Used in debugging imgfs

Author: E4242

Makefile

@@ -12,6 +12,12 @@ build:
 	bazel build runsc
 	sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin
 
+build_debug:
+	sudo rm -rf /tmp/runsc
+	bazel build -c dbg runsc
+	sudo cp ./bazel-bin/runsc/linux_amd64_pure_debug/runsc /usr/local/bin
+	
+
 docker:
 	sudo apt-get update
 	sudo apt-get -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

WORKSPACE

@@ -163,6 +163,12 @@ go_repository(
     version = "v0.0.0-20171111001504-be1fbeda1936",
 )
 
+go_repository(
+    name = "com_github_spaolacci_murmur3",
+    importpath = "github.com/spaolacci/murmur3",
+    commit = "539464a789e9b9f01bc857458ffe2c5c1a2ed382",
+)
+
 go_repository(
     name = "org_golang_x_crypto",
     importpath = "golang.org/x/crypto",

pkg/filter/BUILD

@@ -0,0 +1,17 @@
+package(licenses = ["notice"])
+
+load("@io_bazel_rules_go//go:def.bzl", "go_test")
+load("//tools/go_stateify:defs.bzl", "go_library")
+
+go_library(
+    name = "filter",
+    srcs = [
+        "filter.go",
+        "bloom.go",
+    ],
+    importpath = "gvisor.dev/gvisor/pkg/filter",
+    visibility = ["//pkg/sentry:internal"],
+    deps = [
+        "@com_github_spaolacci_murmur3//:go_default_library",
+    ],
+)

pkg/filter/bloom.go

@@ -0,0 +1,143 @@
+package filter
+
+import (
+	"github.com/spaolacci/murmur3"
+	"math"
+)
+
+const(
+	DEFAULT_PROB = 0.000001
+)
+
+// TODO: Hash in directories
+
+// BloomFilter is a struct for creating a Bloom filter for an image file. A
+// A Bloom filter specifies whether a specific file path is "definitily" not
+// in the image file or is "maybe" in the file with a certain probability. 
+// This struct implements the Filter interface.
+type BloomFilter struct {
+	// FPProb (False Positive Probability) is the desired probability of a false positive in the filter
+	FPProb float64
+
+	// NumHashes represents the number of hash functions for this bloom filter (k)
+	NumHashes uint64
+
+	// NumElem represents the number of elements in this filter (n)
+	NumElem uint64
+
+	// FilterSize represents the number of bits in this filter (m)
+	FilterSize uint64
+
+	// BitSet is the array of bits that implements a bloom filter
+	BitSet []bool
+}
+
+
+// Initialize implements Filter.Initialize. Assumes b.NumElem is set to number of expected elements
+// and FPProb is set
+func (b *BloomFilter) Initialize() {
+	// Check for error conditions
+	if (b.NumElem < 1) {
+		// Return error
+		return
+	}
+
+	// Initialize FPProb
+	if (b.FPProb == 0) { b.FPProb = DEFAULT_PROB }
+
+	// Compute filter size and initialize bitarray
+	b.FilterSize = b.calcFilterSize()
+	b.BitSet = make([]bool, b.FilterSize)
+
+	// Compute number of hashes (k)
+	b.NumHashes = b.calcNumHashes()
+
+}
+
+// calcFilterSize calculates the optimal size of bit array given prob and elements
+// Assumes FPProb and NumElem is set
+// m = ceil((n*log(p)) / log(1 / pow(2, log(2))) 
+func (b *BloomFilter) calcFilterSize() uint64 {
+	return uint64(math.Ceil((float64(b.NumElem) * math.Log(b.FPProb)) / math.Log(1 / math.Pow(2, math.Log(2)))))
+}
+
+// calcNumHashes calculates the aptimal number of hashes given the filter size and the number of elements
+// Assumes FilterSize and NumElem set
+// k = round((m / n) * log(2))
+func (b *BloomFilter) calcNumHashes() uint64 {
+	return uint64(math.Round(float64(b.FilterSize / b.NumElem) * math.Log(2)))
+}
+
+// AddElement implements Filter.AddElement
+func (b *BloomFilter) AddElement(elem []byte) {
+	// Get the hashed value of the element
+	h1, h2 := b.hashElement(elem)
+
+	intHash := h1
+
+	// Set bits in bitset to represent added element -> TODO: Does int cast affect anything?
+	for i:=0; i < int(b.NumHashes); i++ {
+		intHash += (b.NumHashes*h2)
+		bitToSet := intHash % b.FilterSize
+		b.setBit(bitToSet)
+	}
+
+}
+
+// hashElement hashes the elem passed in based on the murmur hash function
+// TODO: Unsure if Sum128 is correct
+func (b *BloomFilter) hashElement(elem []byte) (uint64, uint64) {
+	return murmur3.Sum128(elem)
+}
+
+// setBits will set bit at position to true
+func (b *BloomFilter) setBit(position uint64) {
+	b.BitSet[position] = true
+}
+
+// RemoveElement removes an element from the filter
+//
+//
+func (b *BloomFilter) RemoveElement() {
+	// No-op for bloom filter
+}
+
+// TestElement implements Filter.TestElement
+func (b *BloomFilter) TestElement(elem []byte) bool {
+	// TODO: Make this modular with add element
+	// Get the hashed value of the element
+	h1, h2 := b.hashElement(elem)
+
+	intHash := h1
+
+	// TODO: Look into this, may be perf issue..
+	//var testFilter = make([]bool, b.FilterSize)
+
+	// Create a test bit array
+	//copy(testFilter, b.BitSet)
+
+	// Set bits in bitset to represent added element
+	for i:=0; i < int(b.NumHashes); i++ {
+		intHash += (b.NumHashes*h2)
+		bitToSet := intHash % b.FilterSize
+
+		// Check if bitset in filter
+		if (!b.BitSet[bitToSet]) {
+			return false
+		}
+	}
+
+	// Test if found by checking that all bits set are same as original
+	return true
+}
+
+// checkBitSetEquality checks if a test bloom filter equals the current bloom filter
+func (b *BloomFilter) checkBitSetEquality(test []bool) (bool) {
+	if (len(test) != len(b.BitSet)) { return false }
+
+	for i:=0; i < int(b.FilterSize); i++ {
+		if (b.BitSet[i] != test[i]) { return false }
+	}
+
+	return true
+}

