diff options
63 files changed, 291 insertions, 199 deletions
diff --git a/pkg/abi/linux/fadvise.go b/pkg/abi/linux/fadvise.go index b06ff9964..97e2e4532 100644 --- a/pkg/abi/linux/fadvise.go +++ b/pkg/abi/linux/fadvise.go @@ -14,6 +14,7 @@ package linux +// Fadvise constants. const ( POSIX_FADV_NORMAL = 0 POSIX_FADV_RANDOM = 1 diff --git a/pkg/abi/linux/ipc.go b/pkg/abi/linux/ipc.go index c6e65df62..f84144355 100644 --- a/pkg/abi/linux/ipc.go +++ b/pkg/abi/linux/ipc.go @@ -14,8 +14,9 @@ package linux -// Control commands used with semctl, shmctl, and msgctl. Source: -// include/uapi/linux/ipc.h. +// Control commands used with semctl, shmctl, and msgctl. +// +// Source: include/uapi/linux/ipc.h. const ( IPC_RMID = 0 IPC_SET = 1 @@ -23,14 +24,19 @@ const ( IPC_INFO = 3 ) -// resource get request flags. Source: include/uapi/linux/ipc.h +// Resource get request flags. +// +// Source: include/uapi/linux/ipc.h const ( IPC_CREAT = 00001000 IPC_EXCL = 00002000 IPC_NOWAIT = 00004000 ) -const IPC_PRIVATE = 0 +// IPC flags. +const ( + IPC_PRIVATE = 0 +) // In Linux, amd64 does not enable CONFIG_ARCH_WANT_IPC_PARSE_VERSION, so SysV // IPC unconditionally uses the "new" 64-bit structures that are needed for diff --git a/pkg/abi/linux/netfilter_ipv6.go b/pkg/abi/linux/netfilter_ipv6.go index 6d31eb5e3..bcb57642e 100644 --- a/pkg/abi/linux/netfilter_ipv6.go +++ b/pkg/abi/linux/netfilter_ipv6.go @@ -288,6 +288,7 @@ type IP6TIP struct { _ [3]byte } +// SizeOfIP6TIP is the size of an IP6 header. const SizeOfIP6TIP = 136 // Flags in IP6TIP.Flags. Corresponding constants are in diff --git a/pkg/abi/linux/sched.go b/pkg/abi/linux/sched.go index 70e820823..2a67921e6 100644 --- a/pkg/abi/linux/sched.go +++ b/pkg/abi/linux/sched.go @@ -29,6 +29,7 @@ const ( SCHED_RESET_ON_FORK = 0x40000000 ) +// Scheduling priority group selectors. const ( PRIO_PGRP = 0x1 PRIO_PROCESS = 0x0 diff --git a/pkg/abi/linux/seccomp.go b/pkg/abi/linux/seccomp.go index 5be3f10f9..e64501fac 100644 --- a/pkg/abi/linux/seccomp.go +++ b/pkg/abi/linux/seccomp.go @@ -30,8 +30,10 @@ const ( SECCOMP_GET_ACTION_AVAIL = 2 ) +// BPFAction is an action for a BPF filter. type BPFAction uint32 +// BPFAction definitions. const ( SECCOMP_RET_KILL_PROCESS BPFAction = 0x80000000 SECCOMP_RET_KILL_THREAD BPFAction = 0x00000000 diff --git a/pkg/abi/linux/sem.go b/pkg/abi/linux/sem.go index 2424884c1..bc7b4f0ee 100644 --- a/pkg/abi/linux/sem.go +++ b/pkg/abi/linux/sem.go @@ -49,7 +49,10 @@ const ( SEMUSZ = 20 ) -const SEM_UNDO = 0x1000 +// Semaphore flags. +const ( + SEM_UNDO = 0x1000 +) // Sembuf is equivalent to struct sembuf. // diff --git a/pkg/cpuid/cpuid_arm64.go b/pkg/cpuid/cpuid_arm64.go index ac7bb6774..98c6ec62f 100644 --- a/pkg/cpuid/cpuid_arm64.go +++ b/pkg/cpuid/cpuid_arm64.go @@ -267,7 +267,7 @@ func (fs *FeatureSet) UseXsave() bool { // FlagsString prints out supported CPU "flags" field in /proc/cpuinfo. func (fs *FeatureSet) FlagsString() string { var s []string - for f, _ := range arm64FeatureStrings { + for f := range arm64FeatureStrings { if fs.Set[f] { if fstr := f.flagString(); fstr != "" { s = append(s, fstr) @@ -296,7 +296,7 @@ func (fs FeatureSet) WriteCPUInfoTo(cpu uint, b *bytes.Buffer) { func HostFeatureSet() *FeatureSet { s := make(map[Feature]bool) - for f, _ := range arm64FeatureStrings { + for f := range arm64FeatureStrings { if hwCap&(1<<f) != 0 { s[f] = true } diff --git a/pkg/p9/client.go b/pkg/p9/client.go index eadea390a..3f4324ac1 100644 --- a/pkg/p9/client.go +++ b/pkg/p9/client.go @@ -241,7 +241,7 @@ func (c *Client) watch(socket *unet.Socket) { defer c.closedWg.Done() events := []unix.PollFd{ - unix.PollFd{ + { Fd: int32(socket.FD()), Events: unix.POLLHUP | unix.POLLRDHUP, }, diff --git a/pkg/seccomp/seccomp.go b/pkg/seccomp/seccomp.go index ec17ebc4d..daea51c4d 100644 --- a/pkg/seccomp/seccomp.go +++ b/pkg/seccomp/seccomp.go @@ -61,7 +61,7 @@ func Install(rules SyscallRules) error { log.Infof("Installing seccomp filters for %d syscalls (action=%v)", len(rules), defaultAction) instrs, err := BuildProgram([]RuleSet{ - RuleSet{ + { Rules: rules, Action: linux.SECCOMP_RET_ALLOW, }, @@ -160,7 +160,7 @@ func buildIndex(rules []RuleSet, program *bpf.ProgramBuilder) error { } } syscalls := make([]uintptr, 0, len(requiredSyscalls)) - for sysno, _ := range requiredSyscalls { + for sysno := range requiredSyscalls { syscalls = append(syscalls, sysno) } sort.Slice(syscalls, func(i, j int) bool { return syscalls[i] < syscalls[j] }) diff --git a/pkg/seccomp/seccomp_test.go b/pkg/seccomp/seccomp_test.go index e1444d18b..db06d1f1b 100644 --- a/pkg/seccomp/seccomp_test.go +++ b/pkg/seccomp/seccomp_test.go @@ -932,7 +932,7 @@ func TestRandom(t *testing.T) { t.Logf("Testing filters: %v", syscallRules) instrs, err := BuildProgram([]RuleSet{ - RuleSet{ + { Rules: syscallRules, Action: linux.SECCOMP_RET_ALLOW, }, diff --git a/pkg/segment/set.go b/pkg/segment/set.go index fbb31dbea..fae6c363d 100644 --- a/pkg/segment/set.go +++ b/pkg/segment/set.go @@ -1680,8 +1680,8 @@ type SegmentDataSlices struct { Values []Value } -// ExportSortedSlice returns a copy of all segments in the given set, in ascending -// key order. +// ExportSortedSlices returns a copy of all segments in the given set, in +// ascending key order. func (s *Set) ExportSortedSlices() *SegmentDataSlices { var sds SegmentDataSlices for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() { @@ -1695,7 +1695,7 @@ func (s *Set) ExportSortedSlices() *SegmentDataSlices { return &sds } -// ImportSortedSlice initializes the given set from the given slice. +// ImportSortedSlices initializes the given set from the given slice. // // Preconditions: // * s must be empty. diff --git a/pkg/sentry/fs/fsutil/inode.go b/pkg/sentry/fs/fsutil/inode.go index 1922ff08c..85e7e35db 100644 --- a/pkg/sentry/fs/fsutil/inode.go +++ b/pkg/sentry/fs/fsutil/inode.go @@ -510,6 +510,7 @@ func (InodeDenyWriteChecker) Check(ctx context.Context, inode *fs.Inode, p fs.Pe //InodeNotAllocatable can be used by Inodes that do