diff options
Diffstat (limited to 'test')
154 files changed, 1493 insertions, 492 deletions
diff --git a/test/e2e/integration_test.go b/test/e2e/integration_test.go index 1accc3b3b..9e22c9a7d 100644 --- a/test/e2e/integration_test.go +++ b/test/e2e/integration_test.go @@ -30,6 +30,7 @@ import ( "net/http" "os" "path/filepath" + "regexp" "strconv" "strings" "testing" @@ -43,6 +44,12 @@ import ( // defaultWait is the default wait time used for tests. const defaultWait = time.Minute +func TestMain(m *testing.M) { + dockerutil.EnsureSupportedDockerVersion() + flag.Parse() + os.Exit(m.Run()) +} + // httpRequestSucceeds sends a request to a given url and checks that the status is OK. func httpRequestSucceeds(client http.Client, server string, port int) error { url := fmt.Sprintf("http://%s:%d", server, port) @@ -426,10 +433,10 @@ func TestTmpMount(t *testing.T) { // Test that it is allowed to mount a file on top of /dev files, e.g. // /dev/random. func TestMountOverDev(t *testing.T) { - if usingVFS2, err := dockerutil.UsingVFS2(); !usingVFS2 { - t.Skip("VFS1 doesn't allow /dev/random to be mounted.") - } else if err != nil { + if vfs2, err := dockerutil.UsingVFS2(); err != nil { t.Fatalf("Failed to read config for runtime %s: %v", dockerutil.Runtime(), err) + } else if !vfs2 { + t.Skip("VFS1 doesn't allow /dev/random to be mounted.") } random, err := ioutil.TempFile(testutil.TmpDir(), "random") @@ -574,11 +581,12 @@ func runIntegrationTest(t *testing.T, capAdd []string, args ...string) { d := dockerutil.MakeContainer(ctx, t) defer d.CleanUp(ctx) - if got, err := d.Run(ctx, dockerutil.RunOpts{ + opts := dockerutil.RunOpts{ Image: "basic/integrationtest", WorkDir: "/root", CapAdd: capAdd, - }, args...); err != nil { + } + if got, err := d.Run(ctx, opts, args...); err != nil { t.Fatalf("docker run failed: %v", err) } else if got != "" { t.Errorf("test failed:\n%s", got) @@ -609,8 +617,128 @@ func TestBindOverlay(t *testing.T) { } } -func TestMain(m *testing.M) { - dockerutil.EnsureSupportedDockerVersion() - flag.Parse() - os.Exit(m.Run()) +func TestStdios(t *testing.T) { + if vfs2, err := dockerutil.UsingVFS2(); err != nil { + t.Fatalf("Failed to read config for runtime %s: %v", dockerutil.Runtime(), err) + } else if !vfs2 { + t.Skip("VFS1 doesn't adjust stdios user") + } + + ctx := context.Background() + d := dockerutil.MakeContainer(ctx, t) + defer d.CleanUp(ctx) + + testStdios(t, func(user string, args ...string) (string, error) { + defer d.CleanUp(ctx) + opts := dockerutil.RunOpts{ + Image: "basic/alpine", + User: user, + } + return d.Run(ctx, opts, args...) + }) +} + +func TestStdiosExec(t *testing.T) { + if vfs2, err := dockerutil.UsingVFS2(); err != nil { + t.Fatalf("Failed to read config for runtime %s: %v", dockerutil.Runtime(), err) + } else if !vfs2 { + t.Skip("VFS1 doesn't adjust stdios user") + } + + ctx := context.Background() + d := dockerutil.MakeContainer(ctx, t) + defer d.CleanUp(ctx) + + runOpts := dockerutil.RunOpts{Image: "basic/alpine"} + if err := d.Spawn(ctx, runOpts, "sleep", "100"); err != nil { + t.Fatalf("docker run failed: %v", err) + } + + testStdios(t, func(user string, args ...string) (string, error) { + opts := dockerutil.ExecOpts{User: user} + return d.Exec(ctx, opts, args...) + }) +} + +func testStdios(t *testing.T, run func(string, ...string) (string, error)) { + const cmd = "stat -L /proc/self/fd/0 /proc/self/fd/1 /proc/self/fd/2 | grep 'Uid:'" + got, err := run("123", "/bin/sh", "-c", cmd) + if err != nil { + t.Fatalf("docker exec failed: %v", err) + } + if len(got) == 0 { + t.Errorf("Unexpected empty output from %q", cmd) + } + re := regexp.MustCompile(`Uid: \(\s*(\w+)\/.*\)`) + for _, line := range strings.SplitN(got, "\n", 3) { + t.Logf("stat -L: %s", line) + matches := re.FindSubmatch([]byte(line)) + if len(matches) != 2 { + t.Fatalf("wrong output format: %q: matches: %v", line, matches) + } + if want, got := "123", string(matches[1]); want != got { + t.Errorf("wrong user, want: %q, got: %q", want, got) + } + } + + // Check that stdout and stderr can be open and written to. This checks + // that ownership and permissions are correct inside gVisor. + got, err = run("456", "/bin/sh", "-c", "echo foobar | tee /proc/self/fd/1 > /proc/self/fd/2") + if err != nil { + t.Fatalf("docker run failed: %v", err) + } + t.Logf("echo foobar: %q", got) + // Check it repeats twice, once for stdout and once for stderr. + if want := "foobar\nfoobar\n"; want != got { + t.Errorf("Wrong echo output, want: %q, got: %q", want, got) + } + + // Check that timestamps can be changed. Setting timestamps require an extra + // write check _after_ the file was opened, and may fail if the underlying + // host file is not setup correctly. + if _, err := run("789", "touch", "/proc/self/fd/0", "/proc/self/fd/1", "/proc/self/fd/2"); err != nil { + t.Fatalf("docker run failed: %v", err) + } +} + +func TestStdiosChown(t *testing.T) { + if vfs2, err := dockerutil.UsingVFS2(); err != nil { + t.Fatalf("Failed to read config for runtime %s: %v", dockerutil.Runtime(), err) + } else if !vfs2 { + t.Skip("VFS1 doesn't adjust stdios user") + } + + ctx := context.Background() + d := dockerutil.MakeContainer(ctx, t) + defer d.CleanUp(ctx) + + opts := dockerutil.RunOpts{Image: "basic/alpine"} + if _, err := d.Run(ctx, opts, "chown", "123", "/proc/self/fd/0", "/proc/self/fd/1", "/proc/self/fd/2"); err != nil { + t.Fatalf("docker run failed: %v", err) + } +} + +func TestUnmount(t *testing.T) { + ctx := context.Background() + d := dockerutil.MakeContainer(ctx, t) + defer d.CleanUp(ctx) + + dir, err := ioutil.TempDir(testutil.TmpDir(), "sub-mount") + if err != nil { + t.Fatalf("TempDir(): %v", err) + } + opts := dockerutil.RunOpts{ + Image: "basic/alpine", + Privileged: true, // Required for umount + Mounts: []mount.Mount{ + { + Type: mount.TypeBind, + Source: dir, + Target: "/foo", + }, + }, + } + if _, err := d.Run(ctx, opts, "umount", "/foo"); err != nil { + t.Fatalf("docker run failed: %v", err) + } } diff --git a/test/fsstress/BUILD b/test/fsstress/BUILD index e74e7fff2..402445a7e 100644 --- a/test/fsstress/BUILD +++ b/test/fsstress/BUILD @@ -14,7 +14,11 @@ go_test( "manual", "local", ], - deps = ["//pkg/test/dockerutil"], + deps = [ + "//pkg/test/dockerutil", + "//pkg/test/testutil", + "@com_github_docker_docker//api/types/mount:go_default_library", + ], ) go_library( diff --git a/test/fsstress/fsstress_test.go b/test/fsstress/fsstress_test.go index d53c8f90d..d9513c42c 100644 --- a/test/fsstress/fsstress_test.go +++ b/test/fsstress/fsstress_test.go @@ -18,6 +18,8 @@ package fsstress import ( "context" "flag" + "fmt" + "io/ioutil" "math/rand" "os" "strconv" @@ -25,7 +27,9 @@ import ( "testing" "time" + "github.com/docker/docker/api/types/mount" "gvisor.dev/gvisor/pkg/test/dockerutil" + "gvisor.dev/gvisor/pkg/test/testutil" ) func init() { @@ -42,6 +46,7 @@ type config struct { operations string processes string target string + mounts []mount.Mount } func fsstress(t *testing.T, conf config) { @@ -52,8 +57,19 @@ func fsstress(t *testing.T, conf config) { const image = "basic/fsstress" seed := strconv.FormatUint(uint64(rand.Uint32()), 10) args := []string{"-d", conf.target, "-n", conf.operations, "-p", conf.processes, "-s", seed, "-X"} - t.Logf("Repro: docker run --rm --runtime=%s gvisor.dev/images/%s %s", dockerutil.Runtime(), image, strings.Join(args, " ")) - out, err := d.Run(ctx, dockerutil.RunOpts{Image: image}, args...) + opts := dockerutil.RunOpts{ + Image: image, + Mounts: conf.mounts, + } + var mounts string + if len(conf.mounts) > 0 { + mounts = " -v " + for _, m := range conf.mounts { + mounts += fmt.Sprintf("-v <any_dir>:%s", m.Target) + } + } + t.Logf("Repro: docker run --rm --runtime=%s%s gvisor.dev/images/%s %s", dockerutil.Runtime(), mounts, image, strings.Join(args, " ")) + out, err := d.Run(ctx, opts, args...) if err != nil { t.Fatalf("docker run failed: %v\noutput: %s", err, out) } @@ -64,6 +80,39 @@ func fsstress(t *testing.T, conf config) { } } +func TestFsstressGofer(t *testing.T) { + // This takes between 30-60s to run on my machine. Adjust as needed. + cfg := config{ + operations: "500", + processes: "20", + target: "/test", + } + fsstress(t, cfg) +} + +func TestFsstressGoferShared(t *testing.T) { + dir, err := ioutil.TempDir(testutil.TmpDir(), "fsstress") + if err != nil { + t.Fatalf("ioutil.TempDir() failed: %v", err) + } + defer os.RemoveAll(dir) + + // This takes between 30-60s to run on my machine. Adjust as needed. + cfg := config{ + operations: "500", + processes: "20", + target: "/test", + mounts: []mount.Mount{ + { + Source: dir, + Target: "/test", + Type: "bind", + }, + }, + } + fsstress(t, cfg) +} + func TestFsstressTmpfs(t *testing.T) { // This takes between 10s to run on my machine. Adjust as needed. cfg := config{ diff --git a/test/packetimpact/testbench/dut_client.go b/test/packetimpact/testbench/dut_client.go index 0fc3d97b4..3b69b28aa 100644 --- a/test/packetimpact/testbench/dut_client.go +++ b/test/packetimpact/testbench/dut_client.go @@ -12,6 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build go1.1 +// +build go1.1 + package testbench import ( diff --git a/test/perf/BUILD b/test/perf/BUILD index 08e04d8ad..4299f08d5 100644 --- a/test/perf/BUILD +++ b/test/perf/BUILD @@ -146,3 +146,17 @@ syscall_test( debug = False, test = "//test/perf/linux:write_benchmark", ) + +syscall_test( + size = "large", + debug = False, + test = "//test/perf/linux:verity_open_benchmark", + vfs1 = False, +) + +syscall_test( + size = "large", + debug = False, + test = "//test/perf/linux:verity_read_benchmark", + vfs1 = False, +) diff --git a/test/perf/linux/BUILD b/test/perf/linux/BUILD index 4511611ad..8a3216550 100644 --- a/test/perf/linux/BUILD +++ b/test/perf/linux/BUILD @@ -27,10 +27,10 @@ cc_binary( deps = [ gbenchmark, gtest, - "//test/syscalls/linux:socket_test_util", "//test/util:file_descriptor", "//test/util:logging", "//test/util:posix_error", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", "//test/util:thread_util", @@ -386,3 +386,41 @@ cc_binary( "//test/util:test_main", ], ) + +cc_binary( + name = "verity_open_benchmark", + testonly = 1, + srcs = [ + "verity_open_benchmark.cc", + ], + deps = [ + gbenchmark, + gtest, + "//test/util:capability_util", + "//test/util:fs_util", + "//test/util:logging", + "//test/util:temp_path", + "//test/util:test_main", + "//test/util:test_util", + "//test/util:verity_util", + ], +) + +cc_binary( + name = "verity_read_benchmark", + testonly = 1, + srcs = [ + "verity_read_benchmark.cc", + ], + deps = [ + gbenchmark, + gtest, + "//test/util:capability_util", + "//test/util:fs_util", + "//test/util:logging", + "//test/util:temp_path", + "//test/util:test_main", + "//test/util:test_util", + "//test/util:verity_util", + ], +) diff --git a/test/perf/linux/dup_benchmark.cc b/test/perf/linux/dup_benchmark.cc index fcf14368b..5d808d225 100644 --- a/test/perf/linux/dup_benchmark.cc +++ b/test/perf/linux/dup_benchmark.cc @@ -27,7 +27,6 @@ #include "test/util/temp_path.h" namespace gvisor { -namespace testing { namespace { @@ -53,5 +52,4 @@ BENCHMARK(BM_Dup)->Range(1, 1 << 15)->UseRealTime(); } // namespace -} // namespace testing } // namespace gvisor diff --git a/test/perf/linux/send_recv_benchmark.cc b/test/perf/linux/send_recv_benchmark.cc index d73e49523..2d443f54f 100644 --- a/test/perf/linux/send_recv_benchmark.cc +++ b/test/perf/linux/send_recv_benchmark.cc @@ -23,10 +23,10 @@ #include "gtest/gtest.h" #include "absl/synchronization/notification.h" #include "benchmark/benchmark.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/logging.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" @@ -80,6 +80,9 @@ void BM_Recvmsg(benchmark::State& state) { int64_t bytes_received = 0; for (auto ignored : state) { int n = recvmsg(recv_socket.get(), recv_msg.header(), 0); + if (n == -1 && errno == EINTR) { + continue; + } TEST_CHECK(n > 0); bytes_received += n; } @@ -108,6 +111,9 @@ void BM_Sendmsg(benchmark::State& state) { int64_t bytes_sent = 0; for (auto ignored : state) { int n = sendmsg(send_socket.get(), send_msg.header(), 0); + if (n == -1 && errno == EINTR) { + continue; + } TEST_CHECK(n > 0); bytes_sent += n; } @@ -137,6 +143,9 @@ void BM_Recvfrom(benchmark::State& state) { for (auto ignored : state) { int n = recvfrom(recv_socket.get(), recv_buffer, kMessageSize, 0, nullptr, nullptr); + if (n == -1 && errno == EINTR) { + continue; + } TEST_CHECK(n > 0); bytes_received += n; } @@ -166,6 +175,9 @@ void BM_Sendto(benchmark::State& state) { int64_t bytes_sent = 0; for (auto ignored : state) { int n = sendto(send_socket.get(), send_buffer, kMessageSize, 0, nullptr, 0); + if (n == -1 && errno == EINTR) { + continue; + } TEST_CHECK(n > 0); bytes_sent += n; } @@ -247,6 +259,9 @@ void BM_RecvmsgWithControlBuf(benchmark::State& state) { int64_t bytes_received = 0; for (auto ignored : state) { int n = recvmsg(recv_socket.get(), recv_msg.header(), 0); + if (n == -1 && errno == EINTR) { + continue; + } TEST_CHECK(n > 0); bytes_received += n; } @@ -316,7 +331,11 @@ void BM_SendmsgTCP(benchmark::State& state) { ScopedThread t([&recv_msg, &recv_socket, ¬ification] { while (!notification.HasBeenNotified()) { - TEST_CHECK(recvmsg(recv_socket.get(), recv_msg.header(), 0) >= 0); + int rc = recvmsg(recv_socket.get(), recv_msg.header(), 0); + if (rc == -1 && errno == EINTR) { + continue; + } + TEST_CHECK(rc >= 0); } }); diff --git a/test/perf/linux/verity_open_benchmark.cc b/test/perf/linux/verity_open_benchmark.cc new file mode 100644 index 000000000..026b6f101 --- /dev/null +++ b/test/perf/linux/verity_open_benchmark.cc @@ -0,0 +1,71 @@ +// Copyright 2021 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include <fcntl.h> +#include <stdlib.h> +#include <sys/mount.h> +#include <unistd.h> + +#include <memory> +#include <string> +#include <vector> + +#include "gtest/gtest.h" +#include "benchmark/benchmark.h" +#include "test/util/capability_util.h" +#include "test/util/fs_util.h" +#include "test/util/logging.h" +#include "test/util/temp_path.h" +#include "test/util/test_util.h" +#include "test/util/verity_util.h" + +namespace gvisor { +namespace testing { + +namespace { + +void BM_Open(benchmark::State& state) { + const int size = state.range(0); + std::vector<TempPath> cache; + std::vector<EnableTarget> targets; + + // Mount a tmpfs file system to be wrapped by a verity fs. + TempPath dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + TEST_CHECK(mount("", dir.path().c_str(), "tmpfs", 0, "") == 0); + + for (int i = 0; i < size; i++) { + auto path = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFileIn(dir.path())); + targets.emplace_back( + EnableTarget(std::string(Basename(path.path())), O_RDONLY)); + cache.emplace_back(std::move(path)); + } + + std::string verity_dir = + TEST_CHECK_NO_ERRNO_AND_VALUE(MountVerity(dir.path(), targets)); + + unsigned int seed = 1; + for (auto _ : state) { + const int chosen = rand_r(&seed) % size; + int fd = open(JoinPath(verity_dir, targets[chosen].path).c_str(), O_RDONLY); + TEST_CHECK(fd != -1); + close(fd); + } +} + +BENCHMARK(BM_Open)->Range(1, 128)->UseRealTime(); + +} // namespace + +} // namespace testing +} // namespace gvisor diff --git a/test/perf/linux/verity_read_benchmark.cc b/test/perf/linux/verity_read_benchmark.cc new file mode 100644 index 000000000..738b5ba45 --- /dev/null +++ b/test/perf/linux/verity_read_benchmark.cc @@ -0,0 +1,69 @@ +// Copyright 2021 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include <fcntl.h> +#include <stdlib.h> +#include <sys/mount.h> +#include <unistd.h> + +#include <memory> +#include <string> +#include <vector> + +#include "gtest/gtest.h" +#include "benchmark/benchmark.h" +#include "test/util/capability_util.h" +#include "test/util/fs_util.h" +#include "test/util/logging.h" +#include "test/util/temp_path.h" +#include "test/util/test_util.h" +#include "test/util/verity_util.h" + +namespace gvisor { +namespace testing { + +namespace { + +void BM_VerityRead(benchmark::State& state) { + const int size = state.range(0); + const std::string contents(size, 0); + + // Mount a tmpfs file system to be wrapped by a verity fs. + TempPath dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + TEST_CHECK(mount("", dir.path().c_str(), "tmpfs", 0, "") == 0); + + auto path = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFileWith( + dir.path(), contents, TempPath::kDefaultFileMode)); + std::string filename = std::string(Basename(path.path())); + + std::string verity_dir = TEST_CHECK_NO_ERRNO_AND_VALUE( + MountVerity(dir.path(), {EnableTarget(filename, O_RDONLY)})); + + FileDescriptor fd = + ASSERT_NO_ERRNO_AND_VALUE(Open(JoinPath(verity_dir, filename), O_RDONLY)); + std::vector<char> buf(size); + for (auto _ : state) { + TEST_CHECK(PreadFd(fd.get(), buf.data(), buf.size(), 0) == size); + } + + state.SetBytesProcessed(static_cast<int64_t>(size) * + static_cast<int64_t>(state.iterations())); +} + +BENCHMARK(BM_VerityRead)->Range(1, 1 << 26)->UseRealTime(); + +} // namespace + +} // namespace testing +} // namespace gvisor diff --git a/test/root/chroot_test.go b/test/root/chroot_test.go index 58fcd6f08..5114a9602 100644 --- a/test/root/chroot_test.go +++ b/test/root/chroot_test.go @@ -68,13 +68,15 @@ func TestChroot(t *testing.T) { if err != nil { t.Fatalf("error listing %q: %v", chroot, err) } - if want, got := 1, len(fi); want != got { + if want, got := 2, len(fi); want != got { t.Fatalf("chroot dir got %d entries, want %d", got, want) } - // chroot dir is prepared by runsc and should contains only /proc. - if fi[0].Name() != "proc" { - t.Errorf("chroot got children %v, want %v", fi[0].Name(), "proc") + // chroot dir is prepared by runsc and should contains only /etc and /proc. + for i, want := range []string{"etc", "proc"} { + if got := fi[i].Name(); got != want { + t.Errorf("chroot got child %v, want %v", got, want) + } } d.CleanUp(ctx) diff --git a/test/runner/defs.bzl b/test/runner/defs.bzl index 405e03832..05c75b130 100644 --- a/test/runner/defs.bzl +++ b/test/runner/defs.bzl @@ -135,6 +135,7 @@ def syscall_test( add_overlay = False, add_uds_tree = False, add_hostinet = False, + vfs1 = True, vfs2 = True, fuse = False, debug = True, @@ -148,6 +149,7 @@ def syscall_test( add_overlay: add an overlay test. add_uds_tree: add a UDS test. add_hostinet: add a hostinet test. + vfs1: enable VFS1 tests. Could be false only if vfs2 is true. vfs2: enable VFS2 support. fuse: enable FUSE support. debug: enable debug output. @@ -157,7 +159,7 @@ def syscall_test( if not tags: tags = [] - if vfs2 and not fuse: + if vfs2 and vfs1 and not fuse: # Generate a vfs1 plain test. Most testing will now be # biased towards vfs2, with only a single vfs1 case. _syscall_test( @@ -171,7 +173,7 @@ def syscall_test( **kwargs ) - if not fuse: + if vfs1 and not fuse: # Generate a native test if fuse is not required. _syscall_test( test = test, diff --git a/test/runner/setup_container/BUILD b/test/runner/setup_container/BUILD index 5b99d1de9..f879ef649 100644 --- a/test/runner/setup_container/BUILD +++ b/test/runner/setup_container/BUILD @@ -12,8 +12,8 @@ cc_binary( visibility = ["//test/runner:__subpackages__"], deps = [ "//test/syscalls/linux:socket_netlink_util", - "//test/syscalls/linux:socket_test_util", "//test/util:capability_util", "//test/util:posix_error", + "//test/util:socket_util", ], ) diff --git a/test/runner/setup_container/setup_container.cc b/test/runner/setup_container/setup_container.cc index 9a4e3fb8b..e6fae37e1 100644 --- a/test/runner/setup_container/setup_container.cc +++ b/test/runner/setup_container/setup_container.cc @@ -17,9 +17,9 @@ #include <unistd.h> #include "test/syscalls/linux/socket_netlink_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/runtimes/runner/lib/lib.go b/test/runtimes/runner/lib/lib.go index f2db5f9ea..d6b652897 100644 --- a/test/runtimes/runner/lib/lib.go +++ b/test/runtimes/runner/lib/lib.go @@ -152,7 +152,7 @@ func getTests(ctx context.Context, d *dockerutil.Container, lang, image string, return itests, nil } -// getBlacklist reads the exclude file and returns a set of test names to +// getExcludes reads the exclude file and returns a set of test names to // exclude. func getExcludes(excludeFile string) (map[string]struct{}, error) { excludes := make(map[string]struct{}) diff --git a/test/syscalls/BUILD b/test/syscalls/BUILD index 1257c0553..16c451786 100644 --- a/test/syscalls/BUILD +++ b/test/syscalls/BUILD @@ -331,6 +331,10 @@ syscall_test( ) syscall_test( + test = "//test/syscalls/linux:msgqueue_test", +) + +syscall_test( size = "medium", test = "//test/syscalls/linux:msync_test", ) @@ -738,6 +742,7 @@ syscall_test( ) syscall_test( + add_hostinet = True, test = "//test/syscalls/linux:socket_netdevice_test", ) @@ -883,6 +888,10 @@ syscall_test( ) syscall_test( + test = "//test/syscalls/linux:verity_symlink_test", +) + +syscall_test( add_overlay = True, test = "//test/syscalls/linux:sync_test", ) diff --git a/test/syscalls/linux/BUILD b/test/syscalls/linux/BUILD index 1bbcd8abb..3383495d0 100644 --- a/test/syscalls/linux/BUILD +++ b/test/syscalls/linux/BUILD @@ -1,4 +1,4 @@ -load("//tools:defs.bzl", "cc_binary", "cc_library", "default_net_util", "gbenchmark", "gtest", "select_arch", "select_system") +load("//tools:defs.bzl", "cc_binary", "cc_library", "gbenchmark", "gtest", "select_arch", "select_system") package( default_visibility = ["//:sandbox"], @@ -128,9 +128,9 @@ cc_library( srcs = ["socket_netlink_util.cc"], hdrs = ["socket_netlink_util.h"], deps = [ - ":socket_test_util", "//test/util:file_descriptor", "//test/util:posix_error", + "//test/util:socket_util", "@com_google_absl//absl/strings", ], ) @@ -146,36 +146,12 @@ cc_library( ) cc_library( - name = "socket_test_util", - testonly = 1, - srcs = [ - "socket_test_util.cc", - "socket_test_util_impl.cc", - ], - hdrs = ["socket_test_util.h"], - defines = select_system(), - deps = default_net_util() + [ - gtest, - "@com_google_absl//absl/memory", - "@com_google_absl//absl/strings", - "@com_google_absl//absl/strings:str_format", - "@com_google_absl//absl/time", - "@com_google_absl//absl/types:optional", - "//test/util:file_descriptor", - "//test/util:posix_error", - "//test/util:temp_path", - "//test/util:test_util", - "//test/util:thread_util", - ], -) - -cc_library( name = "unix_domain_socket_test_util", testonly = 1, srcs = ["unix_domain_socket_test_util.cc"], hdrs = ["unix_domain_socket_test_util.h"], deps = [ - ":socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/strings", gtest, "//test/util:test_util", @@ -188,7 +164,7 @@ cc_library( srcs = ["ip_socket_test_util.cc"], hdrs = ["ip_socket_test_util.h"], deps = [ - ":socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/strings", ], ) @@ -233,9 +209,9 @@ cc_binary( srcs = ["accept_bind.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -248,9 +224,9 @@ cc_binary( srcs = ["accept_bind_stream.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -349,8 +325,8 @@ cc_binary( srcs = ["bind.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -363,7 +339,7 @@ cc_binary( srcs = ["socket.cc"], linkstatic = 1, deps = [ - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:file_descriptor", "//test/util:temp_umask", @@ -378,9 +354,9 @@ cc_binary( srcs = ["socket_capability.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -479,6 +455,7 @@ cc_binary( "//test/util:cleanup", "//test/util:file_descriptor", "//test/util:fs_util", + "@com_google_absl//absl/cleanup", "@com_google_absl//absl/strings", gtest, "//test/util:logging", @@ -539,9 +516,9 @@ cc_binary( srcs = ["connect_external.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", "//test/util:fs_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -755,10 +732,10 @@ cc_binary( linkstatic = 1, deps = [ ":file_base", - ":socket_test_util", "//test/util:cleanup", "//test/util:eventfd_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/strings", "@com_google_absl//absl/time", gtest, @@ -801,12 +778,12 @@ cc_binary( srcs = ["fcntl.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:capability_util", "//test/util:cleanup", "//test/util:eventfd_util", "//test/util:file_descriptor", "//test/util:fs_util", + "//test/util:socket_util", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/flags:flag", "@com_google_absl//absl/memory", @@ -834,8 +811,8 @@ cc_binary( ], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/strings", "@com_google_absl//absl/time", gtest, @@ -1021,9 +998,9 @@ cc_binary( linkstatic = 1, deps = [ ":ip_socket_test_util", - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:signal_util", "//test/util:test_main", @@ -1065,9 +1042,9 @@ cc_binary( linkstatic = 1, deps = [ ":iptables_types", - ":socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -1083,9 +1060,9 @@ cc_binary( linkstatic = 1, deps = [ ":iptables_types", - ":socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -1464,10 +1441,10 @@ cc_binary( defines = select_system(), linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/base:endian", gtest, @@ -1482,10 +1459,10 @@ cc_binary( srcs = ["packet_socket.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/base:endian", gtest, @@ -1541,9 +1518,9 @@ cc_binary( srcs = select_system(linux = ["partial_bad_buffer.cc"]), linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", "//test/util:fs_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:posix_error", @@ -1576,8 +1553,8 @@ cc_binary( linkstatic = 1, deps = [ ":ip_socket_test_util", - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/algorithm:container", "@com_google_absl//absl/strings", "@com_google_absl//absl/types:optional", @@ -1774,6 +1751,7 @@ cc_binary( "//test/util:mount_util", "@com_google_absl//absl/container:node_hash_set", "@com_google_absl//absl/strings", + "@com_google_absl//absl/strings:str_format", "@com_google_absl//absl/synchronization", "@com_google_absl//absl/time", gtest, @@ -1795,10 +1773,10 @@ cc_binary( srcs = ["proc_net.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", "//test/util:fs_util", + "//test/util:socket_util", "@com_google_absl//absl/strings", "@com_google_absl//absl/time", gtest, @@ -1942,10 +1920,10 @@ cc_binary( srcs = ["raw_socket_hdrincl.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/base:endian", gtest, @@ -1961,10 +1939,10 @@ cc_binary( defines = select_system(), linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/base:core_headers", gtest, "//test/util:test_main", @@ -1978,10 +1956,10 @@ cc_binary( srcs = ["raw_socket_icmp.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", "//test/util:capability_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/base:core_headers", gtest, "//test/util:test_main", @@ -2011,8 +1989,8 @@ cc_binary( srcs = ["readahead.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:temp_path", "//test/util:test_main", @@ -2211,8 +2189,8 @@ cc_binary( srcs = ["sendfile_socket.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/strings", gtest, ":ip_socket_test_util", @@ -2390,11 +2368,12 @@ cc_library( "socket_generic.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/strings", "@com_google_absl//absl/strings:str_format", gtest, + "//test/util:capability_util", "//test/util:test_util", ], alwayslink = 1, @@ -2410,8 +2389,8 @@ cc_binary( deps = [ gtest, ":ip_socket_test_util", - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", "//test/util:thread_util", @@ -2426,8 +2405,8 @@ cc_library( srcs = ["socket_unix_dgram.cc"], hdrs = ["socket_unix_dgram.h"], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:test_util", @@ -2441,8 +2420,8 @@ cc_library( srcs = ["socket_unix_seqpacket.cc"], hdrs = ["socket_unix_seqpacket.h"], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:test_util", @@ -2460,7 +2439,7 @@ cc_library( "socket_ip_tcp_generic.h", ], deps = [ - ":socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/memory", "@com_google_absl//absl/time", gtest, @@ -2481,8 +2460,8 @@ cc_library( "socket_non_blocking.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_util", ], @@ -2499,8 +2478,8 @@ cc_library( "socket_unix_non_stream.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:memory_util", "//test/util:test_util", @@ -2519,8 +2498,8 @@ cc_library( ], deps = [ ":ip_socket_test_util", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_util", ], @@ -2538,7 +2517,7 @@ cc_library( ], deps = [ ":ip_socket_test_util", - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_util", ], @@ -2556,7 +2535,7 @@ cc_library( ], deps = [ ":ip_socket_test_util", - ":socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/memory", gtest, "//test/util:posix_error", @@ -2577,7 +2556,7 @@ cc_library( ], deps = [ ":ip_socket_test_util", - ":socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/memory", gtest, "//test/util:posix_error", @@ -2598,9 +2577,9 @@ cc_library( ], deps = [ ":socket_netlink_route_util", - ":socket_test_util", "//test/util:capability_util", "//test/util:cleanup", + "//test/util:socket_util", gtest, ], alwayslink = 1, @@ -2617,8 +2596,8 @@ cc_library( ], deps = [ ":socket_netlink_route_util", - ":socket_test_util", "//test/util:capability_util", + "//test/util:socket_util", gtest, ], alwayslink = 1, @@ -2635,7 +2614,7 @@ cc_library( ], deps = [ ":ip_socket_test_util", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_util", ], alwayslink = 1, @@ -2682,10 +2661,10 @@ cc_binary( linkstatic = 1, deps = [ ":socket_generic_test_cases", - ":socket_test_util", ":socket_unix_cmsg_test_cases", ":socket_unix_test_cases", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2700,8 +2679,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_non_blocking_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2714,10 +2693,10 @@ cc_binary( linkstatic = 1, deps = [ ":socket_non_stream_test_cases", - ":socket_test_util", ":socket_unix_dgram_test_cases", ":socket_unix_non_stream_test_cases", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2729,8 +2708,8 @@ cc_binary( srcs = ["socket_unix_dgram_non_blocking.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -2746,10 +2725,10 @@ cc_binary( linkstatic = 1, deps = [ ":socket_non_stream_test_cases", - ":socket_test_util", ":socket_unix_non_stream_test_cases", ":socket_unix_seqpacket_test_cases", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2761,8 +2740,8 @@ cc_binary( srcs = ["socket_unix_stream.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:test_main", @@ -2780,7 +2759,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_ip_tcp_generic_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2795,7 +2774,7 @@ cc_binary( linkstatic = 1, deps = [ ":ip_socket_test_util", - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -2812,7 +2791,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_generic_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2828,7 +2807,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_non_blocking_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2846,7 +2825,7 @@ cc_binary( ":socket_generic_test_cases", ":socket_ip_udp_test_cases", ":socket_non_stream_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2862,7 +2841,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_ipv4_udp_unbound_external_networking_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2878,7 +2857,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_ipv6_udp_unbound_external_networking_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2894,8 +2873,8 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_bind_to_device_util", - ":socket_test_util", "//test/util:capability_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -2913,8 +2892,8 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_bind_to_device_util", - ":socket_test_util", "//test/util:capability_util", + "//test/util:socket_util", "@com_google_absl//absl/container:node_hash_map", gtest, "//test/util:test_main", @@ -2933,8 +2912,8 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_bind_to_device_util", - ":socket_test_util", "//test/util:capability_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -2952,7 +2931,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_non_blocking_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2968,7 +2947,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_ipv4_udp_unbound_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2984,7 +2963,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_ipv6_udp_unbound_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -2999,7 +2978,7 @@ cc_binary( linkstatic = 1, deps = [ ":ip_socket_test_util", - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3017,7 +2996,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_ipv4_udp_unbound_netlink_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3033,7 +3012,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_ipv6_udp_unbound_netlink_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3048,7 +3027,7 @@ cc_binary( linkstatic = 1, deps = [ ":ip_socket_test_util", - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3065,8 +3044,8 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_netlink_route_util", - ":socket_test_util", "//test/util:capability_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3082,8 +3061,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_generic_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3098,8 +3077,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_non_blocking_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3114,10 +3093,10 @@ cc_binary( linkstatic = 1, deps = [ ":socket_generic_test_cases", - ":socket_test_util", ":socket_unix_cmsg_test_cases", ":socket_unix_test_cases", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3132,8 +3111,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_non_blocking_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3144,7 +3123,7 @@ cc_library( testonly = 1, hdrs = ["socket_inet_loopback_test_params.h"], deps = [ - ":socket_test_util", + "//test/util:socket_util", gtest, ], ) @@ -3157,8 +3136,8 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_inet_loopback_test_params", - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/memory", "@com_google_absl//absl/strings", "@com_google_absl//absl/time", @@ -3179,8 +3158,8 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_inet_loopback_test_params", - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/strings", gtest, "//test/util:posix_error", @@ -3198,7 +3177,7 @@ cc_binary( deps = [ ":socket_inet_loopback_test_params", ":socket_netlink_util", - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3212,8 +3191,8 @@ cc_binary( srcs = ["socket_netlink.