive-bind topology and mount-limit rollback suites to remain skip-free alongside the existing namespace conformance binaries. Validated with make kernel, 12 dunit runner tests, the full DragonOS dunit suite, and 100-run focused stress loops on Linux and in the DragonOS guest. Signed-off-by: longjin <longjin@dragonos.org>
|
已定位并修复 Dunitest CI 失败的根因(commit c8fe6f0)。 根因证据:在 DragonOS guest 中重复执行失败用例,原实现第 72 次稳定复现,并新增诊断确认 修复没有增加超时或重试:
本地验证:
已完成 8 角色 bug-hunter 对抗审查,并对修复后的 pipe 协议、Linux mount identity 和热路径优化再次独立复核,未留下新的 actionable finding。 |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c8fe6f0f94
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 36300bd3ba
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Signed-off-by: longjin <longjin@dragonos.org>
|
@codex review |
|
Codex Review: Didn't find any major issues. You're on a roll. Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Summary
Validation
make kernelCloses #2106