not support Allocate(). type InodeNotAllocatable struct{} +// Allocate implements fs.InodeOperations.Allocate. func (InodeNotAllocatable) Allocate(_ context.Context, _ *fs.Inode, _, _ int64) error { return syserror.EOPNOTSUPP } diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go index 9b3d8166a..41a3c2047 100644 --- a/pkg/sentry/fs/inode.go +++ b/pkg/sentry/fs/inode.go @@ -367,6 +367,7 @@ func (i *Inode) Truncate(ctx context.Context, d *Dirent, size int64) error { return i.InodeOperations.Truncate(ctx, i, size) } +// Allocate calls i.InodeOperations.Allocate with i as the Inode. func (i *Inode) Allocate(ctx context.Context, d *Dirent, offset int64, length int64) error { if i.overlay != nil { return overlayAllocate(ctx, i.overlay, d, offset, length) diff --git a/pkg/sentry/fsimpl/testutil/kernel.go b/pkg/sentry/fsimpl/testutil/kernel.go index 205ad8192..807e4f44a 100644 --- a/pkg/sentry/fsimpl/testutil/kernel.go +++ b/pkg/sentry/fsimpl/testutil/kernel.go @@ -114,7 +114,7 @@ func Boot() (*kernel.Kernel, error) { return nil, err } tg := k.NewThreadGroup(nil, k.RootPIDNamespace(), kernel.NewSignalHandlers(), linux.SIGCHLD, ls) - k.TestOnly_SetGlobalInit(tg) + k.TestOnlySetGlobalInit(tg) return k, nil } diff --git a/pkg/sentry/kernel/auth/id.go b/pkg/sentry/kernel/auth/id.go index 4c32ee703..994486ea8 100644 --- a/pkg/sentry/kernel/auth/id.go +++ b/pkg/sentry/kernel/auth/id.go @@ -62,18 +62,28 @@ const ( // field is displayed as 4294967295 (-1 as an unsigned integer);" - // user_namespaces(7) OverflowUID = UID(65534) + + // OverflowGID is the group equivalent to OverflowUID. OverflowGID = GID(65534) // NobodyKUID is the user ID usually reserved for the least privileged user // "nobody". NobodyKUID = KUID(65534) + + // NobodyKGID is the group equivalent to NobodyKUID. NobodyKGID = KGID(65534) // RootKUID is the user ID usually used for the most privileged user "root". RootKUID = KUID(0) + + // RootKGID is the group equivalent to RootKUID. RootKGID = KGID(0) - RootUID = UID(0) - RootGID = GID(0) + + // RootUID is the root user. + RootUID = UID(0) + + // RootGID is the root group. + RootGID = GID(0) ) // Ok returns true if uid is not -1. diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go index b8627a54f..303ae8056 100644 --- a/pkg/sentry/kernel/kernel.go +++ b/pkg/sentry/kernel/kernel.go @@ -1433,8 +1433,8 @@ func (k *Kernel) GlobalInit() *ThreadGroup { return k.globalInit } -// TestOnly_SetGlobalInit sets the thread group with ID 1 in the root PID namespace. -func (k *Kernel) TestOnly_SetGlobalInit(tg *ThreadGroup) { +// TestOnlySetGlobalInit sets the thread group with ID 1 in the root PID namespace. +func (k *Kernel) TestOnlySetGlobalInit(tg *ThreadGroup) { k.globalInit = tg } diff --git a/pkg/sentry/platform/ring0/kernel_amd64.go b/pkg/sentry/platform/ring0/kernel_amd64.go index b55dc29b3..36a60700e 100644 --- a/pkg/sentry/platform/ring0/kernel_amd64.go +++ b/pkg/sentry/platform/ring0/kernel_amd64.go @@ -65,6 +65,7 @@ func (k *Kernel) init(maxCPUs int) { } } +// EntryRegions returns the set of kernel entry regions (must be mapped). func (k *Kernel) EntryRegions() map[uintptr]uintptr { regions := make(map[uintptr]uintptr) diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go index b283d7229..26bd1abd4 100644 --- a/pkg/sentry/socket/netfilter/netfilter.go +++ b/pkg/sentry/socket/netfilter/netfilter.go @@ -205,7 +205,7 @@ func SetEntries(stk *stack.Stack, optVal []byte, ipv6 bool) *syserr.Error { // Go through the list of supported hooks for this table and, for each // one, set the rule it corresponds to. - for hook, _ := range replace.HookEntry { + for hook := range replace.HookEntry { if table.ValidHooks()&(1<<hook) != 0 { hk := hookFromLinux(hook) table.BuiltinChains[hk] = stack.HookUnset diff --git a/pkg/sentry/socket/netfilter/owner_matcher.go b/pkg/sentry/socket/netfilter/owner_matcher.go index 1b4e0ad79..69d13745e 100644 --- a/pkg/sentry/socket/netfilter/owner_matcher.go +++ b/pkg/sentry/socket/netfilter/owner_matcher.go @@ -96,6 +96,7 @@ func (ownerMarshaler) unmarshal(buf []byte, filter stack.IPHeaderFilter) (stack. return &owner, nil } +// OwnerMatcher matches against a UID and/or GID. type OwnerMatcher struct { uid uint32 gid uint32 diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go index c59297c80..6c4ec55b2 100644 --- a/pkg/sentry/socket/unix/unix.go +++ b/pkg/sentry/socket/unix/unix.go @@ -471,7 +471,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b if len(to) > 0 { switch s.stype { case linux.SOCK_SEQPACKET: - to = nil + // to is ignored. case linux.SOCK_STREAM: if s.State() == linux.SS_CONNECTED { return 0, syserr.ErrAlreadyConnected diff --git a/pkg/sentry/syscalls/linux/sys_sync.go b/pkg/sentry/syscalls/linux/sys_sync.go index 048a21c6e..5ebd4461f 100644 --- a/pkg/sentry/syscalls/linux/sys_sync.go +++ b/pkg/sentry/syscalls/linux/sys_sync.go @@ -125,6 +125,7 @@ func SyncFileRange(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel // // It should be safe to skipped this flag while nobody uses // SYNC_FILE_RANGE_WAIT_BEFORE. + _ = nbytes // SYNC_FILE_RANGE_WAIT_AFTER waits upon write-out of all pages in the // range after performing any write. diff --git a/pkg/sentry/vfs/inotify.go b/pkg/sentry/vfs/inotify.go index 107171b61..a48ac1cd6 100644 --- a/pkg/sentry/vfs/inotify.go +++ b/pkg/sentry/vfs/inotify.go @@ -738,7 +738,7 @@ func InotifyEventFromStatMask(mask uint32) uint32 { } else if mask&linux.STATX_ATIME != 0 { ev |= linux.IN_ACCESS } else if mask&linux.STATX_MTIME != 0 { - mask |= linux.IN_MODIFY + ev |= linux.IN_MODIFY } return ev } diff --git a/pkg/shim/v1/shim/api.go b/pkg/shim/v1/shim/api.go index 5dd8ff172..8200eb012 100644 --- a/pkg/shim/v1/shim/api.go +++ b/pkg/shim/v1/shim/api.go @@ -19,10 +19,23 @@ import ( "github.com/containerd/containerd/api/events" ) +// TaskCreate is an alias for events.TaskCreate. type TaskCreate = events.TaskCreate + +// TaskStart is an alias for events.TaskStart. type TaskStart = events.TaskStart + +// TaskOOM is an alias