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3228,10 +3207,10 @@ cc_binary( deps = [ ":socket_netlink_route_util", ":socket_netlink_util", - ":socket_test_util", "//test/util:capability_util", "//test/util:cleanup", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/strings:str_format", gtest, "//test/util:test_main", @@ -3246,8 +3225,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_netlink_util", - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3266,8 +3245,8 @@ cc_library( "socket_stream.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:test_util", @@ -3285,8 +3264,8 @@ cc_library( "socket_blocking.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:test_util", @@ -3306,8 +3285,8 @@ cc_library( "socket_unix.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/strings", gtest, "//test/util:test_util", @@ -3326,8 +3305,8 @@ cc_library( "socket_unix_cmsg.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/strings", gtest, "//test/util:test_util", @@ -3346,8 +3325,8 @@ cc_library( "socket_stream_blocking.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:test_util", @@ -3367,8 +3346,8 @@ cc_library( "socket_stream_nonblock.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_util", ], @@ -3385,8 +3364,8 @@ cc_library( "socket_non_stream_blocking.h", ], deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:test_util", @@ -3421,8 +3400,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_stream_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3437,8 +3416,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_stream_blocking_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3454,7 +3433,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_stream_blocking_test_cases", - ":socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3469,8 +3448,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_stream_nonblocking_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "//test/util:test_main", "//test/util:test_util", ], @@ -3482,8 +3461,8 @@ cc_binary( srcs = ["socket_unix_unbound_dgram.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3496,8 +3475,8 @@ cc_binary( srcs = ["socket_unix_unbound_abstract.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3510,8 +3489,8 @@ cc_binary( srcs = ["socket_unix_unbound_filesystem.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:file_descriptor", "//test/util:test_main", @@ -3528,8 +3507,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_blocking_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3546,7 +3525,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_blocking_test_cases", - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3562,8 +3541,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_non_stream_blocking_test_cases", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3580,7 +3559,7 @@ cc_binary( deps = [ ":ip_socket_test_util", ":socket_non_stream_blocking_test_cases", - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3595,10 +3574,10 @@ cc_binary( ], linkstatic = 1, deps = [ - ":socket_test_util", ":socket_unix_cmsg_test_cases", ":socket_unix_test_cases", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3611,8 +3590,8 @@ cc_binary( srcs = ["socket_unix_unbound_seqpacket.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3625,8 +3604,8 @@ cc_binary( srcs = ["socket_unix_unbound_stream.cc"], linkstatic = 1, deps = [ - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -3640,8 +3619,8 @@ cc_binary( linkstatic = 1, deps = [ ":socket_netlink_util", - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/base:endian", gtest, "//test/util:test_main", @@ -3723,6 +3702,23 @@ cc_binary( ) cc_binary( + name = "verity_symlink_test", + testonly = 1, + srcs = ["verity_symlink.cc"], + linkstatic = 1, + deps = [ + "//test/util:capability_util", + gtest, + "//test/util:fs_util", + "//test/util:mount_util", + "//test/util:temp_path", + "//test/util:test_main", + "//test/util:test_util", + "//test/util:verity_util", + ], +) + +cc_binary( name = "sync_test", testonly = 1, # Android does not support syncfs in r22. @@ -3781,8 +3777,8 @@ cc_binary( defines = select_system(), linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", "@com_google_absl//absl/time", gtest, "//test/util:posix_error", @@ -3892,7 +3888,7 @@ cc_binary( srcs = ["tuntap.cc"], linkstatic = 1, deps = [ - ":socket_test_util", + "//test/util:socket_util", gtest, ":socket_netlink_route_util", "//test/util:capability_util", @@ -3925,8 +3921,8 @@ cc_binary( linkstatic = 1, deps = [ ":ip_socket_test_util", - ":socket_test_util", ":unix_domain_socket_test_util", + "//test/util:socket_util", "@com_google_absl//absl/base:core_headers", "@com_google_absl//absl/strings:str_format", "@com_google_absl//absl/time", @@ -3945,8 +3941,8 @@ cc_binary( srcs = ["udp_bind.cc"], linkstatic = 1, deps = [ - ":socket_test_util", "//test/util:file_descriptor", + "//test/util:socket_util", gtest, "//test/util:test_main", "//test/util:test_util", @@ -4126,7 +4122,7 @@ cc_binary( srcs = ["network_namespace.cc"], linkstatic = 1, deps = [ - ":socket_test_util", + "//test/util:socket_util", gtest, "//test/util:capability_util", "//test/util:posix_error", @@ -4171,6 +4167,18 @@ cc_binary( ) cc_binary( + name = "msgqueue_test", + testonly = 1, + srcs = ["msgqueue.cc"], + linkstatic = 1, + deps = [ + "//test/util:temp_path", + "//test/util:test_main", + "//test/util:test_util", + ], +) + +cc_binary( name = "fadvise64_test", testonly = 1, srcs = ["fadvise64.cc"], diff --git a/test/syscalls/linux/accept_bind.cc b/test/syscalls/linux/accept_bind.cc index ba3747290..0d16d1d83 100644 --- a/test/syscalls/linux/accept_bind.cc +++ b/test/syscalls/linux/accept_bind.cc @@ -20,9 +20,9 @@ #include <vector> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/accept_bind_stream.cc b/test/syscalls/linux/accept_bind_stream.cc index 4857f160b..5f2b07105 100644 --- a/test/syscalls/linux/accept_bind_stream.cc +++ b/test/syscalls/linux/accept_bind_stream.cc @@ -19,9 +19,9 @@ #include <vector> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/bind.cc b/test/syscalls/linux/bind.cc index 9547c4ab2..8e1d00619 100644 --- a/test/syscalls/linux/bind.cc +++ b/test/syscalls/linux/bind.cc @@ -17,8 +17,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/chroot.cc b/test/syscalls/linux/chroot.cc index fab79d300..7e4626f03 100644 --- a/test/syscalls/linux/chroot.cc +++ b/test/syscalls/linux/chroot.cc @@ -20,16 +20,17 @@ #include <syscall.h> #include <unistd.h> +#include <algorithm> #include <string> #include <vector> #include "gmock/gmock.h" #include "gtest/gtest.h" +#include "absl/cleanup/cleanup.h" #include "absl/strings/str_cat.h" #include "absl/strings/str_split.h" #include "absl/strings/string_view.h" #include "test/util/capability_util.h" -#include "test/util/cleanup.h" #include "test/util/file_descriptor.h" #include "test/util/fs_util.h" #include "test/util/logging.h" @@ -46,13 +47,52 @@ namespace testing { namespace { +// Async-signal-safe conversion from integer to string, appending the string +// (including a terminating NUL) to buf, which is a buffer of size len bytes. +// Returns the number of bytes written, or 0 if the buffer is too small. +// +// Preconditions: 2 <= radix <= 16. +template <typename T> +size_t SafeItoa(T val, char* buf, size_t len, int radix) { + size_t n = 0; +#define _WRITE_OR_FAIL(c) \ + do { \ + if (len == 0) { \ + return 0; \ + } \ + buf[n] = (c); \ + n++; \ + len--; \ + } while (false) + if (val == 0) { + _WRITE_OR_FAIL('0'); + } else { + // Write digits in reverse order, then reverse them at the end. + bool neg = val < 0; + while (val != 0) { + // C/C++ define modulo such that the result is negative if exactly one of + // the dividend or divisor is negative, so this handles both positive and + // negative values. + char c = "fedcba9876543210123456789abcdef"[val % radix + 15]; + _WRITE_OR_FAIL(c); + val /= 10; + } + if (neg) { + _WRITE_OR_FAIL('-'); + } + std::reverse(buf, buf + n); + } + _WRITE_OR_FAIL('\0'); + return n; +#undef _WRITE_OR_FAIL +} + TEST(ChrootTest, Success) { SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_CHROOT))); + auto temp_dir = TempPath::CreateDir().ValueOrDie(); + const std::string temp_dir_path = temp_dir.path(); - const auto rest = [] { - auto temp_dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); - TEST_CHECK_SUCCESS(chroot(temp_dir.path().c_str())); - }; + const auto rest = [&] { TEST_CHECK_SUCCESS(chroot(temp_dir_path.c_str())); }; EXPECT_THAT(InForkedProcess(rest), IsPosixErrorOkAndHolds(0)); } @@ -101,28 +141,34 @@ TEST(ChrootTest, CreatesNewRoot) { SyscallSucceeds()); auto new_root = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + const std::string new_root_path = new_root.path(); auto file_in_new_root = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFileIn(new_root.path())); + const std::string file_in_new_root_path = file_in_new_root.path(); const auto rest = [&] { // chroot into new_root. - TEST_CHECK_SUCCESS(chroot(new_root.path().c_str())); + TEST_CHECK_SUCCESS(chroot(new_root_path.c_str())); // getcwd should return "(unreachable)" followed by the initial_cwd. - char cwd[1024]; - TEST_CHECK_SUCCESS(syscall(__NR_getcwd, cwd, sizeof(cwd))); - std::string expected_cwd = "(unreachable)"; - expected_cwd += initial_cwd; - TEST_CHECK(strcmp(cwd, expected_cwd.c_str()) == 0); + char buf[1024]; + TEST_CHECK_SUCCESS(syscall(__NR_getcwd, buf, sizeof(buf))); + constexpr char kUnreachablePrefix[] = "(unreachable)"; + TEST_CHECK( + strncmp(buf, kUnreachablePrefix, sizeof(kUnreachablePrefix) - 1) == 0); + TEST_CHECK(strcmp(buf + sizeof(kUnreachablePrefix) - 1, initial_cwd) == 0); // Should not be able to stat file by its full path. struct stat statbuf; - TEST_CHECK_ERRNO(stat(file_in_new_root.path().c_str(), &statbuf), ENOENT); + TEST_CHECK_ERRNO(stat(file_in_new_root_path.c_str(), &statbuf), ENOENT); // Should be able to stat file at new rooted path. - auto basename = std::string(Basename(file_in_new_root.path())); - auto rootedFile = "/" + basename; - TEST_CHECK_SUCCESS(stat(rootedFile.c_str(), &statbuf)); + buf[0] = '/'; + absl::string_view basename = Basename(file_in_new_root_path); + TEST_CHECK(basename.length() < (sizeof(buf) - 2)); + memcpy(buf + 1, basename.data(), basename.length()); + buf[basename.length() + 1] = '\0'; + TEST_CHECK_SUCCESS(stat(buf, &statbuf)); // Should be able to stat cwd at '.' even though it's outside root. TEST_CHECK_SUCCESS(stat(".", &statbuf)); @@ -131,8 +177,8 @@ TEST(ChrootTest, CreatesNewRoot) { TEST_CHECK_SUCCESS(chdir("/")); // getcwd should return "/". - TEST_CHECK_SUCCESS(syscall(__NR_getcwd, cwd, sizeof(cwd))); - TEST_CHECK_SUCCESS(strcmp(cwd, "/") == 0); + TEST_CHECK_SUCCESS(syscall(__NR_getcwd, buf, sizeof(buf))); + TEST_CHECK_SUCCESS(strcmp(buf, "/") == 0); // Statting '.', '..', '/', and '/..' all return the same dev and inode. struct stat statbuf_dot; @@ -160,10 +206,11 @@ TEST(ChrootTest, DotDotFromOpenFD) { auto fd = ASSERT_NO_ERRNO_AND_VALUE( Open(dir_outside_root.path(), O_RDONLY | O_DIRECTORY)); auto new_root = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + const std::string new_root_path = new_root.path(); const auto rest = [&] { // chroot into new_root. - TEST_CHECK_SUCCESS(chroot(new_root.path().c_str())); + TEST_CHECK_SUCCESS(chroot(new_root_path.c_str())); // openat on fd with path .. will succeed. int other_fd; @@ -184,15 +231,18 @@ TEST(ChrootTest, ProcFdLinkResolutionInChroot) { const TempPath file_outside_chroot = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile()); + const std::string file_outside_chroot_path = file_outside_chroot.path(); const FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(Open(file_outside_chroot.path(), O_RDONLY)); const FileDescriptor proc_fd = ASSERT_NO_ERRNO_AND_VALUE( Open("/proc", O_DIRECTORY | O_RDONLY | O_CLOEXEC)); + auto temp_dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + const std::string temp_dir_path = temp_dir.path(); + const auto rest = [&] { - auto temp_dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); - TEST_CHECK_SUCCESS(chroot(temp_dir.path().c_str())); + TEST_CHECK_SUCCESS(chroot(temp_dir_path.c_str())); // Opening relative to an already open fd to a node outside the chroot // works. @@ -201,9 +251,10 @@ TEST(ChrootTest, ProcFdLinkResolutionInChroot) { // Proc fd symlinks can escape the chroot if the fd the symlink refers to // refers to an object outside the chroot. + char fd_buf[11]; + TEST_CHECK(SafeItoa(fd.get(), fd_buf, sizeof(fd_buf), 10)); struct stat s = {}; - TEST_CHECK_SUCCESS( - fstatat(proc_self_fd.get(), absl::StrCat(fd.get()).c_str(), &s, 0)); + TEST_CHECK_SUCCESS(fstatat(proc_self_fd.get(), fd_buf, &s, 0)); // Try to stat the stdin fd. Internally, this is handled differently from a // proc fd entry pointing to a file, since stdin is backed by a host fd, and @@ -223,10 +274,12 @@ TEST(ChrootTest, ProcMemSelfFdsNoEscapeProcOpen) { const FileDescriptor proc = ASSERT_NO_ERRNO_AND_VALUE(Open("/proc", O_RDONLY)); + const auto temp_dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + const std::string temp_dir_path = temp_dir.path(); + const auto rest = [&] { - // Create and enter a chroot directory. - const auto temp_dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); - TEST_CHECK_SUCCESS(chroot(temp_dir.path().c_str())); + // Enter the chroot directory. + TEST_CHECK_SUCCESS(chroot(temp_dir_path.c_str())); // Open a file inside the chroot at /foo. const FileDescriptor foo = @@ -234,11 +287,15 @@ TEST(ChrootTest, ProcMemSelfFdsNoEscapeProcOpen) { // Examine /proc/self/fd/{foo_fd} to see if it exposes the fact that we're // inside a chroot, the path should be /foo and NOT {chroot_dir}/foo. - const std::string fd_path = absl::StrCat("self/fd/", foo.get()); + constexpr char kSelfFdRelpath[] = "self/fd/"; + char path_buf[20]; + strcpy(path_buf, kSelfFdRelpath); // NOLINT: need async-signal-safety + TEST_CHECK(SafeItoa(foo.get(), path_buf + sizeof(kSelfFdRelpath) - 1, + sizeof(path_buf) - (sizeof(kSelfFdRelpath) - 1), 10)); char buf[1024] = {}; size_t bytes_read = 0; - TEST_CHECK_SUCCESS(bytes_read = readlinkat(proc.get(), fd_path.c_str(), buf, - sizeof(buf) - 1)); + TEST_CHECK_SUCCESS( + bytes_read = readlinkat(proc.get(), path_buf, buf, sizeof(buf) - 1)); // The link should resolve to something. TEST_CHECK(bytes_read > 0); @@ -258,10 +315,12 @@ TEST(ChrootTest, ProcMemSelfMapsNoEscapeProcOpen) { const FileDescriptor proc = ASSERT_NO_ERRNO_AND_VALUE(Open("/proc", O_RDONLY)); + const auto temp_dir = TEST_CHECK_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + const std::string temp_dir_path = temp_dir.path(); + const auto rest = [&] { - // Create and enter a chroot directory. - const auto temp_dir = TEST_CHECK_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); - TEST_CHECK_SUCCESS(chroot(temp_dir.path().c_str())); + // Enter the chroot directory. + TEST_CHECK_SUCCESS(chroot(temp_dir_path.c_str())); // Open a file inside the chroot at /foo. const FileDescriptor foo = @@ -272,9 +331,12 @@ TEST(ChrootTest, ProcMemSelfMapsNoEscapeProcOpen) { MAP_PRIVATE, foo.get(), 0); TEST_CHECK_SUCCESS(reinterpret_cast<int64_t>(foo_map)); - // Always unmap. - auto cleanup_map = - Cleanup([&] { TEST_CHECK_SUCCESS(munmap(foo_map, kPageSize)); }); + // Always unmap. Since this function is called between fork() and execve(), + // we can't use gvisor::testing::Cleanup, which uses std::function + // and thus may heap-allocate (which is async-signal-unsafe); instead, use + // absl::Cleanup, which is templated on the callback type. + auto cleanup_map = absl::MakeCleanup( + [&] { TEST_CHECK_SUCCESS(munmap(foo_map, kPageSize)); }); // Examine /proc/self/maps to be sure that /foo doesn't appear to be // mapped with the full chroot path. @@ -289,8 +351,8 @@ TEST(ChrootTest, ProcMemSelfMapsNoEscapeProcOpen) { TEST_CHECK(bytes_read > 0); // Finally we want to make sure the maps don't contain the chroot path - TEST_CHECK(std::string(buf, bytes_read).find(temp_dir.path()) == - std::string::npos); + TEST_CHECK( + !absl::StrContains(absl::string_view(buf, bytes_read), temp_dir_path)); }; EXPECT_THAT(InForkedProcess(rest), IsPosixErrorOkAndHolds(0)); } @@ -302,72 +364,72 @@ TEST(ChrootTest, ProcMountsMountinfoNoEscape) { SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_CHROOT))); // Create nested tmpfs mounts. - auto const outer_dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); - auto const outer_mount = ASSERT_NO_ERRNO_AND_VALUE( - Mount("none", outer_dir.path(), "tmpfs", 0, "mode=0700", 0)); - - auto const inner_dir = - ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDirIn(outer_dir.path())); - auto const inner_mount = ASSERT_NO_ERRNO_AND_VALUE( - Mount("none", inner_dir.path(), "tmpfs", 0, "mode=0700", 0)); + const auto outer_dir = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + const std::string outer_dir_path = outer_dir.path(); + const auto outer_mount = ASSERT_NO_ERRNO_AND_VALUE( + Mount("none", outer_dir_path, "tmpfs", 0, "mode=0700", 0)); + + const