pkg/filter/filter.go

@@ -0,0 +1,44 @@
+// Package filter implements a library for constructing a filter for img layer
+package filter
+
+
+import (
+)
+
+type Filter interface {
+	// Initialize creates a filter with the specified initial conditions
+	//
+	// 
+	Initialize()
+
+	// AddElement adds an element to the filter by hashing the element into the filter
+	//
+	// elem:	Represents an element to add to the bloom filter 
+	AddElement(elem []byte)
+
+	// RemoveElement removes an element from the filter
+	//
+	//
+	RemoveElement()
+
+	// TestElement checks if the specific element exists in data structure
+	//
+	// Return: False if not present in filter, true if possibly present
+	TestElement(elem []byte) bool
+
+}
+
+// FilterMetadata is a struct that depicts what will get written to the image metadata for a filter
+type FilterMetadata struct {
+	// Active indicates whether or not a bloom filter is enforced for this layer
+	Active bool
+
+	// Name represents the name of the filter used for this layer. Must be same as in ContainerFS
+	Name string
+
+	// FilterStructSize is the numbber of bytes (bits?) that the BloomFilter struct takes up
+	FilterLoc int64
+
+	// FilterStructSize is the size in bytes of the encoded structure
+	FilterStructSize int64
+}

pkg/sentry/fs/fsutil/host_file_mapper.go

@@ -122,6 +122,7 @@ func (f *HostFileMapper) DecRefOn(mr memmap.MappableRange) {
 //
 // Preconditions: The caller must hold a reference on all offsets in fr.
 func (f *HostFileMapper) MapInternal(fr platform.FileRange, fd int, write bool) (safemem.BlockSeq, error) {
+	log.Infof("Mapping internally from host")
 	chunks := ((fr.End + chunkMask) >> chunkShift) - (fr.Start >> chunkShift)
 	f.mapsMu.Lock()
 	defer f.mapsMu.Unlock()

pkg/sentry/fs/fsutil/inode_cached.go

@@ -616,6 +616,7 @@ func (rw *inodeReadWriter) ReadToBlocks(dsts safemem.BlockSeq) (uint64, error) {
 		mr := memmap.MappableRange{uint64(rw.offset), uint64(end)}
 		switch {
 		case seg.Ok():
+			log.Infof("Get internal mappings to cache")
 			// Get internal mappings from the cache.
 			ims, err := mem.MapInternal(seg.FileRangeOf(seg.Range().Intersect(mr)), usermem.Read)
 			if err != nil {
@@ -723,6 +724,7 @@ func (rw *inodeReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error
 		mr := memmap.MappableRange{uint64(rw.offset), uint64(end)}
 		switch {
 		case seg.Ok() && seg.Start() < mr.End:
+			log.Infof("Get mappings to cache -")
 			// Get internal mappings from the cache.
 			segMR := seg.Range().Intersect(mr)
 			ims, err := mf.MapInternal(seg.FileRangeOf(segMR), usermem.Write)

pkg/sentry/fs/imgfs/BUILD

@@ -13,7 +13,7 @@ go_library(
         "util.go",
         "util_unsafe.go",
     ],
-    importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/imgfs",
+    importpath = "gvisor.dev/gvisor/pkg/sentry/fs/imgfs",
     visibility = ["//pkg/sentry:internal"],
     deps = [
         "//pkg/abi/linux",
@@ -23,6 +23,7 @@ go_library(
         "//pkg/metric",
         "//pkg/refs",
         "//pkg/secio",
+        "//pkg/filter",
         "//pkg/sentry/arch",
         "//pkg/sentry/context",
         "//pkg/sentry/device",