for events.TaskOOM. type TaskOOM = events.TaskOOM + +// TaskExit is an alias for events.TaskExit. type TaskExit = events.TaskExit + +// TaskDelete is an alias for events.TaskDelete. type TaskDelete = events.TaskDelete + +// TaskExecAdded is an alias for events.TaskExecAdded. type TaskExecAdded = events.TaskExecAdded + +// TaskExecStarted is an alias for events.TaskExecStarted. type TaskExecStarted = events.TaskExecStarted diff --git a/pkg/shim/v2/api.go b/pkg/shim/v2/api.go index dbe5c59f6..5a60a04db 100644 --- a/pkg/shim/v2/api.go +++ b/pkg/shim/v2/api.go @@ -19,4 +19,5 @@ import ( "github.com/containerd/containerd/api/events" ) +// TaskOOM is an alias for events.TaskOOM. type TaskOOM = events.TaskOOM diff --git a/pkg/tcpip/link/fdbased/endpoint_test.go b/pkg/tcpip/link/fdbased/endpoint_test.go index a87abc6d6..987a34226 100644 --- a/pkg/tcpip/link/fdbased/endpoint_test.go +++ b/pkg/tcpip/link/fdbased/endpoint_test.go @@ -501,7 +501,7 @@ func TestRecvMMsgDispatcherCapLength(t *testing.T) { msgHdrs: make([]rawfile.MMsgHdr, 1), } - for i, _ := range d.views { + for i := range d.views { d.views[i] = make([]buffer.View, len(c.config)) } for i := range d.iovecs { diff --git a/pkg/tcpip/network/ipv6/icmp_test.go b/pkg/tcpip/network/ipv6/icmp_test.go index 34a6a8446..bbce1ef78 100644 --- a/pkg/tcpip/network/ipv6/icmp_test.go +++ b/pkg/tcpip/network/ipv6/icmp_test.go @@ -1535,7 +1535,7 @@ func TestPacketQueing(t *testing.T) { } s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: host1IPv6Addr.AddressWithPrefix.Subnet(), NIC: nicID, }, diff --git a/pkg/tcpip/network/ipv6/mld_test.go b/pkg/tcpip/network/ipv6/mld_test.go index e2778b656..f6ffa7133 100644 --- a/pkg/tcpip/network/ipv6/mld_test.go +++ b/pkg/tcpip/network/ipv6/mld_test.go @@ -267,7 +267,7 @@ func TestSendQueuedMLDReports(t *testing.T) { globalMulticastAddr: false, linkLocalAddrSNMC: false, } - for _ = range addrs { + for range addrs { p, ok := e.Read() if !ok { t.Fatalf("expected MLD report for %s and %s; addrs = %#v", globalMulticastAddr, linkLocalAddrSNMC, addrs) diff --git a/pkg/tcpip/network/ipv6/ndp_test.go b/pkg/tcpip/network/ipv6/ndp_test.go index 7ddb19c00..b1a5a5510 100644 --- a/pkg/tcpip/network/ipv6/ndp_test.go +++ b/pkg/tcpip/network/ipv6/ndp_test.go @@ -581,7 +581,7 @@ func TestNeighorSolicitationResponse(t *testing.T) { } s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: header.IPv6EmptySubnet, NIC: 1, }, diff --git a/pkg/tcpip/network/multicast_group_test.go b/pkg/tcpip/network/multicast_group_test.go index 05d98a0a5..0f4f0e1e1 100644 --- a/pkg/tcpip/network/multicast_group_test.go +++ b/pkg/tcpip/network/multicast_group_test.go @@ -1095,7 +1095,7 @@ func TestMGPWithNICLifecycle(t *testing.T) { seen[a] = false } - for i, _ := range test.multicastAddrs { + for i := range test.multicastAddrs { p, ok := e.Read() if !ok { t.Fatalf("expected (%d-th) leave message to be sent", i) @@ -1122,7 +1122,7 @@ func TestMGPWithNICLifecycle(t *testing.T) { seen[a] = false } - for i, _ := range test.multicastAddrs { + for i := range test.multicastAddrs { p, ok := e.Read() if !ok { t.Fatalf("expected (%d-th) report message to be sent", i) @@ -1143,7 +1143,7 @@ func TestMGPWithNICLifecycle(t *testing.T) { if got := sentLeaveStat.Value(); got != leaveCounter { t.Errorf("got sentLeaveStat.Value() = %d, want = %d", got, leaveCounter) } - for i, _ := range test.multicastAddrs { + for i := range test.multicastAddrs { if _, ok := e.Read(); !ok { t.Fatalf("expected (%d-th) leave message to be sent", i) } diff --git a/pkg/tcpip/stack/conntrack.go b/pkg/tcpip/stack/conntrack.go index 9a17efcba..5e649cca6 100644 --- a/pkg/tcpip/stack/conntrack.go +++ b/pkg/tcpip/stack/conntrack.go @@ -142,19 +142,19 @@ func (cn *conn) timedOut(now time.Time) bool { // update the connection tracking state. // -// Precondition: ct.mu must be held. -func (ct *conn) updateLocked(tcpHeader header.TCP, hook Hook) { +// Precondition: cn.mu must be held. +func (cn *conn) updateLocked(tcpHeader header.TCP, hook Hook) { // Update the state of tcb. tcb assumes it's always initialized on the // client. However, we only need to know whether the connection is // established or not, so the client/server distinction isn't important. // TODO(gvisor.dev/issue/170): Add support in tcpconntrack to handle // other tcp states. - if ct.tcb.IsEmpty() { - ct.tcb.Init(tcpHeader) - } else if hook == ct.tcbHook { - ct.tcb.UpdateStateOutbound(tcpHeader) + if cn.tcb.IsEmpty() { + cn.tcb.Init(tcpHeader) + } else if hook == cn.tcbHook { + cn.tcb.UpdateStateOutbound(tcpHeader) } else { - ct.tcb.UpdateStateInbound(tcpHeader) + cn.tcb.UpdateStateInbound(tcpHeader) } } diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go index 2d8c883cd..09c7811fa 100644 --- a/pkg/tcpip/stack/iptables.go +++ b/pkg/tcpip/stack/iptables.go @@ -45,13 +45,13 @@ const reaperDelay = 5 * time.Second func DefaultTables() *IPTables { return &IPTables{ v4Tables: [NumTables]Table{ - NATID: Table{ + NATID: { Rules: []Rule{ - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, }, BuiltinChains: [NumHooks]int{ Prerouting: 0, @@ -68,11 +68,11 @@ func DefaultTables() *IPTables { Postrouting: 3, }, }, - MangleID: Table{ + MangleID: { Rules: []Rule{ - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, }, BuiltinChains: [NumHooks]int{ Prerouting: 0, @@ -86,12 +86,12 @@ func DefaultTables() *IPTables { Postrouting: HookUnset, }, }, - FilterID: Table{ + FilterID: { Rules: []Rule{ - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, - Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, + {Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}}, }, BuiltinChains: [NumHooks]int{ Prerouting: HookUnset, @@ -110,13 +110,13 @@ func DefaultTables() *IPTables { }, }, v6Tables: [NumTables]Table{ - NATID: Table{ + NATID: { Rules: []Rule{ - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, }, BuiltinChains: [NumHooks]int{ Prerouting: 0, @@ -133,11 +133,11 @@ func DefaultTables() *IPTables { Postrouting: 3, }, }, - MangleID: Table{ + MangleID: { Rules: []Rule{ - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, }, BuiltinChains: [NumHooks]int{ Prerouting: 0, @@ -151,12 +151,12 @@ func DefaultTables() *IPTables { Postrouting: HookUnset, }, }, - FilterID: Table{ + FilterID: { Rules: []Rule{ - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, - Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, + {Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}}, }, BuiltinChains: [NumHooks]int{ Prerouting: HookUnset, @@ -175,9 +175,9 @@ func DefaultTables() *IPTables { }, }, priorities: [NumHooks][]TableID{ - Prerouting: []TableID{MangleID, NATID}, - Input: []TableID{NATID, FilterID}, - Output: []TableID{MangleID, NATID, FilterID}, + Prerouting: {MangleID, NATID}, + Input: {NATID, FilterID}, + Output: {MangleID, NATID, FilterID}, }, connections: ConnTrack{ seed: generateRandUint32(), diff --git a/pkg/tcpip/stack/iptables_types.go b/pkg/tcpip/stack/iptables_types.go index 4b86c1be9..56a3e7861 100644 --- a/pkg/tcpip/stack/iptables_types.go +++ b/pkg/tcpip/stack/iptables_types.go @@ -56,7 +56,7 @@ const ( // Postrouting happens just before a packet goes out on the wire. Postrouting - // The total number of hooks. + // NumHooks is the total number of hooks. NumHooks ) @@ -273,14 +273,12 @@ func (fl IPHeaderFilter) match(pkt *PacketBuffer, hook Hook, nicName string) boo return true } - // If the interface name ends with '+', any interface which begins - // with the name should be matched. + // If the interface name ends with '+', any interface which + // begins with the name should be matched. ifName := fl.OutputInterface - matches := true + matches := nicName == ifName if strings.HasSuffix(ifName, "+") { matches = strings.HasPrefix(nicName, ifName[:n-1]) - } else { - matches = nicName == ifName } return fl.OutputInterfaceInvert != matches } diff --git a/pkg/tcpip/tests/integration/forward_test.go b/pkg/tcpip/tests/integration/forward_test.go index 60054d6ef..4c2084d19 100644 --- a/pkg/tcpip/tests/integration/forward_test.go +++ b/pkg/tcpip/tests/integration/forward_test.go @@ -285,58 +285,58 @@ func TestForwarding(t *testing.T) { } host1Stack.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: host1IPv4Addr.AddressWithPrefix.Subnet(), NIC: host1NICID, }, - tcpip.Route{ + { Destination: host1IPv6Addr.AddressWithPrefix.Subnet(), NIC: host1NICID, }, - tcpip.Route{ + { Destination: host2IPv4Addr.AddressWithPrefix.Subnet(), Gateway: routerNIC1IPv4Addr.AddressWithPrefix.Address, NIC: host1NICID, }, - tcpip.Route{ + { Destination: host2IPv6Addr.AddressWithPrefix.Subnet(), Gateway: routerNIC1IPv6Addr.AddressWithPrefix.Address, NIC: host1NICID, }, }) routerStack.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: routerNIC1IPv4Addr.AddressWithPrefix.Subnet(), NIC: routerNICID1, }, - tcpip.Route{ + { Destination: routerNIC1IPv6Addr.AddressWithPrefix.Subnet(), NIC: routerNICID1, }, - tcpip.Route{ + { Destination: routerNIC2IPv4Addr.AddressWithPrefix.Subnet(), NIC: routerNICID2, }, - tcpip.Route{ + { Destination: routerNIC2IPv6Addr.AddressWithPrefix.Subnet(), NIC: routerNICID2, }, }) host2Stack.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: host2IPv4Addr.AddressWithPrefix.Subnet(), NIC: host2NICID, }, - tcpip.Route{ + { Destination: host2IPv6Addr.AddressWithPrefix.Subnet(), NIC: host2NICID, }, - tcpip.Route{ + { Destination: host1IPv4Addr.AddressWithPrefix.Subnet(), Gateway: routerNIC2IPv4Addr.AddressWithPrefix.Address, NIC: host2NICID, }, - tcpip.Route{ + { Destination: host1IPv6Addr.AddressWithPrefix.Subnet(), Gateway: routerNIC2IPv6Addr.AddressWithPrefix.Address, NIC: host2NICID, diff --git a/pkg/tcpip/tests/integration/link_resolution_test.go b/pkg/tcpip/tests/integration/link_resolution_test.go index 209da3903..b4bffaec1 100644 --- a/pkg/tcpip/tests/integration/link_resolution_test.go +++ b/pkg/tcpip/tests/integration/link_resolution_test.go @@ -154,21 +154,21 @@ func TestPing(t *testing.T) { } host1Stack.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: ipv4Addr1.AddressWithPrefix.Subnet(), NIC: host1NICID, }, - tcpip.Route{ + { Destination: ipv6Addr1.AddressWithPrefix.Subnet(), NIC: host1NICID, }, }) host2Stack.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: ipv4Addr2.AddressWithPrefix.Subnet(), NIC: host2NICID, }, - tcpip.Route{ + { Destination: ipv6Addr2.AddressWithPrefix.Subnet(), NIC: host2NICID, }, diff --git a/pkg/tcpip/tests/integration/loopback_test.go b/pkg/tcpip/tests/integration/loopback_test.go index cf9e86c3c..cb6169cfc 100644 --- a/pkg/tcpip/tests/integration/loopback_test.go +++ b/pkg/tcpip/tests/integration/loopback_test.go @@ -198,11 +198,11 @@ func TestLoopbackAcceptAllInSubnetUDP(t *testing.T) { t.Fatalf("AddProtocolAddress(%d, %+v): %s", nicID, test.addAddress, err) } s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: header.IPv4EmptySubnet, NIC: nicID, }, - tcpip.Route{ + { Destination: header.IPv6EmptySubnet, NIC: nicID, }, @@ -291,7 +291,7 @@ func TestLoopbackSubnetLifetimeBoundToAddr(t *testing.T) { t.Fatalf("s.AddProtocolAddress(%d, %#v): %s", nicID, protoAddr, err) } s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: header.IPv4EmptySubnet, NIC: nicID, }, @@ -429,11 +429,11 @@ func TestLoopbackAcceptAllInSubnetTCP(t *testing.T) { t.Fatalf("AddProtocolAddress(%d, %#v): %s", nicID, test.addAddress, err) } s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: header.IPv4EmptySubnet, NIC: nicID, }, - tcpip.Route{ + { Destination: header.IPv6EmptySubnet, NIC: nicID, }, diff --git a/pkg/tcpip/tests/integration/multicast_broadcast_test.go b/pkg/tcpip/tests/integration/multicast_broadcast_test.go index fae6c256a..b42375695 100644 --- a/pkg/tcpip/tests/integration/multicast_broadcast_test.go +++ b/pkg/tcpip/tests/integration/multicast_broadcast_test.go @@ -166,11 +166,11 @@ func TestPingMulticastBroadcast(t *testing.T) { // Default routes for IPv4 and IPv6 so ICMP can find a route to the remote // node when attempting to send the ICMP Echo Reply. s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: header.IPv6EmptySubnet, NIC: nicID, }, - tcpip.Route{ + { Destination: header.IPv4EmptySubnet, NIC: nicID, }, @@ -530,7 +530,7 @@ func TestReuseAddrAndBroadcast(t *testing.T) { } s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { // We use the empty subnet instead of just the loopback subnet so we // also have a route to the IPv4 Broadcast address. Destination: header.IPv4EmptySubnet, @@ -699,11 +699,11 @@ func TestUDPAddRemoveMembershipSocketOption(t *testing.T) { // routable to the multicast address when the NIC isn't specified. if !subTest.specifyNICID && !subTest.specifyNICAddr { s.SetRouteTable([]tcpip.Route{ - tcpip.Route{ + { Destination: header.IPv6EmptySubnet, NIC: nicID, }, - tcpip.Route{ + { Destination: header.IPv4EmptySubnet, NIC: nicID, }, diff --git a/pkg/tcpip/transport/tcp/tcp_test.go b/pkg/tcpip/transport/tcp/tcp_test.go index 9fa4672d7..aeceee7e0 100644 --- a/pkg/tcpip/transport/tcp/tcp_test.go +++ b/pkg/tcpip/transport/tcp/tcp_test.go @@ -3461,7 +3461,7 @@ func TestRetransmitIPv4IDUniqueness(t *testing.T) { checker.TCPFlagsMatch(header.TCPFlagAck, ^uint8(header.TCPFlagPsh)), ), ) - idSet := map[uint16]struct{}{header.IPv4(pkt).ID(): struct{}{}} + idSet := map[uint16]struct{}{header.IPv4(pkt).ID(): {}} // Expect two retransmitted packets, and that all packets received have // unique IPv4 ID values. for i := 0; i <= 2; i++ { @@ -5698,16 +5698,14 @@ func TestListenBacklogFullSynCookieInUse(t *testing.T) { t.Fatalf("Bind failed: %s", err) } - // Test acceptance. // Start listening. listenBacklog := 1 - portOffset := uint16(0) if err := c.EP.Listen(listenBacklog); err != nil { t.Fatalf("Listen failed: %s", err) } - executeHandshake(t, c, context.TestPort+portOffset, false) - portOffset++ + executeHandshake(t, c, context.TestPort, false) + // Wait for this to be delivered to the accept queue. time.Sleep(50 * time.Millisecond) diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index d7afd3dc1..d37528ee7 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -75,12 +75,14 @@ import ( "gvisor.dev/gvisor/runsc/specutils" "gvisor.dev/gvisor/runsc/specutils/seccomp" - // Include supported socket providers. + // Top-level inet providers. "gvisor.dev/gvisor/pkg/sentry/socket/hostinet" + "gvisor.dev/gvisor/pkg/sentry/socket/netstack" + + // Include other supported socket providers. _ "gvisor.dev/gvisor/pkg/sentry/socket/netlink" _ "gvisor.dev/gvisor/pkg/sentry/socket/netlink/route" _ "gvisor.dev/gvisor/pkg/sentry/socket/netlink/uevent" - "gvisor.dev/gvisor/pkg/sentry/socket/netstack" _ "gvisor.dev/gvisor/pkg/sentry/socket/unix" ) diff --git a/runsc/cgroup/cgroup.go b/runsc/cgroup/cgroup.go index e5294de55..13c6a16a0 100644 --- a/runsc/cgroup/cgroup.go +++ b/runsc/cgroup/cgroup.go @@ -41,22 +41,22 @@ const ( ) var controllers = map[string]config{ - "blkio": config{ctrlr: &blockIO{}}, - "cpu": config{ctrlr: &cpu{}}, - "cpuset": config{ctrlr: &cpuSet{}}, - "hugetlb": config{ctrlr: &hugeTLB{}, optional: true}, - "memory": config{ctrlr: &memory{}}, - "net_cls": config{ctrlr: &networkClass{}}, - "net_prio": config{ctrlr: &networkPrio{}}, - "pids": config{ctrlr: &pids{}}, + "blkio": {ctrlr: &blockIO{}}, + "cpu": {ctrlr: &cpu{}}, + "cpuset": {ctrlr: &cpuSet{}}, + "hugetlb": {ctrlr: &hugeTLB{}, optional: true}, + "memory": {ctrlr: &memory{}}, + "net_cls": {ctrlr: &networkClass{}}, + "net_prio": {ctrlr: &networkPrio{}}, + "pids": {ctrlr: &pids{}}, // These controllers either don't have anything in the OCI spec or is // irrelevant for a sandbox. - "devices": config{ctrlr: &noop{}}, - "freezer": config{ctrlr: &noop{}}, - "perf_event": config{ctrlr: &noop{}}, - "rdma": config{ctrlr: &noop{}, optional: true}, - "systemd": config{ctrlr: &noop{}}, + "devices": {ctrlr: &noop{}}, + "freezer": {ctrlr: &noop{}}, + "perf_event": {ctrlr: &noop{}}, + "rdma": {ctrlr: &noop{}, optional: true}, + "systemd": {ctrlr: &noop{}}, } func setOptionalValueInt(path, name string, val *int64) error { @@ -371,6 +371,7 @@ func (c *Cgroup) Join() (func(), error) { return undo, nil } +// CPUQuota returns the CFS CPU quota. func (c *Cgroup) CPUQuota() (float64, error) { path := c.makePath("cpu") quota, err := getInt(path, "cpu.cfs_quota_us") diff --git a/runsc/cmd/syscalls.go b/runsc/cmd/syscalls.go index a37d66139..a8c83d662 100644 --- a/runsc/cmd/syscalls.go +++ b/runsc/cmd/syscalls.go @@ -147,7 +147,7 @@ func getCompatibilityInfo(osName string, archName string) (CompatibilityInfo, er info := CompatibilityInfo(make(map[string]map[string]ArchInfo)) if osName == osAll { // Special processing for the 'all' OS name. - for osName, _ := range syscallTableMap { + for osName := range syscallTableMap { info[osName] = make(map[string]ArchInfo) // osName is a specific OS name. if err := addToCompatibilityInfo(info, osName, archName); err != nil { @@ -171,7 +171,7 @@ func getCompatibilityInfo(osName string, archName string) (CompatibilityInfo, er func addToCompatibilityInfo(info CompatibilityInfo, osName string, archName string) error { if archName == archAll { // Special processing for the 'all' architecture name. - for archName, _ := range syscallTableMap[osName] { + for archName := range syscallTableMap[osName] { archInfo, err := getArchInfo(osName, archName) if err != nil { return err diff --git a/runsc/container/container.go b/runsc/container/container.go index 8b78660f7..5a0f8d5dc 100644 --- a/runsc/container/container.go +++ b/runsc/container/container.go @@ -983,6 +983,7 @@ func (c *Container) changeStatus(s Status) { c.Status = s } +// IsSandboxRunning returns true if the sandbox exists and is running. func (c *Container) IsSandboxRunning() bool { return c.Sandbox != nil && c.Sandbox.IsRunning() } diff --git a/runsc/flag/flag.go b/runsc/flag/flag.go index 775325c06..f921a8107 100644 --- a/runsc/flag/flag.go +++ b/runsc/flag/flag.go @@ -19,8 +19,10 @@ import ( "flag" ) +// FlagSet is an alias for flag.FlagSet. type FlagSet = flag.FlagSet +// Aliases for flag functions. var ( Bool = flag.Bool CommandLine = flag.CommandLine @@ -32,6 +34,7 @@ var ( Var = flag.Var ) +// ContinueOnError is an alias for flag.ContinueOnError. const ContinueOnError = flag.ContinueOnError // Get returns the flag's underlying object. diff --git a/runsc/fsgofer/fsgofer.go b/runsc/fsgofer/fsgofer.go index 3d94ffeb4..c3bba0973 100644 --- a/runsc/fsgofer/fsgofer.go +++ b/runsc/fsgofer/fsgofer.go @@ -758,15 +758,15 @@ func (l *localFile) SetAttr(valid p9.SetAttrMask, attr p9.SetAttr) error { // utimensat operates different that other syscalls. To operate on a // symlink it *requires* AT_SYMLINK_NOFOLLOW with dirFD and a non-empty // name. - parent, err := unix.Open(path.Dir(l.hostPath), openFlags|unix.O_PATH, 0) - if err != nil { - return extractErrno(err) + parent, oErr := unix.Open(path.Dir(l.hostPath), openFlags|unix.O_PATH, 0) + if oErr != nil { + return extractErrno(oErr) } defer unix.Close(parent) - if terr := utimensat(parent, path.Base(l.hostPath), utimes, linux.AT_SYMLINK_NOFOLLOW); terr != nil { - log.Debugf("SetAttr utimens failed %q, err: %v", l.hostPath, terr) - err = extractErrno(terr) + if tErr := utimensat(parent, path.Base(l.hostPath), utimes, linux.AT_SYMLINK_NOFOLLOW); tErr != nil { + log.Debugf("SetAttr utimens failed %q, err: %v", l.hostPath, tErr) + err = extractErrno(tErr) } } else { // Directories and regular files can operate directly on the fd @@ -787,9 +787,9 @@ func (l *localFile) SetAttr(valid p9.SetAttrMask, attr p9.SetAttr) error { if valid.GID { gid = int(attr.GID) } - if oerr := unix.Fchownat(f.FD(), "", uid, gid, linux.AT_EMPTY_PATH|linux.AT_SYMLINK_NOFOLLOW); oerr != nil { - log.Debugf("SetAttr fchownat failed %q, err: %v", l.hostPath, oerr) - err = extractErrno(oerr) + if oErr := unix.Fchownat(f.FD(), "", uid, gid, linux.AT_EMPTY_PATH|linux.AT_SYMLINK_NOFOLLOW); oErr != nil { + log.Debugf("SetAttr fchownat failed %q, err: %v", l.hostPath, oErr) + err = extractErrno(oErr) } } diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go index cfee9e63d..266bc0bdc 100644 --- a/runsc/sandbox/sandbox.go +++ b/runsc/sandbox/sandbox.go @@ -719,6 +719,8 @@ func (s *Sandbox) createSandboxProcess(conf *config.Config, args *Args, startSyn nextFD++ } + _ = nextFD // All FD assignment is finished. + if args.Attached { // Kill sandbox if parent process exits in attached mode. cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL diff --git a/shim/v1/cli/cli.go b/shim/v1/cli/cli.go index 1a502eabd..cdf60cc2e 100644 --- a/shim/v1/cli/cli.go +++ b/shim/v1/cli/cli.go @@ -164,7 +164,6 @@ func serve(server *ttrpc.Server, path string) error { ) if path == "" { l, err = net.FileListener(os.NewFile(3, "socket")) - path = "[inherited from parent]" } else { if len(path) > 106 { return fmt.Errorf("%q: unix socket path too long (> 106)", path) diff --git a/test/benchmarks/base/sysbench_test.go b/test/benchmarks/base/sysbench_test.go index 80569687c..d0f3f9261 100644 --- a/test/benchmarks/base/sysbench_test.go +++ b/test/benchmarks/base/sysbench_test.go @@ -31,7 +31,7 @@ type testCase struct { // BenchmarSysbench runs sysbench on the runtime. func BenchmarkSysbench(b *testing.B) { testCases := []testCase{ - testCase{ + { name: "CPU", test: &tools.SysbenchCPU{ SysbenchBase: tools.SysbenchBase{ @@ -39,7 +39,7 @@ func BenchmarkSysbench(b *testing.B) { }, }, }, - testCase{ + { name: "Memory", test: &tools.SysbenchMemory{ SysbenchBase: tools.SysbenchBase{ @@ -47,7 +47,7 @@ func BenchmarkSysbench(b *testing.B) { }, }, }, - testCase{ + { name: "Mutex", test: &tools.SysbenchMutex{ SysbenchBase: tools.SysbenchBase{ diff --git a/test/benchmarks/fs/fio_test.go b/test/benchmarks/fs/fio_test.go index 83b8376a5..242374e2c 100644 --- a/test/benchmarks/fs/fio_test.go +++ b/test/benchmarks/fs/fio_test.go @@ -32,37 +32,37 @@ import ( // caches can be dropped. func BenchmarkFio(b *testing.B) { testCases := []tools.Fio{ - tools.Fio{ + { Test: "write", Size: b.N, BlockSize: 4, IODepth: 4, }, - tools.Fio{ + { Test: "write", Size: b.N, BlockSize: 1024, IODepth: 4, }, - tools.Fio{ + { Test: "read", Size: b.N, BlockSize: 4, IODepth: 4, }, - tools.Fio{ + { Test: "read", Size: b.N, BlockSize: 1024, IODepth: 4, }, - tools.Fio{ + { Test: "randwrite", Size: b.N, BlockSize: 4, IODepth: 4, }, - tools.Fio{ + { Test: "randread", Size: b.N, BlockSize: 4, diff --git a/test/cmd/test_app/fds.go b/test/cmd/test_app/fds.go index d4354f0d3..9b5f7231a 100644 --- a/test/cmd/test_app/fds.go +++ b/test/cmd/test_app/fds.go @@ -89,7 +89,7 @@ func (fds *fdSender) Execute(ctx context.Context, f *flag.FlagSet, args ...inter w := s.Writer(true) w.ControlMessage.PackFDs(int(fileToSend.Fd())) - if _, err := w.WriteVec([][]byte{[]byte{'a'}}); err != nil { + if _, err := w.WriteVec([][]byte{{'a'}}); err != nil { log.Fatalf("Error sending FD %q over socket %q: %v", fileToSend.Fd(), fds.socketPath, err) } diff --git a/test/iptables/filter_input.go b/test/iptables/filter_input.go index b45d448b8..37a1a6694 100644 --- a/test/iptables/filter_input.go +++ b/test/iptables/filter_input.go @@ -328,6 +328,7 @@ func (FilterInputRequireProtocolUDP) ContainerAction(ctx context.Context, ip net return nil } +// LocalAction implements TestCase.LocalAction. func (FilterInputRequireProtocolUDP) LocalAction(ctx context.Context, ip net.IP, ipv6 bool) error { // No-op. return nil diff --git a/test/iptables/nat.go b/test/iptables/nat.go index b98d99fb8..495241482 100644 --- a/test/iptables/nat.go +++ b/test/iptables/nat.go @@ -621,24 +621,24 @@ func listenForRedirectedConn(ctx context.Context, ipv6 bool, originalDsts []net. } } return fmt.Errorf("SO_ORIGINAL_DST returned %+v, but wanted one of %+v (note: port numbers are in network byte order)", got, originalDsts) - } else { - got, err := originalDestination4(connFD) - if err != nil { - return err + } + + got, err := originalDestination4(connFD) + if err != nil { + return err + } + // The original destination could be any of our IPs. + for _, dst := range originalDsts { + want := syscall.RawSockaddrInet4{ + Family: syscall.AF_INET, + Port: htons(dropPort), } - // The