auto inner_dir = + ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDirIn(outer_dir_path)); + const std::string inner_dir_path = inner_dir.path(); + const auto inner_mount = ASSERT_NO_ERRNO_AND_VALUE( + Mount("none", inner_dir_path, "tmpfs", 0, "mode=0700", 0)); + const std::string inner_dir_in_outer_chroot_path = + absl::StrCat("/", Basename(inner_dir_path)); + + // Filenames that will be checked for mounts, all relative to /proc dir. + std::string paths[3] = {"mounts", "self/mounts", "self/mountinfo"}; + + for (const std::string& path : paths) { + // We should have both inner and outer mounts. + const std::string contents = + ASSERT_NO_ERRNO_AND_VALUE(GetContents(JoinPath("/proc", path))); + EXPECT_THAT(contents, + AllOf(HasSubstr(outer_dir_path), HasSubstr(inner_dir_path))); + // We better have at least two mounts: the mounts we created plus the + // root. + std::vector<absl::string_view> submounts = + absl::StrSplit(contents, '\n', absl::SkipWhitespace()); + ASSERT_GT(submounts.size(), 2); + } - const auto rest = [&outer_dir, &inner_dir] { - // Filenames that will be checked for mounts, all relative to /proc dir. - std::string paths[3] = {"mounts", "self/mounts", "self/mountinfo"}; - - for (const std::string& path : paths) { - // We should have both inner and outer mounts. - const std::string contents = - TEST_CHECK_NO_ERRNO_AND_VALUE(GetContents(JoinPath("/proc", path))); - EXPECT_THAT(contents, AllOf(HasSubstr(outer_dir.path()), - HasSubstr(inner_dir.path()))); - // We better have at least two mounts: the mounts we created plus the - // root. - std::vector<absl::string_view> submounts = - absl::StrSplit(contents, '\n', absl::SkipWhitespace()); - TEST_CHECK(submounts.size() > 2); - } - - // Get a FD to /proc before we enter the chroot. - const FileDescriptor proc = - TEST_CHECK_NO_ERRNO_AND_VALUE(Open("/proc", O_RDONLY)); + // Get a FD to /proc before we enter the chroot. + const FileDescriptor proc = + ASSERT_NO_ERRNO_AND_VALUE(Open("/proc", O_RDONLY)); + const auto rest = [&] { // Chroot to outer mount. - TEST_CHECK_SUCCESS(chroot(outer_dir.path().c_str())); + TEST_CHECK_SUCCESS(chroot(outer_dir_path.c_str())); + char buf[8 * 1024]; for (const std::string& path : paths) { const FileDescriptor proc_file = TEST_CHECK_NO_ERRNO_AND_VALUE(OpenAt(proc.get(), path, O_RDONLY)); // Only two mounts visible from this chroot: the inner and outer. Both // paths should be relative to the new chroot. - const std::string contents = - TEST_CHECK_NO_ERRNO_AND_VALUE(GetContentsFD(proc_file.get())); - EXPECT_THAT(contents, - AllOf(HasSubstr(absl::StrCat(Basename(inner_dir.path()))), - Not(HasSubstr(outer_dir.path())), - Not(HasSubstr(inner_dir.path())))); - std::vector<absl::string_view> submounts = - absl::StrSplit(contents, '\n', absl::SkipWhitespace()); - TEST_CHECK(submounts.size() == 2); + ssize_t n = ReadFd(proc_file.get(), buf, sizeof(buf)); + TEST_PCHECK(n >= 0); + buf[n] = '\0'; + TEST_CHECK(absl::StrContains(buf, Basename(inner_dir_path))); + TEST_CHECK(!absl::StrContains(buf, outer_dir_path)); + TEST_CHECK(!absl::StrContains(buf, inner_dir_path)); + TEST_CHECK(std::count(buf, buf + n, '\n') == 2); } // Chroot to inner mount. We must use an absolute path accessible to our // chroot. - const std::string inner_dir_basename = - absl::StrCat("/", Basename(inner_dir.path())); - TEST_CHECK_SUCCESS(chroot(inner_dir_basename.c_str())); + TEST_CHECK_SUCCESS(chroot(inner_dir_in_outer_chroot_path.c_str())); for (const std::string& path : paths) { const FileDescriptor proc_file = TEST_CHECK_NO_ERRNO_AND_VALUE(OpenAt(proc.get(), path, O_RDONLY)); - const std::string contents = - TEST_CHECK_NO_ERRNO_AND_VALUE(GetContentsFD(proc_file.get())); // Only the inner mount visible from this chroot. - std::vector<absl::string_view> submounts = - absl::StrSplit(contents, '\n', absl::SkipWhitespace()); - TEST_CHECK(submounts.size() == 1); + ssize_t n = ReadFd(proc_file.get(), buf, sizeof(buf)); + TEST_PCHECK(n >= 0); + buf[n] = '\0'; + TEST_CHECK(std::count(buf, buf + n, '\n') == 1); } }; EXPECT_THAT(InForkedProcess(rest), IsPosixErrorOkAndHolds(0)); diff --git a/test/syscalls/linux/connect_external.cc b/test/syscalls/linux/connect_external.cc index 1edb50e47..fb2476da4 100644 --- a/test/syscalls/linux/connect_external.cc +++ b/test/syscalls/linux/connect_external.cc @@ -22,9 +22,9 @@ #include <tuple> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/fs_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // This file contains tests specific to connecting to host UDS managed outside diff --git a/test/syscalls/linux/dup.cc b/test/syscalls/linux/dup.cc index fca0880a6..8f0974f45 100644 --- a/test/syscalls/linux/dup.cc +++ b/test/syscalls/linux/dup.cc @@ -101,18 +101,16 @@ TEST(DupTest, Dup2) { } TEST(DupTest, Rlimit) { - constexpr int kFDLimit = 101; auto f = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile()); FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(Open(f.path(), O_RDONLY)); struct rlimit rl = {}; EXPECT_THAT(getrlimit(RLIMIT_NOFILE, &rl), SyscallSucceeds()); - // Lower the rlimit first, as it may be equal to /proc/sys/fs/nr_open, in - // which case even users with CAP_SYS_RESOURCE can't raise it. - rl.rlim_cur = kFDLimit * 2; ASSERT_THAT(setrlimit(RLIMIT_NOFILE, &rl), SyscallSucceeds()); + constexpr int kFDLimit = 101; + // Create a file descriptor that will be above the limit. FileDescriptor aboveLimitFD = ASSERT_NO_ERRNO_AND_VALUE(Dup2(fd, kFDLimit * 2 - 1)); @@ -121,19 +119,24 @@ TEST(DupTest, Rlimit) { ASSERT_THAT(dup3(fd.get(), kFDLimit, 0), SyscallFails()); std::vector<std::unique_ptr<FileDescriptor>> fds; - int prev = fd.get(); - for (int i = 0; i < kFDLimit; i++) { - int d = dup(fd.get()); - if (d == -1) { + int prev_fd = fd.get(); + int used_fds = 0; + for (int i = 0; i < kFDLimit; ++i) { + int new_fd = dup(fd.get()); + if (new_fd == -1) { break; } - std::unique_ptr<FileDescriptor> f = absl::make_unique<FileDescriptor>(d); - EXPECT_LT(d, kFDLimit); - EXPECT_GT(d, prev); - prev = d; + auto f = absl::make_unique<FileDescriptor>(new_fd); + EXPECT_LT(new_fd, kFDLimit); + EXPECT_GT(new_fd, prev_fd); + // Check that all fds in (prev_fd, new_fd) are used. + for (int j = prev_fd + 1; j < new_fd; ++j) { + if (fcntl(j, F_GETFD) != -1) used_fds++; + } + prev_fd = new_fd; fds.push_back(std::move(f)); } - EXPECT_EQ(fds.size(), kFDLimit - fd.get() - 1); + EXPECT_EQ(fds.size() + used_fds, kFDLimit - fd.get() - 1); } TEST(DupTest, Dup2SameFD) { diff --git a/test/syscalls/linux/fallocate.cc b/test/syscalls/linux/fallocate.cc index 5c839447e..5f1b4d5e5 100644 --- a/test/syscalls/linux/fallocate.cc +++ b/test/syscalls/linux/fallocate.cc @@ -31,11 +31,11 @@ #include "absl/strings/str_cat.h" #include "absl/time/time.h" #include "test/syscalls/linux/file_base.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/cleanup.h" #include "test/util/eventfd_util.h" #include "test/util/file_descriptor.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" diff --git a/test/syscalls/linux/fcntl.cc b/test/syscalls/linux/fcntl.cc index 91526572b..0e78a4d4a 100644 --- a/test/syscalls/linux/fcntl.cc +++ b/test/syscalls/linux/fcntl.cc @@ -35,7 +35,6 @@ #include "absl/strings/str_cat.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/cleanup.h" #include "test/util/eventfd_util.h" @@ -46,6 +45,7 @@ #include "test/util/posix_error.h" #include "test/util/save_util.h" #include "test/util/signal_util.h" +#include "test/util/socket_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/flock.cc b/test/syscalls/linux/flock.cc index 10dad042f..686b779be 100644 --- a/test/syscalls/linux/flock.cc +++ b/test/syscalls/linux/flock.cc @@ -21,8 +21,8 @@ #include "absl/time/clock.h" #include "absl/time/time.h" #include "test/syscalls/linux/file_base.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/ioctl.cc b/test/syscalls/linux/ioctl.cc index 9b16d1558..88056ef2e 100644 --- a/test/syscalls/linux/ioctl.cc +++ b/test/syscalls/linux/ioctl.cc @@ -26,10 +26,10 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/signal_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/ip6tables.cc b/test/syscalls/linux/ip6tables.cc index e0e146067..d11b45d4a 100644 --- a/test/syscalls/linux/ip6tables.cc +++ b/test/syscalls/linux/ip6tables.cc @@ -17,9 +17,9 @@ #include "gtest/gtest.h" #include "test/syscalls/linux/iptables.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/ip_socket_test_util.h b/test/syscalls/linux/ip_socket_test_util.h index bde481f7e..8f26f1cd0 100644 --- a/test/syscalls/linux/ip_socket_test_util.h +++ b/test/syscalls/linux/ip_socket_test_util.h @@ -21,7 +21,7 @@ #include <string> -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/itimer.cc b/test/syscalls/linux/itimer.cc index ac113e6da..9fb04eae6 100644 --- a/test/syscalls/linux/itimer.cc +++ b/test/syscalls/linux/itimer.cc @@ -197,9 +197,9 @@ int TestSIGALRMToMainThread() { // (but don't guarantee it), so we expect to see most samples on the main // thread. // - // The number of SIGALRMs delivered to a worker should not exceed 20% + // The number of SIGALRMs delivered to a worker should not exceed 40% // of the number of total signals expected (this is somewhat arbitrary). - const int worker_threshold = result.expected_total / 5; + const int worker_threshold = result.expected_total / 5 * 2; // // Linux only guarantees timers will never expire before the requested time. @@ -230,7 +230,8 @@ TEST(ItimerTest, DeliversSIGALRMToMainThread) { // Not required anymore. kill.Release(); - EXPECT_TRUE(WIFEXITED(status) && WEXITSTATUS(status) == 0) << status; + EXPECT_EQ(WIFEXITED(status) && WEXITSTATUS(status), 0) + << WIFEXITED(status) << " " << WEXITSTATUS(status); } // Signals are delivered to threads fairly. diff --git a/test/syscalls/linux/msgqueue.cc b/test/syscalls/linux/msgqueue.cc new file mode 100644 index 000000000..2409de7e8 --- /dev/null +++ b/test/syscalls/linux/msgqueue.cc @@ -0,0 +1,87 @@ +// Copyright 2021 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include <sys/ipc.h> +#include <sys/msg.h> +#include <sys/types.h> + +#include "test/util/temp_path.h" +#include "test/util/test_util.h" + +namespace gvisor { +namespace testing { +namespace { + +// Queue is a RAII class used to automatically clean message queues. +class Queue { + public: + explicit Queue(int id) : id_(id) {} + + ~Queue() { + if (id_ >= 0) { + EXPECT_THAT(msgctl(id_, IPC_RMID, nullptr), SyscallSucceeds()); + } + } + + int release() { + int old = id_; + id_ = -1; + return old; + } + + int get() { return id_; } + + private: + int id_ = -1; +}; + +// Test simple creation and retrieval for msgget(2). +TEST(MsgqueueTest, MsgGet) { + const TempPath keyfile = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile()); + const key_t key = ftok(keyfile.path().c_str(), 1); + ASSERT_THAT(key, SyscallSucceeds()); + + Queue queue(msgget(key, IPC_CREAT)); + ASSERT_THAT(queue.get(), SyscallSucceeds()); + EXPECT_THAT(msgget(key, 0), SyscallSucceedsWithValue(queue.get())); +} + +// Test simple failure scenarios for msgget(2). +TEST(MsgqueueTest, MsgGetFail) { + const TempPath keyfile = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile()); + const key_t key = ftok(keyfile.path().c_str(), 1); + ASSERT_THAT(key, SyscallSucceeds()); + + EXPECT_THAT(msgget(key, 0), SyscallFailsWithErrno(ENOENT)); + + Queue queue(msgget(key, IPC_CREAT)); + ASSERT_THAT(queue.get(), SyscallSucceeds()); + + EXPECT_THAT(msgget(key, IPC_CREAT | IPC_EXCL), SyscallFailsWithErrno(EEXIST)); +} + +// Test using msgget(2) with IPC_PRIVATE option. +TEST(MsgqueueTest, MsgGetIpcPrivate) { + Queue queue1(msgget(IPC_PRIVATE, 0)); + ASSERT_THAT(queue1.get(), SyscallSucceeds()); + + Queue queue2(msgget(IPC_PRIVATE, 0)); + ASSERT_THAT(queue2.get(), SyscallSucceeds()); + + EXPECT_NE(queue1.get(), queue2.get()); +} + +} // namespace +} // namespace testing +} // namespace gvisor diff --git a/test/syscalls/linux/network_namespace.cc b/test/syscalls/linux/network_namespace.cc index 133fdecf0..1984feedd 100644 --- a/test/syscalls/linux/network_namespace.cc +++ b/test/syscalls/linux/network_namespace.cc @@ -20,9 +20,9 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/packet_socket.cc b/test/syscalls/linux/packet_socket.cc index 1e246c421..98339277b 100644 --- a/test/syscalls/linux/packet_socket.cc +++ b/test/syscalls/linux/packet_socket.cc @@ -29,10 +29,10 @@ #include "gtest/gtest.h" #include "absl/base/internal/endian.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Some of these tests involve sending packets via AF_PACKET sockets and the diff --git a/test/syscalls/linux/packet_socket_raw.cc b/test/syscalls/linux/packet_socket_raw.cc index 7e439466e..07beb8ba0 100644 --- a/test/syscalls/linux/packet_socket_raw.cc +++ b/test/syscalls/linux/packet_socket_raw.cc @@ -30,10 +30,10 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/base/internal/endian.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Some of these tests involve sending packets via AF_PACKET sockets and the diff --git a/test/syscalls/linux/partial_bad_buffer.cc b/test/syscalls/linux/partial_bad_buffer.cc index 223ddc0c8..1bdfcbbe3 100644 --- a/test/syscalls/linux/partial_bad_buffer.cc +++ b/test/syscalls/linux/partial_bad_buffer.cc @@ -26,10 +26,10 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/fs_util.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" diff --git a/test/syscalls/linux/ping_socket.cc b/test/syscalls/linux/ping_socket.cc index 8268e91da..7ec1938bf 100644 --- a/test/syscalls/linux/ping_socket.cc +++ b/test/syscalls/linux/ping_socket.cc @@ -29,8 +29,8 @@ #include "absl/strings/str_join.h" #include "absl/types/optional.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Note: These tests require /proc/sys/net/ipv4/ping_group_range to be diff --git a/test/syscalls/linux/proc.cc b/test/syscalls/linux/proc.cc index 78aa73edc..8a4025fed 100644 --- a/test/syscalls/linux/proc.cc +++ b/test/syscalls/linux/proc.cc @@ -54,6 +54,8 @@ #include "absl/strings/match.h" #include "absl/strings/numbers.h" #include "absl/strings/str_cat.h" +#include "absl/strings/str_format.h" +#include "absl/strings/str_join.h" #include "absl/strings/str_split.h" #include "absl/strings/string_view.h" #include "absl/synchronization/mutex.h" @@ -88,6 +90,7 @@ using ::testing::Gt; using ::testing::HasSubstr; using ::testing::IsSupersetOf; using ::testing::Pair; +using ::testing::StartsWith; using ::testing::UnorderedElementsAre; using ::testing::UnorderedElementsAreArray; @@ -1622,10 +1625,41 @@ TEST(ProcPidStatusTest, HasBasicFields) { ASSERT_FALSE(status_str.empty()); const auto status = ASSERT_NO_ERRNO_AND_VALUE(ParseProcStatus(status_str)); - EXPECT_THAT(status, IsSupersetOf({Pair("Name", thread_name), - Pair("Tgid", absl::StrCat(tgid)), - Pair("Pid", absl::StrCat(tid)), - Pair("PPid", absl::StrCat(getppid()))})); + EXPECT_THAT(status, IsSupersetOf({ + Pair("Name", thread_name), + Pair("Tgid", absl::StrCat(tgid)), + Pair("Pid", absl::StrCat(tid)), + Pair("PPid", absl::StrCat(getppid())), + })); + + if (!IsRunningWithVFS1()) { + uid_t ruid, euid, suid; + ASSERT_THAT(getresuid(&ruid, &euid, &suid), SyscallSucceeds()); + gid_t rgid, egid, sgid; + ASSERT_THAT(getresgid(&rgid, &egid, &sgid), SyscallSucceeds()); + std::vector<gid_t> supplementary_gids; + int ngids = getgroups(0, nullptr); + supplementary_gids.resize(ngids); + ASSERT_THAT(getgroups(ngids, supplementary_gids.data()), + SyscallSucceeds()); + + EXPECT_THAT( + status, + IsSupersetOf(std::vector< + ::testing::Matcher<std::pair<std::string, std::string>>>{ + // gVisor doesn't support fsuid/gid, and even if it did there is + // no getfsuid/getfsgid(). + Pair("Uid", StartsWith(absl::StrFormat("%d\t%d\t%d\t", ruid, euid, + suid))), + Pair("Gid", StartsWith(absl::StrFormat("%d\t%d\t%d\t", rgid, egid, + sgid))), + // ParseProcStatus strips leading whitespace for each value, + // so if the Groups line is empty then the trailing space is + // stripped. + Pair("Groups", + StartsWith(absl::StrJoin(supplementary_gids, " "))), + })); + } }); } diff --git a/test/syscalls/linux/proc_net.cc b/test/syscalls/linux/proc_net.cc index 04fecc02e..4cbe30fc1 100644 --- a/test/syscalls/linux/proc_net.cc +++ b/test/syscalls/linux/proc_net.cc @@ -28,10 +28,10 @@ #include "absl/strings/str_split.h" #include "absl/strings/string_view.h" #include "absl/time/clock.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" #include "test/util/fs_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { @@ -498,13 +498,7 @@ TEST(ProcSysNetIpv4Recovery, CanReadAndWrite) { // Check initial value is set to 1. EXPECT_THAT(PreadFd(fd.get(), &buf, sizeof(buf), 0), SyscallSucceedsWithValue(sizeof(to_write) + 1)); - if (IsRunningOnGvisor()) { - // TODO(gvisor.dev/issue/5243): TCPRACKLossDetection = 1 should be turned on - // by default. - EXPECT_EQ(strcmp(buf, "0\n"), 0); - } else { - EXPECT_EQ(strcmp(buf, "1\n"), 0); - } + EXPECT_EQ(strcmp(buf, "1\n"), 0); // Set tcp_recovery to one of the allowed constants. EXPECT_THAT(PwriteFd(fd.get(), &to_write, sizeof(to_write), 0), diff --git a/test/syscalls/linux/raw_socket.cc b/test/syscalls/linux/raw_socket.cc index 69616b400..e19fe8f6b 100644 --- a/test/syscalls/linux/raw_socket.cc +++ b/test/syscalls/linux/raw_socket.cc @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include <arpa/inet.h> #include <linux/capability.h> #include <linux/filter.h> #include <netinet/in.h> @@ -26,10 +27,10 @@ #include <algorithm> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Note: in order to run these tests, /proc/sys/net/ipv4/ping_group_range will @@ -76,6 +77,20 @@ class RawSocketTest : public ::testing::TestWithParam<std::tuple<int, int>> { return 0; } + uint16_t Port(struct sockaddr* s) { + if (Family() == AF_INET) { + return ntohs(reinterpret_cast<struct sockaddr_in*>(s)->sin_port); + } + return ntohs(reinterpret_cast<struct sockaddr_in6*>(s)->sin6_port); + } + + void* Addr(struct sockaddr* s) { + if (Family() == AF_INET) { + return &(reinterpret_cast<struct sockaddr_in*>(s)->sin_addr); + } + return &(reinterpret_cast<struct sockaddr_in6*>(s)->sin6_addr); + } + // The socket used for both reading and writing. int s_; @@ -181,6 +196,54 @@ TEST_P(RawSocketTest, FailAccept) { ASSERT_THAT(accept(s_, &saddr, &addrlen), SyscallFailsWithErrno(ENOTSUP)); } +TEST_P(RawSocketTest, BindThenGetSockName) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW))); + + struct sockaddr* addr = reinterpret_cast<struct sockaddr*>(&addr_); + ASSERT_THAT(bind(s_, addr, AddrLen()), SyscallSucceeds()); + struct sockaddr_storage saddr_storage; + struct sockaddr* saddr = reinterpret_cast<struct sockaddr*>(&saddr_storage); + socklen_t saddrlen = AddrLen(); + ASSERT_THAT(getsockname(s_, saddr, &saddrlen), SyscallSucceeds()); + ASSERT_EQ(saddrlen, AddrLen()); + + // The port is expected to hold the protocol number. + EXPECT_EQ(Port(saddr), Protocol()); + + char addrbuf[INET6_ADDRSTRLEN], saddrbuf[INET6_ADDRSTRLEN]; + const char* addrstr = + inet_ntop(addr->sa_family, Addr(addr), addrbuf, sizeof(addrbuf)); + ASSERT_NE(addrstr, nullptr); + const char* saddrstr = + inet_ntop(saddr->sa_family, Addr(saddr), saddrbuf, sizeof(saddrbuf)); + ASSERT_NE(saddrstr, nullptr); + EXPECT_STREQ(saddrstr, addrstr); +} + +TEST_P(RawSocketTest, ConnectThenGetSockName) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW))); + + struct sockaddr* addr = reinterpret_cast<struct sockaddr*>(&addr_); + ASSERT_THAT(connect(s_, addr, AddrLen()), SyscallSucceeds()); + struct sockaddr_storage saddr_storage; + struct sockaddr* saddr = reinterpret_cast<struct sockaddr*>(&saddr_storage); + socklen_t saddrlen = AddrLen(); + ASSERT_THAT(getsockname(s_, saddr, &saddrlen), SyscallSucceeds()); + ASSERT_EQ(saddrlen, AddrLen()); + + // The port is expected to hold the protocol number. + EXPECT_EQ(Port(saddr), Protocol()); + + char addrbuf[INET6_ADDRSTRLEN], saddrbuf[INET6_ADDRSTRLEN]; + const char* addrstr = + inet_ntop(addr->sa_family, Addr(addr), addrbuf, sizeof(addrbuf)); + ASSERT_NE(addrstr, nullptr); + const char* saddrstr = + inet_ntop(saddr->sa_family, Addr(saddr), saddrbuf, sizeof(saddrbuf)); + ASSERT_NE(saddrstr, nullptr); + EXPECT_STREQ(saddrstr, addrstr); +} + // Test that getpeername() returns nothing before connect(). TEST_P(RawSocketTest, FailGetPeerNameBeforeConnect) { SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW))); diff --git a/test/syscalls/linux/raw_socket_hdrincl.cc b/test/syscalls/linux/raw_socket_hdrincl.cc index 4611b6283..f1d8fd295 100644 --- a/test/syscalls/linux/raw_socket_hdrincl.cc +++ b/test/syscalls/linux/raw_socket_hdrincl.cc @@ -27,10 +27,10 @@ #include "gtest/gtest.h" #include "absl/base/internal/endian.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/raw_socket_icmp.cc b/test/syscalls/linux/raw_socket_icmp.cc index 275996bd3..27d3fffee 100644 --- a/test/syscalls/linux/raw_socket_icmp.cc +++ b/test/syscalls/linux/raw_socket_icmp.cc @@ -24,10 +24,10 @@ #include <cstdint> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/readahead.cc b/test/syscalls/linux/readahead.cc index 71073bb3c..04104c912 100644 --- a/test/syscalls/linux/readahead.cc +++ b/test/syscalls/linux/readahead.cc @@ -16,8 +16,8 @@ #include <fcntl.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" diff --git a/test/syscalls/linux/semaphore.cc b/test/syscalls/linux/semaphore.cc index f72957f89..87b66aa98 100644 --- a/test/syscalls/linux/semaphore.cc +++ b/test/syscalls/linux/semaphore.cc @@ -1019,6 +1019,17 @@ TEST(SemaphoreTest, SemInfo) { EXPECT_EQ(info.semvmx, kSemVmx); } +TEST(SempahoreTest, RemoveNonExistentSemaphore) { + EXPECT_THAT(semctl(-1, 0, IPC_RMID), SyscallFailsWithErrno(EINVAL)); +} + +TEST(SempahoreTest, RemoveDeletedSemaphore) { + int id; + EXPECT_THAT(id = semget(IPC_PRIVATE, 1, 0), SyscallSucceeds()); + EXPECT_THAT(semctl(id, 0, IPC_RMID), SyscallSucceeds()); + EXPECT_THAT(semctl(id, 0, IPC_RMID), SyscallFailsWithErrno(EINVAL)); +} + } // namespace } // namespace testing } // namespace gvisor diff --git a/test/syscalls/linux/sendfile_socket.cc b/test/syscalls/linux/sendfile_socket.cc index c101fe9d2..ac6e89e91 100644 --- a/test/syscalls/linux/sendfile_socket.cc +++ b/test/syscalls/linux/sendfile_socket.cc @@ -24,8 +24,8 @@ #include "gtest/gtest.h" #include "absl/strings/string_view.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket.cc b/test/syscalls/linux/socket.cc index 7b966484d..d2762b6e9 100644 --- a/test/syscalls/linux/socket.cc +++ b/test/syscalls/linux/socket.cc @@ -20,8 +20,8 @@ #include <unistd.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/temp_umask.h" #include "test/util/test_util.h" @@ -119,6 +119,9 @@ TEST(SocketTest, UnixSCMRightsOnlyPassedOnce) { // Send more than what will fit inside the send/receive buffers, so that it is // split into multiple messages. constexpr int kBufSize = 0x100000; + // Heap allocation is async-signal-unsafe and thus cannot occur between fork() + // and execve(). + std::vector<char> buf(kBufSize); pid_t pid = fork(); if (pid == 0) { @@ -127,7 +130,6 @@ TEST(SocketTest, UnixSCMRightsOnlyPassedOnce) { // Construct a message with some control message. struct msghdr msg = {}; char control[CMSG_SPACE(sizeof(int))] = {}; - std::vector<char> buf(kBufSize); struct iovec iov = {}; msg.msg_control = control; msg.msg_controllen = sizeof(control); @@ -154,7 +156,6 @@ TEST(SocketTest, UnixSCMRightsOnlyPassedOnce) { struct msghdr msg = {}; char control[CMSG_SPACE(sizeof(int))] = {}; - std::vector<char> buf(kBufSize); struct iovec iov = {}; msg.msg_control = &control; msg.msg_controllen = sizeof(control); diff --git a/test/syscalls/linux/socket_abstract.cc b/test/syscalls/linux/socket_abstract.cc index 00999f192..d450fad14 100644 --- a/test/syscalls/linux/socket_abstract.cc +++ b/test/syscalls/linux/socket_abstract.cc @@ -15,10 +15,10 @@ #include <vector> #include "test/syscalls/linux/socket_generic.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/socket_unix.h" #include "test/syscalls/linux/socket_unix_cmsg.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_bind_to_device.cc b/test/syscalls/linux/socket_bind_to_device.cc index 6b27f6eab..dac31a90c 100644 --- a/test/syscalls/linux/socket_bind_to_device.cc +++ b/test/syscalls/linux/socket_bind_to_device.cc @@ -34,8 +34,8 @@ #include "gtest/gtest.h" #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_bind_to_device_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket_bind_to_device_distribution.cc b/test/syscalls/linux/socket_bind_to_device_distribution.cc index 70b0b2742..4cddb875a 100644 --- a/test/syscalls/linux/socket_bind_to_device_distribution.cc +++ b/test/syscalls/linux/socket_bind_to_device_distribution.cc @@ -35,8 +35,8 @@ #include "gtest/gtest.h" #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_bind_to_device_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket_bind_to_device_sequence.cc b/test/syscalls/linux/socket_bind_to_device_sequence.cc index d3cc71dbf..334b46730 100644 --- a/test/syscalls/linux/socket_bind_to_device_sequence.cc +++ b/test/syscalls/linux/socket_bind_to_device_sequence.cc @@ -36,8 +36,8 @@ #include "absl/container/node_hash_map.h" #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_bind_to_device_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket_blocking.cc b/test/syscalls/linux/socket_blocking.cc index 7e88aa2d9..5262e9ed9 100644 --- a/test/syscalls/linux/socket_blocking.cc +++ b/test/syscalls/linux/socket_blocking.cc @@ -23,8 +23,8 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" #include "test/util/timer_util.h" diff --git a/test/syscalls/linux/socket_blocking.h b/test/syscalls/linux/socket_blocking.h index db26e5ef5..89134ec30 100644 --- a/test/syscalls/linux/socket_blocking.h +++ b/test/syscalls/linux/socket_blocking.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_BLOCKING_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_BLOCKING_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_capability.cc b/test/syscalls/linux/socket_capability.cc index f75482aba..95cf1f6b4 100644 --- a/test/syscalls/linux/socket_capability.cc +++ b/test/syscalls/linux/socket_capability.cc @@ -16,9 +16,9 @@ // headers). #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_filesystem.cc b/test/syscalls/linux/socket_filesystem.cc index 287359363..a611e9f4e 100644 --- a/test/syscalls/linux/socket_filesystem.cc +++ b/test/syscalls/linux/socket_filesystem.cc @@ -15,10 +15,10 @@ #include <vector> #include "test/syscalls/linux/socket_generic.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/socket_unix.h" #include "test/syscalls/linux/socket_unix_cmsg.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_generic.h b/test/syscalls/linux/socket_generic.h index 00ae7bfc3..a13262355 100644 --- a/test/syscalls/linux/socket_generic.h +++ b/test/syscalls/linux/socket_generic.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_GENERIC_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_GENERIC_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_generic_stress.cc b/test/syscalls/linux/socket_generic_stress.cc index c35aa2183..9ff385b41 100644 --- a/test/syscalls/linux/socket_generic_stress.cc +++ b/test/syscalls/linux/socket_generic_stress.cc @@ -29,57 +29,19 @@ #include "absl/time/clock.h" #include "absl/time/time.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" namespace gvisor { namespace testing { -constexpr char kRangeFile[] = "/proc/sys/net/ipv4/ip_local_port_range"; - -PosixErrorOr<int> NumPorts() { - int min = 0; - int max = 1 << 16; - - // Read the ephemeral range from /proc. - ASSIGN_OR_RETURN_ERRNO(std::string rangefile, GetContents(kRangeFile)); - const std::string err_msg = - absl::StrFormat("%s has invalid content: %s", kRangeFile, rangefile); - if (rangefile.back() != '\n') { - return PosixError(EINVAL, err_msg); - } - rangefile.pop_back(); - std::vector<std::string> range = - absl::StrSplit(rangefile, absl::ByAnyChar("\t ")); - if (range.size() < 2 || !absl::SimpleAtoi(range.front(), &min) || - !absl::SimpleAtoi(range.back(), &max)) { - return PosixError(EINVAL, err_msg); - } - - // If we can open as writable, limit the range. - if (!access(kRangeFile, W_OK)) { - ASSIGN_OR_RETURN_ERRNO(FileDescriptor fd, - Open(kRangeFile, O_WRONLY | O_TRUNC, 0)); - max = min + 50; - const std::string small_range = absl::StrFormat("%d %d", min, max); - int n = write(fd.get(), small_range.c_str(), small_range.size()); - if (n < 0) { - return PosixError( - errno, - absl::StrFormat("write(%d [%s], \"%s\", %d)", fd.get(), kRangeFile, - small_range.c_str(), small_range.size())); - } - } - return max - min; -} - // Test fixture for tests that apply to pairs of connected sockets. using ConnectStressTest = SocketPairTest; TEST_P(ConnectStressTest, Reset) { - const int nports = ASSERT_NO_ERRNO_AND_VALUE(NumPorts()); + const int nports = ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); for (int i = 0; i < nports * 2; i++) { const std::unique_ptr<SocketPair> sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketPair()); @@ -103,7 +65,7 @@ TEST_P(ConnectStressTest, Reset) { // Tests that opening too many connections -- without closing them -- does lead // to port exhaustion. TEST_P(ConnectStressTest, TooManyOpen) { - const int nports = ASSERT_NO_ERRNO_AND_VALUE(NumPorts()); + const int nports = ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); int err_num = 0; std::vector<std::unique_ptr<SocketPair>> sockets = std::vector<std::unique_ptr<SocketPair>>(nports); @@ -164,7 +126,7 @@ class PersistentListenerConnectStressTest : public SocketPairTest { }; TEST_P(PersistentListenerConnectStressTest, ShutdownCloseFirst) { - const int nports = ASSERT_NO_ERRNO_AND_VALUE(NumPorts()); + const int nports = ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); for (int i = 0; i < nports * 2; i++) { std::unique_ptr<SocketPair> sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketSleep()); @@ -185,7 +147,7 @@ TEST_P(PersistentListenerConnectStressTest, ShutdownCloseFirst) { } TEST_P(PersistentListenerConnectStressTest, ShutdownCloseSecond) { - const int nports = ASSERT_NO_ERRNO_AND_VALUE(NumPorts()); + const int nports = ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); for (int i = 0; i < nports * 2; i++) { const std::unique_ptr<SocketPair> sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketPair()); @@ -206,7 +168,7 @@ TEST_P(PersistentListenerConnectStressTest, ShutdownCloseSecond) { } TEST_P(PersistentListenerConnectStressTest, Close) { - const int nports = ASSERT_NO_ERRNO_AND_VALUE(NumPorts()); + const int nports = ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); for (int i = 0; i < nports * 2; i++) { std::unique_ptr<SocketPair> sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketSleep()); diff --git a/test/syscalls/linux/socket_generic_test_cases.cc b/test/syscalls/linux/socket_generic_test_cases.cc index 5c4cb6c35..c509d54e2 100644 --- a/test/syscalls/linux/socket_generic_test_cases.cc +++ b/test/syscalls/linux/socket_generic_test_cases.cc @@ -14,6 +14,9 @@ #include "test/syscalls/linux/socket_generic.h" +#ifdef __linux__ +#include <linux/capability.h> +#endif // __linux__ #include <stdio.h> #include <sys/ioctl.h> #include <sys/socket.h> @@ -22,8 +25,9 @@ #include "gtest/gtest.h" #include "absl/strings/str_format.h" #include "absl/strings/string_view.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/capability_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // This file is a generic socket test file. It must be built with another file @@ -400,6 +404,46 @@ TEST_P(AllSocketPairTest, RcvBufSucceeds) { EXPECT_GT(size, 0); } +#ifdef __linux__ + +// Check that setting SO_RCVBUFFORCE above max is not clamped to the maximum +// receive buffer size. +TEST_P(AllSocketPairTest, SetSocketRecvBufForceAboveMax) { + std::unique_ptr<SocketPair> sockets = + ASSERT_NO_ERRNO_AND_VALUE(NewSocketPair()); + + // Discover maxmimum buffer size by setting to a really large value. + constexpr int kRcvBufSz = 0xffffffff; + ASSERT_THAT(setsockopt(sockets->first_fd(), SOL_SOCKET, SO_RCVBUF, &kRcvBufSz, + sizeof(kRcvBufSz)), + SyscallSucceeds()); + + int max = 0; + socklen_t max_len = sizeof(max); + ASSERT_THAT( + getsockopt(sockets->first_fd(), SOL_SOCKET, SO_RCVBUF, &max, &max_len), + SyscallSucceeds()); + + int above_max = max + 1; + int sso = setsockopt(sockets->first_fd(), SOL_SOCKET, SO_RCVBUFFORCE, + &above_max, sizeof(above_max)); + if (!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_ADMIN))) { + ASSERT_THAT(sso, SyscallFailsWithErrno(EPERM)); + return; + } + ASSERT_THAT(sso, SyscallSucceeds()); + + int val = 0; + socklen_t val_len = sizeof(val); + ASSERT_THAT( + getsockopt(sockets->first_fd(), SOL_SOCKET, SO_RCVBUF, &val, &val_len), + SyscallSucceeds()); + // The system doubles the passed-in maximum. + ASSERT_EQ(above_max * 2, val); +} + +#endif // __linux__ + TEST_P(AllSocketPairTest, GetSndBufSucceeds) { auto sockets = ASSERT_NO_ERRNO_AND_VALUE(NewSocketPair()); int size = 0; diff --git a/test/syscalls/linux/socket_inet_loopback.cc b/test/syscalls/linux/socket_inet_loopback.cc index badc42ec5..13a83a1b3 100644 --- a/test/syscalls/linux/socket_inet_loopback.cc +++ b/test/syscalls/linux/socket_inet_loopback.cc @@ -35,10 +35,10 @@ #include "absl/time/time.h" #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_inet_loopback_test_params.