original destination could be any of our IPs. - for _, dst := range originalDsts { - want := syscall.RawSockaddrInet4{ - Family: syscall.AF_INET, - Port: htons(dropPort), - } - copy(want.Addr[:], dst.To4()) - if got == want { - return nil - } + copy(want.Addr[:], dst.To4()) + if got == want { + return nil } - return fmt.Errorf("SO_ORIGINAL_DST returned %+v, but wanted one of %+v (note: port numbers are in network byte order)", got, originalDsts) } + return fmt.Errorf("SO_ORIGINAL_DST returned %+v, but wanted one of %+v (note: port numbers are in network byte order)", got, originalDsts) } // loopbackTests runs an iptables rule and ensures that packets sent to diff --git a/test/packetimpact/netdevs/netdevs_test.go b/test/packetimpact/netdevs/netdevs_test.go index 24ad12198..379386980 100644 --- a/test/packetimpact/netdevs/netdevs_test.go +++ b/test/packetimpact/netdevs/netdevs_test.go @@ -63,7 +63,7 @@ func TestParseDevices(t *testing.T) { inet6 fe80::42:daff:fe33:130a/64 scope link tentative valid_lft forever preferred_lft forever`, want: map[string]DeviceInfo{ - "lo": DeviceInfo{ + "lo": { ID: 1, MAC: mustParseMAC("00:00:00:00:00:00"), IPv4Addr: net.IPv4(127, 0, 0, 1), @@ -77,7 +77,7 @@ func TestParseDevices(t *testing.T) { Mask: net.CIDRMask(128, 128), }, }, - "eth0": DeviceInfo{ + "eth0": { ID: 2613, MAC: mustParseMAC("02:42:c0:a8:09:02"), IPv4Addr: net.IPv4(192, 168, 9, 2), @@ -91,7 +91,7 @@ func TestParseDevices(t *testing.T) { Mask: net.CIDRMask(64, 128), }, }, - "eth1": DeviceInfo{ + "eth1": { ID: 2617, MAC: mustParseMAC("02:42:da:33:13:0a"), IPv4Addr: net.IPv4(218, 51, 19, 10), @@ -105,7 +105,7 @@ func TestParseDevices(t *testing.T) { Mask: net.CIDRMask(64, 128), }, }, - "eth2": DeviceInfo{ + "eth2": { ID: 2615, MAC: mustParseMAC("02:42:df:f5:e1:0a"), IPv4Addr: net.IPv4(223, 245, 225, 10), @@ -129,7 +129,7 @@ func TestParseDevices(t *testing.T) { inet 192.168.9.2/24 brd 192.168.9.255 scope global eth0 valid_lft forever preferred_lft forever`, want: map[string]DeviceInfo{ - "eth0": DeviceInfo{ + "eth0": { ID: 2613, MAC: mustParseMAC("02:42:c0:a8:09:02"), IPv4Addr: net.IPv4(192, 168, 9, 2), @@ -148,7 +148,7 @@ func TestParseDevices(t *testing.T) { inet6 fe80::42:dfff:fef5:e10a/64 scope link tentative valid_lft forever preferred_lft forever`, want: map[string]DeviceInfo{ - "eth2": DeviceInfo{ + "eth2": { ID: 2615, MAC: mustParseMAC("02:42:df:f5:e1:0a"), IPv6Addr: net.ParseIP("fe80::42:dfff:fef5:e10a"), diff --git a/test/packetimpact/tests/udp_icmp_error_propagation_test.go b/test/packetimpact/tests/udp_icmp_error_propagation_test.go index cd4523e88..58d49d31a 100644 --- a/test/packetimpact/tests/udp_icmp_error_propagation_test.go +++ b/test/packetimpact/tests/udp_icmp_error_propagation_test.go @@ -220,12 +220,12 @@ func TestUDPICMPErrorPropagation(t *testing.T) { wantErrno := wantErrno(connect, icmpErr) for _, errDetect := range []errorDetection{ - errorDetection{"SendTo", false, testSendTo}, + {"SendTo", false, testSendTo}, // Send to an address that's different from the one that caused an ICMP // error to be returned. - errorDetection{"SendToValid", true, testSendTo}, - errorDetection{"Recv", false, testRecv}, - errorDetection{"SockOpt", false, testSockOpt}, + {"SendToValid", true, testSendTo}, + {"Recv", false, testRecv}, + {"SockOpt", false, testSockOpt}, } { t.Run(fmt.Sprintf("%s/%s/%s", connect, icmpErr, errDetect.name), func(t *testing.T) { dut := testbench.NewDUT(t) diff --git a/test/root/crictl_test.go b/test/root/crictl_test.go index df52dd381..863b98d0f 100644 --- a/test/root/crictl_test.go +++ b/test/root/crictl_test.go @@ -128,22 +128,22 @@ func TestCrictlSanity(t *testing.T) { // mounts. var HttpdMountPaths = SimpleSpec("httpd", "basic/httpd", nil, map[string]interface{}{ "mounts": []map[string]interface{}{ - map[string]interface{}{ + { "container_path": "/var/run/secrets/kubernetes.io/serviceaccount", "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064/volumes/kubernetes.io~secret/default-token-2rpfx", "readonly": true, }, - map[string]interface{}{ + { "container_path": "/etc/hosts", "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064/etc-hosts", "readonly": false, }, - map[string]interface{}{ + { "container_path": "/dev/termination-log", "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064/containers/httpd/d1709580", "readonly": false, }, - map[string]interface{}{ + { "container_path": "/usr/local/apache2/htdocs/test", "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064", "readonly": true, diff --git a/test/runner/gtest/gtest.go b/test/runner/gtest/gtest.go index e4445e01b..38e57d62f 100644 --- a/test/runner/gtest/gtest.go +++ b/test/runner/gtest/gtest.go @@ -91,7 +91,7 @@ func ParseTestCases(testBin string, benchmarks bool, extraArgs ...string) ([]Tes // return something that will run the binary with no // flags, which should execute all tests. return []TestCase{ - TestCase{ + { Suite: "Default", Name: "All", all: true, diff --git a/test/syscalls/linux/inotify.cc b/test/syscalls/linux/inotify.cc index e4392a450..8137f0e29 100644 --- a/test/syscalls/linux/inotify.cc +++ b/test/syscalls/linux/inotify.cc @@ -1703,6 +1703,45 @@ TEST(Inotify, Fallocate) { EXPECT_THAT(events, Are({Event(IN_MODIFY, wd)})); } +TEST(Inotify, Utimensat) { + SKIP_IF(IsRunningWithVFS1()); + + const TempPath file = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile()); + const FileDescriptor fd = + ASSERT_NO_ERRNO_AND_VALUE(Open(file.path(), O_RDWR)); + + const FileDescriptor inotify_fd = + ASSERT_NO_ERRNO_AND_VALUE(InotifyInit1(IN_NONBLOCK)); + const int wd = ASSERT_NO_ERRNO_AND_VALUE( + InotifyAddWatch(inotify_fd.get(), file.path(), IN_ALL_EVENTS)); + + // Just update the access time. + struct timespec times[2] = {}; + times[0].tv_nsec = UTIME_NOW; + times[1].tv_nsec = UTIME_OMIT; + ASSERT_THAT(RetryEINTR(utimensat)(AT_FDCWD, file.path().c_str(), times, 0), + SyscallSucceeds()); + std::vector<Event> events = + ASSERT_NO_ERRNO_AND_VALUE(DrainEvents(inotify_fd.get())); + EXPECT_THAT(events, Are({Event(IN_ACCESS, wd)})); + + // Just