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/posix_error.h" #include "test/util/save_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" @@ -308,7 +308,7 @@ TEST_P(SocketInetLoopbackTest, TCPListenShutdownListen) { sockaddr_storage conn_addr = connector.addr; ASSERT_NO_ERRNO(SetAddrPort(connector.family(), &conn_addr, port)); - // TODO(b/157236388): Remove Disable save after bug is fixed. S/R test can + // TODO(b/153489135): Remove Disable save after bug is fixed. S/R test can // fail because the last socket may not be delivered to the accept queue // by the time connect returns. DisableSave ds; @@ -707,7 +707,7 @@ TEST_P(SocketInetLoopbackTest, TCPNonBlockingConnectClose) { // Try many iterations to catch a race with socket close and handshake // completion. - for (int i = 0; i < 1000; ++i) { + for (int i = 0; i < 100; ++i) { FileDescriptor client = ASSERT_NO_ERRNO_AND_VALUE( Socket(connector.family(), SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP)); ASSERT_THAT( @@ -751,7 +751,7 @@ TEST_P(SocketInetLoopbackTest, TCPNonBlockingConnectClose) { } } -// TODO(b/157236388): Remove once bug is fixed. Test fails w/ +// TODO(b/153489135): Remove once bug is fixed. Test fails w/ // random save as established connections which can't be delivered to the accept // queue because the queue is full are not correctly delivered after restore // causing the last accept to timeout on the restore. @@ -801,7 +801,7 @@ TEST_P(SocketInetLoopbackTest, TCPAcceptBacklogSizes) { } } -// TODO(b/157236388): Remove once bug is fixed. Test fails w/ +// TODO(b/153489135): Remove once bug is fixed. Test fails w/ // random save as established connections which can't be delivered to the accept // queue because the queue is full are not correctly delivered after restore // causing the last accept to timeout on the restore. @@ -892,7 +892,7 @@ TEST_P(SocketInetLoopbackTest, TCPBacklog) { ASSERT_GE(client_conns, accepted_conns); } -// TODO(b/157236388): Remove once bug is fixed. Test fails w/ +// TODO(b/153489135): Remove once bug is fixed. Test fails w/ // random save as established connections which can't be delivered to the accept // queue because the queue is full are not correctly delivered after restore // causing the last accept to timeout on the restore. @@ -1136,7 +1136,7 @@ TEST_P(SocketInetLoopbackTest, TCPAcceptAfterReset) { sockaddr_storage conn_addr = connector.addr; ASSERT_NO_ERRNO(SetAddrPort(connector.family(), &conn_addr, port)); - // TODO(b/157236388): Reenable Cooperative S/R once bug is fixed. + // TODO(b/153489135): Reenable Cooperative S/R once bug is fixed. DisableSave ds; ASSERT_THAT(RetryEINTR(connect)(conn_fd.get(), AsSockAddr(&conn_addr), connector.addr_len), diff --git a/test/syscalls/linux/socket_inet_loopback_isolated.cc b/test/syscalls/linux/socket_inet_loopback_isolated.cc index ab2259b55..182d20a9e 100644 --- a/test/syscalls/linux/socket_inet_loopback_isolated.cc +++ b/test/syscalls/linux/socket_inet_loopback_isolated.cc @@ -18,7 +18,7 @@ #include "absl/time/clock.h" #include "absl/time/time.h" #include "test/syscalls/linux/socket_inet_loopback_test_params.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Unit tests in this file will run in their own network namespace. diff --git a/test/syscalls/linux/socket_inet_loopback_nogotsan.cc b/test/syscalls/linux/socket_inet_loopback_nogotsan.cc index b131213d4..479162487 100644 --- a/test/syscalls/linux/socket_inet_loopback_nogotsan.cc +++ b/test/syscalls/linux/socket_inet_loopback_nogotsan.cc @@ -28,10 +28,10 @@ #include "absl/strings/str_cat.h" #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_inet_loopback_test_params.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/posix_error.h" #include "test/util/save_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { @@ -104,16 +104,25 @@ INSTANTIATE_TEST_SUITE_P(All, SocketInetLoopbackTest, using SocketMultiProtocolInetLoopbackTest = ::testing::TestWithParam<ProtocolTestParam>; -TEST_P(SocketMultiProtocolInetLoopbackTest, BindAvoidsListeningPortsReuseAddr) { +TEST_P(SocketMultiProtocolInetLoopbackTest, + TCPBindAvoidsOtherBoundPortsReuseAddr) { ProtocolTestParam const& param = GetParam(); - // UDP sockets are allowed to bind/listen on the port w/ SO_REUSEADDR, for TCP - // this is only permitted if there is no other listening socket. + // UDP sockets are allowed to bind/listen on an already bound port w/ + // SO_REUSEADDR even when requesting a port from the kernel. In case of TCP + // rebinding is only permitted when SO_REUSEADDR is set and an explicit port + // is specified. When a zero port is specified to the bind() call then an + // already bound port will not be picked. SKIP_IF(param.type != SOCK_STREAM); DisableSave ds; // Too many syscalls. // A map of port to file descriptor binding the port. - std::map<uint16_t, FileDescriptor> listen_sockets; + std::map<uint16_t, FileDescriptor> bound_sockets; + + // Reduce number of ephemeral ports if permitted to reduce running time of + // the test. + [[maybe_unused]] const int nports = + ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); // Exhaust all ephemeral ports. while (true) { @@ -139,12 +148,59 @@ TEST_P(SocketMultiProtocolInetLoopbackTest, BindAvoidsListeningPortsReuseAddr) { SyscallSucceeds()); uint16_t port = reinterpret_cast<sockaddr_in*>(&bound_addr)->sin_port; - // Newly bound port should not already be in use by a listening socket. - ASSERT_EQ(listen_sockets.find(port), listen_sockets.end()); - auto fd = bound_fd.get(); - listen_sockets.insert(std::make_pair(port, std::move(bound_fd))); - ASSERT_THAT(listen(fd, SOMAXCONN), SyscallSucceeds()); + auto [iter, inserted] = bound_sockets.emplace(port, std::move(bound_fd)); + ASSERT_TRUE(inserted); + } +} + +TEST_P(SocketMultiProtocolInetLoopbackTest, + UDPBindMayBindOtherBoundPortsReuseAddr) { + ProtocolTestParam const& param = GetParam(); + // UDP sockets are allowed to bind/listen on an already bound port w/ + // SO_REUSEADDR even when requesting a port from the kernel. + SKIP_IF(param.type != SOCK_DGRAM); + + DisableSave ds; // Too many syscalls. + + // A map of port to file descriptor binding the port. + std::map<uint16_t, FileDescriptor> bound_sockets; + + // Reduce number of ephemeral ports if permitted to reduce running time of + // the test. + [[maybe_unused]] const int nports = + ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); + + // Exhaust all ephemeral ports. + bool duplicate_binding = false; + while (true) { + // Bind the v4 loopback on a v4 socket. + TestAddress const& test_addr = V4Loopback(); + sockaddr_storage bound_addr = test_addr.addr; + FileDescriptor bound_fd = + ASSERT_NO_ERRNO_AND_VALUE(Socket(test_addr.family(), param.type, 0)); + + ASSERT_THAT(setsockopt(bound_fd.get(), SOL_SOCKET, SO_REUSEADDR, + &kSockOptOn, sizeof(kSockOptOn)), + SyscallSucceeds()); + + ASSERT_THAT( + bind(bound_fd.get(), AsSockAddr(&bound_addr), test_addr.addr_len), + SyscallSucceeds()); + + // Get the port that we bound. + socklen_t bound_addr_len = test_addr.addr_len; + ASSERT_THAT( + getsockname(bound_fd.get(), AsSockAddr(&bound_addr), &bound_addr_len), + SyscallSucceeds()); + uint16_t port = reinterpret_cast<sockaddr_in*>(&bound_addr)->sin_port; + + auto [iter, inserted] = bound_sockets.emplace(port, std::move(bound_fd)); + if (!inserted) { + duplicate_binding = true; + break; + } } + ASSERT_TRUE(duplicate_binding); } INSTANTIATE_TEST_SUITE_P(AllFamilies, SocketMultiProtocolInetLoopbackTest, diff --git a/test/syscalls/linux/socket_inet_loopback_test_params.h b/test/syscalls/linux/socket_inet_loopback_test_params.h index 42b48eb8a..163e595a8 100644 --- a/test/syscalls/linux/socket_inet_loopback_test_params.h +++ b/test/syscalls/linux/socket_inet_loopback_test_params.h @@ -16,7 +16,7 @@ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_INET_LOOPBACK_TEST_PARAMS_H_ #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_ip_loopback_blocking.cc b/test/syscalls/linux/socket_ip_loopback_blocking.cc index fda252dd7..caa5c0c63 100644 --- a/test/syscalls/linux/socket_ip_loopback_blocking.cc +++ b/test/syscalls/linux/socket_ip_loopback_blocking.cc @@ -18,7 +18,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_tcp_generic.cc b/test/syscalls/linux/socket_ip_tcp_generic.cc index 2f5743cda..3271263c8 100644 --- a/test/syscalls/linux/socket_ip_tcp_generic.cc +++ b/test/syscalls/linux/socket_ip_tcp_generic.cc @@ -28,7 +28,7 @@ #include "absl/memory/memory.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/temp_path.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket_ip_tcp_generic.h b/test/syscalls/linux/socket_ip_tcp_generic.h index a3eff3c73..e9e60ef4c 100644 --- a/test/syscalls/linux/socket_ip_tcp_generic.h +++ b/test/syscalls/linux/socket_ip_tcp_generic.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IP_TCP_GENERIC_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IP_TCP_GENERIC_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_ip_tcp_generic_loopback.cc b/test/syscalls/linux/socket_ip_tcp_generic_loopback.cc index 4e79d21f4..3406874b8 100644 --- a/test/syscalls/linux/socket_ip_tcp_generic_loopback.cc +++ b/test/syscalls/linux/socket_ip_tcp_generic_loopback.cc @@ -18,7 +18,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_ip_tcp_generic.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_tcp_loopback.cc b/test/syscalls/linux/socket_ip_tcp_loopback.cc index 9db3037bc..0796b8634 100644 --- a/test/syscalls/linux/socket_ip_tcp_loopback.cc +++ b/test/syscalls/linux/socket_ip_tcp_loopback.cc @@ -16,7 +16,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_generic.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_tcp_loopback_blocking.cc b/test/syscalls/linux/socket_ip_tcp_loopback_blocking.cc index f996b93d2..533ccc3ae 100644 --- a/test/syscalls/linux/socket_ip_tcp_loopback_blocking.cc +++ b/test/syscalls/linux/socket_ip_tcp_loopback_blocking.cc @@ -18,7 +18,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_stream_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_tcp_loopback_nonblock.cc b/test/syscalls/linux/socket_ip_tcp_loopback_nonblock.cc index ffa377210..05fe2a738 100644 --- a/test/syscalls/linux/socket_ip_tcp_loopback_nonblock.cc +++ b/test/syscalls/linux/socket_ip_tcp_loopback_nonblock.cc @@ -18,7 +18,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_non_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_tcp_udp_generic.cc b/test/syscalls/linux/socket_ip_tcp_udp_generic.cc index f178f1af9..88adb5b1b 100644 --- a/test/syscalls/linux/socket_ip_tcp_udp_generic.cc +++ b/test/syscalls/linux/socket_ip_tcp_udp_generic.cc @@ -23,7 +23,7 @@ #include "gtest/gtest.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_udp_generic.cc b/test/syscalls/linux/socket_ip_udp_generic.cc index 1694e188a..8a87f2667 100644 --- a/test/syscalls/linux/socket_ip_udp_generic.cc +++ b/test/syscalls/linux/socket_ip_udp_generic.cc @@ -28,7 +28,7 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_udp_generic.h b/test/syscalls/linux/socket_ip_udp_generic.h index 106c54e9f..a3a66c768 100644 --- a/test/syscalls/linux/socket_ip_udp_generic.h +++ b/test/syscalls/linux/socket_ip_udp_generic.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IP_UDP_GENERIC_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IP_UDP_GENERIC_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_ip_udp_loopback.cc b/test/syscalls/linux/socket_ip_udp_loopback.cc index c7fa44884..6d06bd580 100644 --- a/test/syscalls/linux/socket_ip_udp_loopback.cc +++ b/test/syscalls/linux/socket_ip_udp_loopback.cc @@ -18,7 +18,7 @@ #include "test/syscalls/linux/socket_generic.h" #include "test/syscalls/linux/socket_ip_udp_generic.h" #include "test/syscalls/linux/socket_non_stream.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_udp_loopback_blocking.cc b/test/syscalls/linux/socket_ip_udp_loopback_blocking.cc index d6925a8df..60d02e079 100644 --- a/test/syscalls/linux/socket_ip_udp_loopback_blocking.cc +++ b/test/syscalls/linux/socket_ip_udp_loopback_blocking.cc @@ -16,7 +16,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_non_stream_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_udp_loopback_nonblock.cc b/test/syscalls/linux/socket_ip_udp_loopback_nonblock.cc index d675eddc6..c011e3658 100644 --- a/test/syscalls/linux/socket_ip_udp_loopback_nonblock.cc +++ b/test/syscalls/linux/socket_ip_udp_loopback_nonblock.cc @@ -16,7 +16,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_non_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_udp_unbound_external_networking.cc b/test/syscalls/linux/socket_ip_udp_unbound_external_networking.cc index fdbb2216b..af2459a2f 100644 --- a/test/syscalls/linux/socket_ip_udp_unbound_external_networking.cc +++ b/test/syscalls/linux/socket_ip_udp_unbound_external_networking.cc @@ -14,7 +14,7 @@ #include "test/syscalls/linux/socket_ip_udp_unbound_external_networking.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_udp_unbound_external_networking.h b/test/syscalls/linux/socket_ip_udp_unbound_external_networking.h index e5287addb..2e8aab129 100644 --- a/test/syscalls/linux/socket_ip_udp_unbound_external_networking.h +++ b/test/syscalls/linux/socket_ip_udp_unbound_external_networking.h @@ -16,7 +16,7 @@ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IP_UDP_UNBOUND_EXTERNAL_NETWORKING_H_ #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_ip_unbound.cc b/test/syscalls/linux/socket_ip_unbound.cc index 029f1e872..930f19e59 100644 --- a/test/syscalls/linux/socket_ip_unbound.cc +++ b/test/syscalls/linux/socket_ip_unbound.cc @@ -24,7 +24,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ip_unbound_netlink.cc b/test/syscalls/linux/socket_ip_unbound_netlink.cc index b02222999..803a3b30b 100644 --- a/test/syscalls/linux/socket_ip_unbound_netlink.cc +++ b/test/syscalls/linux/socket_ip_unbound_netlink.cc @@ -25,8 +25,8 @@ #include "gtest/gtest.h" #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_netlink_route_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv4_udp_unbound.cc b/test/syscalls/linux/socket_ipv4_udp_unbound.cc index 18be4dcc7..816d1181c 100644 --- a/test/syscalls/linux/socket_ipv4_udp_unbound.cc +++ b/test/syscalls/linux/socket_ipv4_udp_unbound.cc @@ -26,9 +26,9 @@ #include "gtest/gtest.h" #include "absl/memory/memory.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/posix_error.h" #include "test/util/save_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv4_udp_unbound.h b/test/syscalls/linux/socket_ipv4_udp_unbound.h index f64c57645..3818a3490 100644 --- a/test/syscalls/linux/socket_ipv4_udp_unbound.h +++ b/test/syscalls/linux/socket_ipv4_udp_unbound.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV4_UDP_UNBOUND_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV4_UDP_UNBOUND_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_ipv4_udp_unbound_external_networking_test.cc b/test/syscalls/linux/socket_ipv4_udp_unbound_external_networking_test.cc index f6e64c157..ebf2185f2 100644 --- a/test/syscalls/linux/socket_ipv4_udp_unbound_external_networking_test.cc +++ b/test/syscalls/linux/socket_ipv4_udp_unbound_external_networking_test.cc @@ -17,7 +17,7 @@ #include <vector> #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv4_udp_unbound_loopback.cc b/test/syscalls/linux/socket_ipv4_udp_unbound_loopback.cc index f121c044d..00930c544 100644 --- a/test/syscalls/linux/socket_ipv4_udp_unbound_loopback.cc +++ b/test/syscalls/linux/socket_ipv4_udp_unbound_loopback.cc @@ -16,7 +16,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_ipv4_udp_unbound.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_netlink.cc b/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_netlink.cc index 8052bf404..f90a48630 100644 --- a/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_netlink.cc +++ b/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_netlink.cc @@ -16,7 +16,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_ipv4_udp_unbound_netlink.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_nogotsan.cc b/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_nogotsan.cc index 7ca6d52e4..5a7bca658 100644 --- a/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_nogotsan.cc +++ b/test/syscalls/linux/socket_ipv4_udp_unbound_loopback_nogotsan.cc @@ -18,7 +18,7 @@ #include "gtest/gtest.h" #include "absl/memory/memory.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { @@ -31,7 +31,7 @@ using IPv4UDPUnboundSocketNogotsanTest = SimpleSocketTest; // We disable S/R because this test creates a large number of sockets. TEST_P(IPv4UDPUnboundSocketNogotsanTest, UDPConnectPortExhaustion) { auto receiver1 = ASSERT_NO_ERRNO_AND_VALUE(NewSocket()); - constexpr int kClients = 65536; + const int kClients = ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); // Bind the first socket to the loopback and take note of the selected port. auto addr = V4Loopback(); ASSERT_THAT(bind(receiver1->get(), AsSockAddr(&addr.addr), addr.addr_len), @@ -61,7 +61,7 @@ TEST_P(IPv4UDPUnboundSocketNogotsanTest, UDPConnectPortExhaustion) { // We disable S/R because this test creates a large number of sockets. TEST_P(IPv4UDPUnboundSocketNogotsanTest, UDPBindPortExhaustion) { auto receiver1 = ASSERT_NO_ERRNO_AND_VALUE(NewSocket()); - constexpr int kClients = 65536; + const int kClients = ASSERT_NO_ERRNO_AND_VALUE(MaybeLimitEphemeralPorts()); auto addr = V4Loopback(); // Disable cooperative S/R as we are making too many syscalls. DisableSave ds; diff --git a/test/syscalls/linux/socket_ipv4_udp_unbound_netlink.h b/test/syscalls/linux/socket_ipv4_udp_unbound_netlink.h index 73e7836d5..17c8e2b84 100644 --- a/test/syscalls/linux/socket_ipv4_udp_unbound_netlink.h +++ b/test/syscalls/linux/socket_ipv4_udp_unbound_netlink.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV4_UDP_UNBOUND_NETLINK_UTIL_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV4_UDP_UNBOUND_NETLINK_UTIL_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_ipv6_udp_unbound.cc b/test/syscalls/linux/socket_ipv6_udp_unbound.cc index a4e3371f4..612fd531c 100644 --- a/test/syscalls/linux/socket_ipv6_udp_unbound.cc +++ b/test/syscalls/linux/socket_ipv6_udp_unbound.cc @@ -31,9 +31,9 @@ #include "gtest/gtest.h" #include "absl/memory/memory.