the modify time. + times[0].tv_nsec = UTIME_OMIT; + times[1].tv_nsec = UTIME_NOW; + ASSERT_THAT(utimensat(AT_FDCWD, file.path().c_str(), times, 0), + SyscallSucceeds()); + events = ASSERT_NO_ERRNO_AND_VALUE(DrainEvents(inotify_fd.get())); + EXPECT_THAT(events, Are({Event(IN_MODIFY, wd)})); + + // Both together. + times[0].tv_nsec = UTIME_NOW; + times[1].tv_nsec = UTIME_NOW; + ASSERT_THAT(utimensat(AT_FDCWD, file.path().c_str(), times, 0), + SyscallSucceeds()); + events = ASSERT_NO_ERRNO_AND_VALUE(DrainEvents(inotify_fd.get())); + EXPECT_THAT(events, Are({Event(IN_ATTRIB, wd)})); +} + TEST(Inotify, Sendfile) { SKIP_IF(IsRunningWithVFS1()); diff --git a/tools/checkescape/checkescape.go b/tools/checkescape/checkescape.go index 011b8fee8..8eeabbc3d 100644 --- a/tools/checkescape/checkescape.go +++ b/tools/checkescape/checkescape.go @@ -404,27 +404,27 @@ func loadObjdump() (map[string][]string, error) { // This is because some of the functions (duffzero) may have // jump targets in the middle of the function itself. funcsAllowed := map[string]struct{}{ - "runtime.duffzero": struct{}{}, - "runtime.duffcopy": struct{}{}, - "runtime.racefuncenter": struct{}{}, - "runtime.gcWriteBarrier": struct{}{}, - "runtime.retpolineAX": struct{}{}, - "runtime.retpolineBP": struct{}{}, - "runtime.retpolineBX": struct{}{}, - "runtime.retpolineCX": struct{}{}, - "runtime.retpolineDI": struct{}{}, - "runtime.retpolineDX": struct{}{}, - "runtime.retpolineR10": struct{}{}, - "runtime.retpolineR11": struct{}{}, - "runtime.retpolineR12": struct{}{}, - "runtime.retpolineR13": struct{}{}, - "runtime.retpolineR14": struct{}{}, - "runtime.retpolineR15": struct{}{}, - "runtime.retpolineR8": struct{}{}, - "runtime.retpolineR9": struct{}{}, - "runtime.retpolineSI": struct{}{}, - "runtime.stackcheck": struct{}{}, - "runtime.settls": struct{}{}, + "runtime.duffzero": {}, + "runtime.duffcopy": {}, + "runtime.racefuncenter": {}, + "runtime.gcWriteBarrier": {}, + "runtime.retpolineAX": {}, + "runtime.retpolineBP": {}, + "runtime.retpolineBX": {}, + "runtime.retpolineCX": {}, + "runtime.retpolineDI": {}, + "runtime.retpolineDX": {}, + "runtime.retpolineR10": {}, + "runtime.retpolineR11": {}, + "runtime.retpolineR12": {}, + "runtime.retpolineR13": {}, + "runtime.retpolineR14": {}, + "runtime.retpolineR15": {}, + "runtime.retpolineR8": {}, + "runtime.retpolineR9": {}, + "runtime.retpolineSI": {}, + "runtime.stackcheck": {}, + "runtime.settls": {}, } addrsAllowed := make(map[string]struct{}) diff --git a/tools/github/nogo/nogo.go b/tools/github/nogo/nogo.go index 27ab1b8eb..894a0e7c3 100644 --- a/tools/github/nogo/nogo.go +++ b/tools/github/nogo/nogo.go @@ -84,7 +84,7 @@ func (p *FindingsPoster) Walk(paths []string) error { func (p *FindingsPoster) Post() error { // Just show results? if p.dryRun { - for finding, _ := range p.findings { + for finding := range p.findings { // Pretty print, so that this is useful for debugging. fmt.Printf("%s: (%s+%d) %s\n", finding.Category, finding.Position.Filename, finding.Position.Line, finding.Message) } @@ -114,7 +114,7 @@ func (p *FindingsPoster) Post() error { }, } annotationLevel := "failure" // Always. - for finding, _ := range p.findings { + for finding := range p.findings { title := string(finding.Category) opts.Output.Annotations = append(opts.Output.Annotations, &github.CheckRunAnnotation{ Path: &finding.Position.Filename, diff --git a/tools/go_generics/tests/all_stmts/input.go b/tools/go_generics/tests/all_stmts/input.go index 4791d1ff1..7ebe7c40e 100644 --- a/tools/go_generics/tests/all_stmts/input.go +++ b/tools/go_generics/tests/all_stmts/input.go @@ -118,8 +118,10 @@ R: _ = v } else if T := T(0); T != 1 { T++ + _ = T } else { T-- + _ = T } if a := T(0); a != T(1) { diff --git a/tools/go_generics/tests/all_stmts/output.go b/tools/go_generics/tests/all_stmts/output.go index a53d84535..a33944d85 100644 --- a/tools/go_generics/tests/all_stmts/output.go +++ b/tools/go_generics/tests/all_stmts/output.go @@ -116,8 +116,10 @@ R: _ = v } else if T := Q(0); T != 1 { T++ + _ = T } else { T-- + _ = T } if a := Q(0); a != Q(1) { diff --git a/tools/go_generics/tests/all_types/lib/lib.go b/tools/go_generics/tests/all_types/lib/lib.go index 988786496..99edb371f 100644 --- a/tools/go_generics/tests/all_types/lib/lib.go +++ b/tools/go_generics/tests/all_types/lib/lib.go @@ -14,4 +14,5 @@ package lib +// T is a test type. type T int32 diff --git a/tools/go_marshal/analysis/analysis_unsafe.go b/tools/go_marshal/analysis/analysis_unsafe.go index cd55cf5cb..7a3d6bbea 100644 --- a/tools/go_marshal/analysis/analysis_unsafe.go +++ b/tools/go_marshal/analysis/analysis_unsafe.go @@ -81,7 +81,7 @@ func RandomizeValue(x interface{}) { // This is used for zeroing padding fields after calling RandomizeValue. func reflectZeroPaddingFields(r reflect.Type, data []byte, zero bool) { if zero { - for i, _ := range data { + for i := range data { data[i] = 0 } } diff --git a/tools/go_marshal/gomarshal/generator.go b/tools/go_marshal/gomarshal/generator.go index 28ae6c4ef..fa642c88a 100644 --- a/tools/go_marshal/gomarshal/generator.go +++ b/tools/go_marshal/gomarshal/generator.go @@ -148,7 +148,7 @@ func (g *Generator) writeTypeChecks(ms map[string]struct{}) error { } msl := make([]string, 0, len(ms)) - for m, _ := range ms { + for m := range ms { msl = append(msl, m) } sort.Strings(msl) diff --git a/tools/go_marshal/gomarshal/generator_interfaces_struct.go b/tools/go_marshal/gomarshal/generator_interfaces_struct.go index fe76d3785..5f6306b8f 100644 --- a/tools/go_marshal/gomarshal/generator_interfaces_struct.go +++ b/tools/go_marshal/gomarshal/generator_interfaces_struct.go @@ -38,7 +38,7 @@ func (g *interfaceGenerator) areFieldsPackedExpression() (string, bool) { } cs := make([]string, 0, len(g.as)) - for accessor, _ := range g.as { + for accessor := range g.as { cs = append(cs, fmt.Sprintf("%s.Packed()", accessor)) } // Sort expressions for determinstic build outputs. |