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/posix_error.h" #include "test/util/save_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv6_udp_unbound.h b/test/syscalls/linux/socket_ipv6_udp_unbound.h index 71e160f73..060343eaf 100644 --- a/test/syscalls/linux/socket_ipv6_udp_unbound.h +++ b/test/syscalls/linux/socket_ipv6_udp_unbound.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV6_UDP_UNBOUND_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV6_UDP_UNBOUND_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_ipv6_udp_unbound_external_networking_test.cc b/test/syscalls/linux/socket_ipv6_udp_unbound_external_networking_test.cc index 5c764b8fd..ff12eafc3 100644 --- a/test/syscalls/linux/socket_ipv6_udp_unbound_external_networking_test.cc +++ b/test/syscalls/linux/socket_ipv6_udp_unbound_external_networking_test.cc @@ -17,7 +17,7 @@ #include <vector> #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv6_udp_unbound_loopback.cc b/test/syscalls/linux/socket_ipv6_udp_unbound_loopback.cc index 058336ecc..f11f444a2 100644 --- a/test/syscalls/linux/socket_ipv6_udp_unbound_loopback.cc +++ b/test/syscalls/linux/socket_ipv6_udp_unbound_loopback.cc @@ -16,7 +16,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_ipv6_udp_unbound.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv6_udp_unbound_loopback_netlink.cc b/test/syscalls/linux/socket_ipv6_udp_unbound_loopback_netlink.cc index 17021ff82..565f9bc2e 100644 --- a/test/syscalls/linux/socket_ipv6_udp_unbound_loopback_netlink.cc +++ b/test/syscalls/linux/socket_ipv6_udp_unbound_loopback_netlink.cc @@ -16,7 +16,7 @@ #include "test/syscalls/linux/ip_socket_test_util.h" #include "test/syscalls/linux/socket_ipv6_udp_unbound_netlink.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_ipv6_udp_unbound_netlink.h b/test/syscalls/linux/socket_ipv6_udp_unbound_netlink.h index 88098be82..f017a4c89 100644 --- a/test/syscalls/linux/socket_ipv6_udp_unbound_netlink.h +++ b/test/syscalls/linux/socket_ipv6_udp_unbound_netlink.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV6_UDP_UNBOUND_NETLINK_UTIL_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV6_UDP_UNBOUND_NETLINK_UTIL_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_netdevice.cc b/test/syscalls/linux/socket_netdevice.cc index 5f8d7f981..c95c5305d 100644 --- a/test/syscalls/linux/socket_netdevice.cc +++ b/test/syscalls/linux/socket_netdevice.cc @@ -22,8 +22,8 @@ #include "gtest/gtest.h" #include "absl/base/internal/endian.h" #include "test/syscalls/linux/socket_netlink_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Tests for netdevice queries. @@ -37,6 +37,7 @@ using ::testing::AnyOf; using ::testing::Eq; TEST(NetdeviceTest, Loopback) { + SKIP_IF(IsRunningWithHostinet()); FileDescriptor sock = ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_DGRAM, 0)); @@ -60,6 +61,7 @@ TEST(NetdeviceTest, Loopback) { } TEST(NetdeviceTest, Netmask) { + SKIP_IF(IsRunningWithHostinet()); // We need an interface index to identify the loopback device. FileDescriptor sock = ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_DGRAM, 0)); @@ -135,6 +137,7 @@ TEST(NetdeviceTest, Netmask) { } TEST(NetdeviceTest, InterfaceName) { + SKIP_IF(IsRunningWithHostinet()); FileDescriptor sock = ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_DGRAM, 0)); @@ -168,6 +171,7 @@ TEST(NetdeviceTest, InterfaceFlags) { } TEST(NetdeviceTest, InterfaceMTU) { + SKIP_IF(IsRunningWithHostinet()); FileDescriptor sock = ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_DGRAM, 0)); @@ -181,6 +185,7 @@ TEST(NetdeviceTest, InterfaceMTU) { } TEST(NetdeviceTest, EthtoolGetTSInfo) { + SKIP_IF(IsRunningWithHostinet()); FileDescriptor sock = ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_DGRAM, 0)); diff --git a/test/syscalls/linux/socket_netlink.cc b/test/syscalls/linux/socket_netlink.cc index 4ec0fd4fa..c78529a14 100644 --- a/test/syscalls/linux/socket_netlink.cc +++ b/test/syscalls/linux/socket_netlink.cc @@ -18,8 +18,8 @@ #include <unistd.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Tests for all netlink socket protocols. diff --git a/test/syscalls/linux/socket_netlink_route.cc b/test/syscalls/linux/socket_netlink_route.cc index ee3c08770..a5c788346 100644 --- a/test/syscalls/linux/socket_netlink_route.cc +++ b/test/syscalls/linux/socket_netlink_route.cc @@ -29,10 +29,10 @@ #include "absl/strings/str_format.h" #include "test/syscalls/linux/socket_netlink_route_util.h" #include "test/syscalls/linux/socket_netlink_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/cleanup.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Tests for NETLINK_ROUTE sockets. diff --git a/test/syscalls/linux/socket_netlink_uevent.cc b/test/syscalls/linux/socket_netlink_uevent.cc index da425bed4..9e025911b 100644 --- a/test/syscalls/linux/socket_netlink_uevent.cc +++ b/test/syscalls/linux/socket_netlink_uevent.cc @@ -20,8 +20,8 @@ #include "gtest/gtest.h" #include "test/syscalls/linux/socket_netlink_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" // Tests for NETLINK_KOBJECT_UEVENT sockets. diff --git a/test/syscalls/linux/socket_netlink_util.cc b/test/syscalls/linux/socket_netlink_util.cc index bdebea321..c1bff3c65 100644 --- a/test/syscalls/linux/socket_netlink_util.cc +++ b/test/syscalls/linux/socket_netlink_util.cc @@ -22,7 +22,7 @@ #include <vector> #include "absl/strings/str_cat.h" -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_non_blocking.cc b/test/syscalls/linux/socket_non_blocking.cc index c3520cadd..3d09485d3 100644 --- a/test/syscalls/linux/socket_non_blocking.cc +++ b/test/syscalls/linux/socket_non_blocking.cc @@ -20,8 +20,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_non_blocking.h b/test/syscalls/linux/socket_non_blocking.h index bd3e02fd2..604206cfb 100644 --- a/test/syscalls/linux/socket_non_blocking.h +++ b/test/syscalls/linux/socket_non_blocking.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_NON_BLOCKING_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_NON_BLOCKING_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_non_stream.cc b/test/syscalls/linux/socket_non_stream.cc index c61817f14..7c3310909 100644 --- a/test/syscalls/linux/socket_non_stream.cc +++ b/test/syscalls/linux/socket_non_stream.cc @@ -20,8 +20,8 @@ #include "gtest/gtest.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_non_stream.h b/test/syscalls/linux/socket_non_stream.h index 469fbe6a2..4876730f9 100644 --- a/test/syscalls/linux/socket_non_stream.h +++ b/test/syscalls/linux/socket_non_stream.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_NON_STREAM_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_NON_STREAM_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_non_stream_blocking.cc b/test/syscalls/linux/socket_non_stream_blocking.cc index b052f6e61..ac33407f8 100644 --- a/test/syscalls/linux/socket_non_stream_blocking.cc +++ b/test/syscalls/linux/socket_non_stream_blocking.cc @@ -22,8 +22,8 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket_non_stream_blocking.h b/test/syscalls/linux/socket_non_stream_blocking.h index 6e205a039..71520bb37 100644 --- a/test/syscalls/linux/socket_non_stream_blocking.h +++ b/test/syscalls/linux/socket_non_stream_blocking.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_NON_STREAM_BLOCKING_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_NON_STREAM_BLOCKING_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_stream.cc b/test/syscalls/linux/socket_stream.cc index 6522b2e01..11903f28b 100644 --- a/test/syscalls/linux/socket_stream.cc +++ b/test/syscalls/linux/socket_stream.cc @@ -21,8 +21,8 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_stream.h b/test/syscalls/linux/socket_stream.h index b837b8f8c..dc6fb2f98 100644 --- a/test/syscalls/linux/socket_stream.h +++ b/test/syscalls/linux/socket_stream.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_STREAM_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_STREAM_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_stream_blocking.cc b/test/syscalls/linux/socket_stream_blocking.cc index 0743322ac..e168f79ff 100644 --- a/test/syscalls/linux/socket_stream_blocking.cc +++ b/test/syscalls/linux/socket_stream_blocking.cc @@ -22,8 +22,8 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" #include "test/util/timer_util.h" diff --git a/test/syscalls/linux/socket_stream_blocking.h b/test/syscalls/linux/socket_stream_blocking.h index 9fd19ff90..f760188f6 100644 --- a/test/syscalls/linux/socket_stream_blocking.h +++ b/test/syscalls/linux/socket_stream_blocking.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_STREAM_BLOCKING_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_STREAM_BLOCKING_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_stream_nonblock.cc b/test/syscalls/linux/socket_stream_nonblock.cc index 74d608741..788fae906 100644 --- a/test/syscalls/linux/socket_stream_nonblock.cc +++ b/test/syscalls/linux/socket_stream_nonblock.cc @@ -20,8 +20,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_stream_nonblock.h b/test/syscalls/linux/socket_stream_nonblock.h index c3b7fad91..d1adaa95c 100644 --- a/test/syscalls/linux/socket_stream_nonblock.h +++ b/test/syscalls/linux/socket_stream_nonblock.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_STREAM_NONBLOCK_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_STREAM_NONBLOCK_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_unix.cc b/test/syscalls/linux/socket_unix.cc index 591cab3fd..cf96b2075 100644 --- a/test/syscalls/linux/socket_unix.cc +++ b/test/syscalls/linux/socket_unix.cc @@ -26,8 +26,8 @@ #include "gtest/gtest.h" #include "absl/strings/string_view.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket_unix.h b/test/syscalls/linux/socket_unix.h index 3625cc404..f6405f399 100644 --- a/test/syscalls/linux/socket_unix.h +++ b/test/syscalls/linux/socket_unix.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_unix_abstract_nonblock.cc b/test/syscalls/linux/socket_unix_abstract_nonblock.cc index 8bef76b67..617c5bfe5 100644 --- a/test/syscalls/linux/socket_unix_abstract_nonblock.cc +++ b/test/syscalls/linux/socket_unix_abstract_nonblock.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_non_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_blocking_local.cc b/test/syscalls/linux/socket_unix_blocking_local.cc index 77cb8c6d6..ba34320bc 100644 --- a/test/syscalls/linux/socket_unix_blocking_local.cc +++ b/test/syscalls/linux/socket_unix_blocking_local.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_cmsg.cc b/test/syscalls/linux/socket_unix_cmsg.cc index 22a4ee0d1..6191b1448 100644 --- a/test/syscalls/linux/socket_unix_cmsg.cc +++ b/test/syscalls/linux/socket_unix_cmsg.cc @@ -26,8 +26,8 @@ #include "gtest/gtest.h" #include "absl/strings/string_view.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/socket_unix_cmsg.h b/test/syscalls/linux/socket_unix_cmsg.h index 431606903..f5a276155 100644 --- a/test/syscalls/linux/socket_unix_cmsg.h +++ b/test/syscalls/linux/socket_unix_cmsg.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_CMSG_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_CMSG_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_unix_dgram.cc b/test/syscalls/linux/socket_unix_dgram.cc index 5b0844493..d43c83d71 100644 --- a/test/syscalls/linux/socket_unix_dgram.cc +++ b/test/syscalls/linux/socket_unix_dgram.cc @@ -20,8 +20,8 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_dgram.h b/test/syscalls/linux/socket_unix_dgram.h index 0764ef85b..e9b8373a5 100644 --- a/test/syscalls/linux/socket_unix_dgram.h +++ b/test/syscalls/linux/socket_unix_dgram.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_DGRAM_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_DGRAM_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_unix_dgram_local.cc b/test/syscalls/linux/socket_unix_dgram_local.cc index 31d2d5216..4760630b9 100644 --- a/test/syscalls/linux/socket_unix_dgram_local.cc +++ b/test/syscalls/linux/socket_unix_dgram_local.cc @@ -15,10 +15,10 @@ #include <vector> #include "test/syscalls/linux/socket_non_stream.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/socket_unix_dgram.h" #include "test/syscalls/linux/socket_unix_non_stream.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_dgram_non_blocking.cc b/test/syscalls/linux/socket_unix_dgram_non_blocking.cc index 2db8b68d3..ca277122e 100644 --- a/test/syscalls/linux/socket_unix_dgram_non_blocking.cc +++ b/test/syscalls/linux/socket_unix_dgram_non_blocking.cc @@ -16,8 +16,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_domain.cc b/test/syscalls/linux/socket_unix_domain.cc index f7dff8b4d..d8cb5b892 100644 --- a/test/syscalls/linux/socket_unix_domain.cc +++ b/test/syscalls/linux/socket_unix_domain.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_generic.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_filesystem_nonblock.cc b/test/syscalls/linux/socket_unix_filesystem_nonblock.cc index 6700b4d90..cdd38f681 100644 --- a/test/syscalls/linux/socket_unix_filesystem_nonblock.cc +++ b/test/syscalls/linux/socket_unix_filesystem_nonblock.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_non_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_non_stream.cc b/test/syscalls/linux/socket_unix_non_stream.cc index 9425e87a6..d18f9e7b0 100644 --- a/test/syscalls/linux/socket_unix_non_stream.cc +++ b/test/syscalls/linux/socket_unix_non_stream.cc @@ -19,9 +19,9 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/memory_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_non_stream.h b/test/syscalls/linux/socket_unix_non_stream.h index 7478ab172..44d1c0033 100644 --- a/test/syscalls/linux/socket_unix_non_stream.h +++ b/test/syscalls/linux/socket_unix_non_stream.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_NON_STREAM_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_NON_STREAM_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_unix_non_stream_blocking_local.cc b/test/syscalls/linux/socket_unix_non_stream_blocking_local.cc index fddcdf1c5..92f40f5e5 100644 --- a/test/syscalls/linux/socket_unix_non_stream_blocking_local.cc +++ b/test/syscalls/linux/socket_unix_non_stream_blocking_local.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_non_stream_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_pair.cc b/test/syscalls/linux/socket_unix_pair.cc index 85999db04..28a437339 100644 --- a/test/syscalls/linux/socket_unix_pair.cc +++ b/test/syscalls/linux/socket_unix_pair.cc @@ -14,10 +14,10 @@ #include <vector> -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/socket_unix.h" #include "test/syscalls/linux/socket_unix_cmsg.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_pair_nonblock.cc b/test/syscalls/linux/socket_unix_pair_nonblock.cc index 281410a9a..39360896b 100644 --- a/test/syscalls/linux/socket_unix_pair_nonblock.cc +++ b/test/syscalls/linux/socket_unix_pair_nonblock.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_non_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_seqpacket.cc b/test/syscalls/linux/socket_unix_seqpacket.cc index d6e7031c0..2a2741eb9 100644 --- a/test/syscalls/linux/socket_unix_seqpacket.cc +++ b/test/syscalls/linux/socket_unix_seqpacket.cc @@ -20,8 +20,8 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_seqpacket.h b/test/syscalls/linux/socket_unix_seqpacket.h index 30d9b9edf..5bb36af92 100644 --- a/test/syscalls/linux/socket_unix_seqpacket.h +++ b/test/syscalls/linux/socket_unix_seqpacket.h @@ -15,7 +15,7 @@ #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_SEQPACKET_H_ #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_UNIX_SEQPACKET_H_ -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/socket_unix_seqpacket_local.cc b/test/syscalls/linux/socket_unix_seqpacket_local.cc index 69a5f150d..492416a77 100644 --- a/test/syscalls/linux/socket_unix_seqpacket_local.cc +++ b/test/syscalls/linux/socket_unix_seqpacket_local.cc @@ -15,10 +15,10 @@ #include <vector> #include "test/syscalls/linux/socket_non_stream.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/socket_unix_non_stream.h" #include "test/syscalls/linux/socket_unix_seqpacket.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_stream.cc b/test/syscalls/linux/socket_unix_stream.cc index 3ff810914..6e9f70f8c 100644 --- a/test/syscalls/linux/socket_unix_stream.cc +++ b/test/syscalls/linux/socket_unix_stream.cc @@ -19,8 +19,8 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_stream_blocking_local.cc b/test/syscalls/linux/socket_unix_stream_blocking_local.cc index 8429bd429..97a6bb327 100644 --- a/test/syscalls/linux/socket_unix_stream_blocking_local.cc +++ b/test/syscalls/linux/socket_unix_stream_blocking_local.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_stream_blocking.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_stream_local.cc b/test/syscalls/linux/socket_unix_stream_local.cc index a7e3449a9..4b267ccae 100644 --- a/test/syscalls/linux/socket_unix_stream_local.cc +++ b/test/syscalls/linux/socket_unix_stream_local.cc @@ -15,8 +15,8 @@ #include <vector> #include "test/syscalls/linux/socket_stream.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_stream_nonblock_local.cc b/test/syscalls/linux/socket_unix_stream_nonblock_local.cc index 4b763c8e2..d7bf7747b 100644 --- a/test/syscalls/linux/socket_unix_stream_nonblock_local.cc +++ b/test/syscalls/linux/socket_unix_stream_nonblock_local.cc @@ -14,8 +14,8 @@ #include <vector> #include "test/syscalls/linux/socket_stream_nonblock.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_unbound_abstract.cc b/test/syscalls/linux/socket_unix_unbound_abstract.cc index dd3d25450..0f6864266 100644 --- a/test/syscalls/linux/socket_unix_unbound_abstract.cc +++ b/test/syscalls/linux/socket_unix_unbound_abstract.cc @@ -16,8 +16,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_unbound_dgram.cc b/test/syscalls/linux/socket_unix_unbound_dgram.cc index 907dca0f1..ccf2c94a1 100644 --- a/test/syscalls/linux/socket_unix_unbound_dgram.cc +++ b/test/syscalls/linux/socket_unix_unbound_dgram.cc @@ -17,8 +17,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_unbound_filesystem.cc b/test/syscalls/linux/socket_unix_unbound_filesystem.cc index a035fb095..811fe12a1 100644 --- a/test/syscalls/linux/socket_unix_unbound_filesystem.cc +++ b/test/syscalls/linux/socket_unix_unbound_filesystem.cc @@ -17,9 +17,9 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_unbound_seqpacket.cc b/test/syscalls/linux/socket_unix_unbound_seqpacket.cc index cb99030f5..e22018890 100644 --- a/test/syscalls/linux/socket_unix_unbound_seqpacket.cc +++ b/test/syscalls/linux/socket_unix_unbound_seqpacket.cc @@ -16,8 +16,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/socket_unix_unbound_stream.cc b/test/syscalls/linux/socket_unix_unbound_stream.cc index f185dded3..b10062bc2 100644 --- a/test/syscalls/linux/socket_unix_unbound_stream.cc +++ b/test/syscalls/linux/socket_unix_unbound_stream.cc @@ -16,8 +16,8 @@ #include <sys/un.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/tcp_socket.cc b/test/syscalls/linux/tcp_socket.cc index 183819faf..cb77986c2 100644 --- a/test/syscalls/linux/tcp_socket.cc +++ b/test/syscalls/linux/tcp_socket.cc @@ -29,9 +29,9 @@ #include "gtest/gtest.h" #include "absl/time/clock.h" #include "absl/time/time.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/tuntap.cc b/test/syscalls/linux/tuntap.cc index 279fe342c..7c9c5c870 100644 --- a/test/syscalls/linux/tuntap.cc +++ b/test/syscalls/linux/tuntap.cc @@ -24,16 +24,18 @@ #include <sys/socket.h> #include <sys/types.h> +#include <cstddef> + #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/strings/ascii.h" #include "absl/strings/str_split.h" #include "test/syscalls/linux/socket_netlink_route_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/capability_util.h" #include "test/util/file_descriptor.h" #include "test/util/fs_util.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { @@ -44,6 +46,7 @@ constexpr int kIPLen = 4; constexpr const char kDevNetTun[] = "/dev/net/tun"; constexpr const char kTapName[] = "tap0"; +constexpr const char kTunName[] = "tun0"; #define kTapIPAddr htonl(0x0a000001) /* Inet 10.0.0.1 */ #define kTapPeerIPAddr htonl(0x0a000002) /* Inet 10.0.0.2 */ @@ -413,6 +416,47 @@ TEST_F(TuntapTest, SendUdpTriggersArpResolution) { } } +TEST_F(TuntapTest, TUNNoPacketInfo) { + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_ADMIN))); + + // Interface creation. + FileDescriptor fd = ASSERT_NO_ERRNO_AND_VALUE(Open(kDevNetTun, O_RDWR)); + + struct ifreq ifr_set = {}; + ifr_set.ifr_flags = IFF_TUN | IFF_NO_PI; + strncpy(ifr_set.ifr_name, kTunName, IFNAMSIZ); + EXPECT_THAT(ioctl(fd.get(), TUNSETIFF, &ifr_set), SyscallSucceeds()); + + // Interface setup. + auto link = ASSERT_NO_ERRNO_AND_VALUE(GetLinkByName(kTunName)); + const struct in_addr dev_ipv4_addr = {.s_addr = kTapIPAddr}; + EXPECT_NO_ERRNO(LinkAddLocalAddr(link.index, AF_INET, 24, &dev_ipv4_addr, + sizeof(dev_ipv4_addr))); + + ping_pkt ping_req = + CreatePingPacket(kMacB, kTapPeerIPAddr, kMacA, kTapIPAddr); + size_t packet_size = sizeof(ping_req) - offsetof(ping_pkt, ip); + + // Send ICMP query + EXPECT_THAT(write(fd.get(), &ping_req.ip, packet_size), + SyscallSucceedsWithValue(packet_size)); + + // Receive loop to process inbound packets. + while (1) { + ping_pkt ping_resp = {}; + EXPECT_THAT(read(fd.get(), &ping_resp.ip, packet_size), + SyscallSucceedsWithValue(packet_size)); + + // Process ping response packet. + if (!memcmp(&ping_resp.ip.saddr, &ping_req.ip.daddr, kIPLen) && + !memcmp(&ping_resp.ip.daddr, &ping_req.ip.saddr, kIPLen) && + ping_resp.icmp.type == 0 && ping_resp.icmp.code == 0) { + // Ends and passes the test. + break; + } + } +} + // TCPBlockingConnectFailsArpResolution tests for TCP connect to fail on link // address resolution failure to a routable, but non existent peer. TEST_F(TuntapTest, TCPBlockingConnectFailsArpResolution) { diff --git a/test/syscalls/linux/udp_bind.cc b/test/syscalls/linux/udp_bind.cc index f68d78aa2..5ed115a14 100644 --- a/test/syscalls/linux/udp_bind.cc +++ b/test/syscalls/linux/udp_bind.cc @@ -17,8 +17,8 @@ #include <sys/types.h> #include "gtest/gtest.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/util/file_descriptor.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" namespace gvisor { diff --git a/test/syscalls/linux/udp_socket.cc b/test/syscalls/linux/udp_socket.cc index b40598767..3353e58cb 100644 --- a/test/syscalls/linux/udp_socket.cc +++ b/test/syscalls/linux/udp_socket.cc @@ -39,10 +39,10 @@ #include "absl/time/clock.h" #include "absl/time/time.h" #include "test/syscalls/linux/ip_socket_test_util.h" -#include "test/syscalls/linux/socket_test_util.h" #include "test/syscalls/linux/unix_domain_socket_test_util.h" #include "test/util/file_descriptor.h" #include "test/util/posix_error.h" +#include "test/util/socket_util.h" #include "test/util/test_util.h" #include "test/util/thread_util.h" diff --git a/test/syscalls/linux/unix_domain_socket_test_util.h b/test/syscalls/linux/unix_domain_socket_test_util.h index b8073db17..4240bd5f6 100644 --- a/test/syscalls/linux/unix_domain_socket_test_util.h +++ b/test/syscalls/linux/unix_domain_socket_test_util.h @@ -17,7 +17,7 @@ #include <string> -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/syscalls/linux/verity_getdents.cc b/test/syscalls/linux/verity_getdents.cc index 093595dd3..822a75254 100644 --- a/test/syscalls/linux/verity_getdents.cc +++ b/test/syscalls/linux/verity_getdents.cc @@ -58,16 +58,16 @@ class GetDentsTest : public ::testing::Test { }; TEST_F(GetDentsTest, GetDents) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); std::vector<std::string> expect = {".", "..", filename_}; EXPECT_NO_ERRNO(DirContains(verity_dir, expect, /*exclude=*/{})); } TEST_F(GetDentsTest, Deleted) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); EXPECT_THAT(unlink(JoinPath(tmpfs_dir_.path(), filename_).c_str()), SyscallSucceeds()); @@ -77,8 +77,8 @@ TEST_F(GetDentsTest, Deleted) { } TEST_F(GetDentsTest, Renamed) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); std::string new_file_name = "renamed-" + filename_; EXPECT_THAT(rename(JoinPath(tmpfs_dir_.path(), filename_).c_str(), diff --git a/test/syscalls/linux/verity_ioctl.cc b/test/syscalls/linux/verity_ioctl.cc index be91b23d0..45650809c 100644 --- a/test/syscalls/linux/verity_ioctl.cc +++ b/test/syscalls/linux/verity_ioctl.cc @@ -105,8 +105,8 @@ TEST_F(IoctlTest, Measure) { } TEST_F(IoctlTest, Mount) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Make sure the file can be open and read in the mounted verity fs. auto const verity_fd = ASSERT_NO_ERRNO_AND_VALUE( @@ -117,8 +117,8 @@ TEST_F(IoctlTest, Mount) { } TEST_F(IoctlTest, NonExistingFile) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Confirm that opening a non-existing file in the verity-enabled directory // triggers the expected error instead of verification failure. @@ -128,8 +128,8 @@ TEST_F(IoctlTest, NonExistingFile) { } TEST_F(IoctlTest, ModifiedFile) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Modify the file and check verification failure upon reading from it. auto const fd = ASSERT_NO_ERRNO_AND_VALUE( @@ -143,8 +143,8 @@ TEST_F(IoctlTest, ModifiedFile) { } TEST_F(IoctlTest, ModifiedMerkle) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Modify the Merkle file and check verification failure upon opening the // corresponding file. @@ -158,8 +158,8 @@ TEST_F(IoctlTest, ModifiedMerkle) { } TEST_F(IoctlTest, ModifiedDirMerkle) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Modify the Merkle file for the parent directory and check verification // failure upon opening the corresponding file. @@ -173,8 +173,8 @@ TEST_F(IoctlTest, ModifiedDirMerkle) { } TEST_F(IoctlTest, Stat) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); struct stat st; EXPECT_THAT(stat(JoinPath(verity_dir, filename_).c_str(), &st), @@ -182,8 +182,8 @@ TEST_F(IoctlTest, Stat) { } TEST_F(IoctlTest, ModifiedStat) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); EXPECT_THAT(chmod(JoinPath(tmpfs_dir_.path(), filename_).c_str(), 0644), SyscallSucceeds()); @@ -193,8 +193,8 @@ TEST_F(IoctlTest, ModifiedStat) { } TEST_F(IoctlTest, DeleteFile) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); EXPECT_THAT(unlink(JoinPath(tmpfs_dir_.path(), filename_).c_str()), SyscallSucceeds()); @@ -203,8 +203,8 @@ TEST_F(IoctlTest, DeleteFile) { } TEST_F(IoctlTest, DeleteMerkle) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); EXPECT_THAT( unlink(MerklePath(JoinPath(tmpfs_dir_.path(), filename_)).c_str()), @@ -214,8 +214,8 @@ TEST_F(IoctlTest, DeleteMerkle) { } TEST_F(IoctlTest, RenameFile) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); std::string new_file_name = "renamed-" + filename_; EXPECT_THAT(rename(JoinPath(tmpfs_dir_.path(), filename_).c_str(), @@ -226,8 +226,8 @@ TEST_F(IoctlTest, RenameFile) { } TEST_F(IoctlTest, RenameMerkle) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); std::string new_file_name = "renamed-" + filename_; EXPECT_THAT( diff --git a/test/syscalls/linux/verity_mmap.cc b/test/syscalls/linux/verity_mmap.cc index dde74cc91..2bfd43b16 100644 --- a/test/syscalls/linux/verity_mmap.cc +++ b/test/syscalls/linux/verity_mmap.cc @@ -57,8 +57,8 @@ class MmapTest : public ::testing::Test { }; TEST_F(MmapTest, MmapRead) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Make sure the file can be open and mmapped in the mounted verity fs. auto const verity_fd = ASSERT_NO_ERRNO_AND_VALUE( @@ -71,8 +71,8 @@ TEST_F(MmapTest, MmapRead) { } TEST_F(MmapTest, ModifiedBeforeMmap) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Modify the file and check verification failure upon mmapping. auto const fd = ASSERT_NO_ERRNO_AND_VALUE( @@ -90,8 +90,8 @@ TEST_F(MmapTest, ModifiedBeforeMmap) { } TEST_F(MmapTest, ModifiedAfterMmap) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); auto const verity_fd = ASSERT_NO_ERRNO_AND_VALUE( Open(JoinPath(verity_dir, filename_), O_RDONLY, 0777)); @@ -126,8 +126,8 @@ INSTANTIATE_TEST_SUITE_P( ::testing::ValuesIn({MAP_SHARED, MAP_PRIVATE}))); TEST_P(MmapParamTest, Mmap) { - std::string verity_dir = - ASSERT_NO_ERRNO_AND_VALUE(MountVerity(tmpfs_dir_.path(), filename_)); + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE( + MountVerity(tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY)})); // Make sure the file can be open and mmapped in the mounted verity fs. auto const verity_fd = ASSERT_NO_ERRNO_AND_VALUE( diff --git a/test/syscalls/linux/verity_symlink.cc b/test/syscalls/linux/verity_symlink.cc new file mode 100644 index 000000000..c6fce8ead --- /dev/null +++ b/test/syscalls/linux/verity_symlink.cc @@ -0,0 +1,117 @@ +// Copyright 2021 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include <stdint.h> +#include <stdlib.h> +#include <sys/mount.h> +#include <sys/stat.h> + +#include "gmock/gmock.h" +#include "gtest/gtest.h" +#include "test/util/capability_util.h" +#include "test/util/fs_util.h" +#include "test/util/mount_util.h" +#include "test/util/temp_path.h" +#include "test/util/test_util.h" +#include "test/util/verity_util.h" + +namespace gvisor { +namespace testing { + +namespace { + +const char kSymlink[] = "verity_symlink"; + +class SymlinkTest : public ::testing::Test { + protected: + void SetUp() override { + // Verity is implemented in VFS2. + SKIP_IF(IsRunningWithVFS1()); + + SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_SYS_ADMIN))); + // Mount a tmpfs file system, to be wrapped by a verity fs. + tmpfs_dir_ = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateDir()); + ASSERT_THAT(mount("", tmpfs_dir_.path().c_str(), "tmpfs", 0, ""), + SyscallSucceeds()); + + // Create a new file in the tmpfs mount. + file_ = ASSERT_NO_ERRNO_AND_VALUE( + TempPath::CreateFileWith(tmpfs_dir_.path(), kContents, 0777)); + filename_ = Basename(file_.path()); + + // Create a symlink to the file. + ASSERT_THAT(symlink(file_.path().c_str(), + JoinPath(tmpfs_dir_.path(), kSymlink).c_str()), + SyscallSucceeds()); + } + + TempPath tmpfs_dir_; + TempPath file_; + std::string filename_; +}; + +TEST_F(SymlinkTest, Success) { + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE(MountVerity( + tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY), + EnableTarget(kSymlink, O_RDONLY | O_NOFOLLOW)})); + + char buf[256]; + EXPECT_THAT( + readlink(JoinPath(verity_dir, kSymlink).c_str(), buf, sizeof(buf)), + SyscallSucceeds()); + auto const verity_fd = ASSERT_NO_ERRNO_AND_VALUE( + Open(JoinPath(verity_dir, kSymlink).c_str(), O_RDONLY, 0777)); + EXPECT_THAT(ReadFd(verity_fd.get(), buf, sizeof(kContents)), + SyscallSucceeds()); +} + +TEST_F(SymlinkTest, DeleteLink) { + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE(MountVerity( + tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY), + EnableTarget(kSymlink, O_RDONLY | O_NOFOLLOW)})); + + ASSERT_THAT(unlink(JoinPath(tmpfs_dir_.path(), kSymlink).c_str()), + SyscallSucceeds()); + char buf[256]; + EXPECT_THAT( + readlink(JoinPath(verity_dir, kSymlink).c_str(), buf, sizeof(buf)), + SyscallFailsWithErrno(EIO)); + EXPECT_THAT(open(JoinPath(verity_dir, kSymlink).c_str(), O_RDONLY, 0777), + SyscallFailsWithErrno(EIO)); +} + +TEST_F(SymlinkTest, ModifyLink) { + std::string verity_dir = ASSERT_NO_ERRNO_AND_VALUE(MountVerity( + tmpfs_dir_.path(), {EnableTarget(filename_, O_RDONLY), + EnableTarget(kSymlink, O_RDONLY | O_NOFOLLOW)})); + + ASSERT_THAT(unlink(JoinPath(tmpfs_dir_.path(), kSymlink).c_str()), + SyscallSucceeds()); + + std::string newlink = "newlink"; + ASSERT_THAT(symlink(JoinPath(tmpfs_dir_.path(), newlink).c_str(), + JoinPath(tmpfs_dir_.path(), kSymlink).c_str()), + SyscallSucceeds()); + char buf[256]; + EXPECT_THAT( + readlink(JoinPath(verity_dir, kSymlink).c_str(), buf, sizeof(buf)), + SyscallFailsWithErrno(EIO)); + EXPECT_THAT(open(JoinPath(verity_dir, kSymlink).c_str(), O_RDONLY, 0777), + SyscallFailsWithErrno(EIO)); +} + +} // namespace + +} // namespace testing +} // namespace gvisor diff --git a/test/util/BUILD b/test/util/BUILD index cc83221ea..4a4401ba8 100644 --- a/test/util/BUILD +++ b/test/util/BUILD @@ -1,4 +1,4 @@ -load("//tools:defs.bzl", "cc_library", "cc_test", "coreutil", "gbenchmark", "gtest", "select_system") +load("//tools:defs.bzl", "cc_library", "cc_test", "coreutil", "default_net_util", "gbenchmark", "gtest", "select_system") package( default_visibility = ["//:sandbox"], @@ -414,3 +414,27 @@ cc_library( ":temp_path", ], ) + +cc_library( + name = "socket_util", + testonly = 1, + srcs = [ + "socket_util.cc", + "socket_util_impl.cc", + ], + hdrs = ["socket_util.h"], + defines = select_system(), + deps = default_net_util() + [ + gtest, + "@com_google_absl//absl/memory", + "@com_google_absl//absl/strings", + "@com_google_absl//absl/strings:str_format", + "@com_google_absl//absl/time", + "@com_google_absl//absl/types:optional", + "//test/util:file_descriptor", + "//test/util:posix_error", + "//test/util:temp_path", + "//test/util:test_util", + "//test/util:thread_util", + ], +) diff --git a/test/util/capability_util.cc b/test/util/capability_util.cc index a1b994c45..3bf218128 100644 --- a/test/util/capability_util.cc +++ b/test/util/capability_util.cc @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +#ifdef __linux__ + #include "test/util/capability_util.h" #include <linux/capability.h> @@ -79,3 +81,5 @@ PosixErrorOr<bool> CanCreateUserNamespace() { } // namespace testing } // namespace gvisor + +#endif // __linux__ diff --git a/test/util/capability_util.h b/test/util/capability_util.h index f2c370125..c4b0feade 100644 --- a/test/util/capability_util.h +++ b/test/util/capability_util.h @@ -17,6 +17,8 @@ #ifndef GVISOR_TEST_UTIL_CAPABILITY_UTIL_H_ #define GVISOR_TEST_UTIL_CAPABILITY_UTIL_H_ +#ifdef __linux__ + #include <errno.h> #include <linux/capability.h> #include <sys/syscall.h> @@ -120,4 +122,7 @@ class AutoCapability { } // namespace testing } // namespace gvisor + +#endif // __linux__ + #endif // GVISOR_TEST_UTIL_CAPABILITY_UTIL_H_ diff --git a/test/syscalls/linux/socket_test_util.cc b/test/util/socket_util.cc index 5e36472b4..f2360b732 100644 --- a/test/syscalls/linux/socket_test_util.cc +++ b/test/util/socket_util.cc @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" #include <arpa/inet.h> #include <netinet/in.h> @@ -24,6 +24,7 @@ #include "gtest/gtest.h" #include "absl/memory/memory.h" #include "absl/strings/str_cat.h" +#include "absl/strings/str_split.h" #include "absl/time/clock.h" #include "absl/types/optional.h" #include "test/util/file_descriptor.h" @@ -1067,5 +1068,50 @@ void SetupTimeWaitClose(const TestAddress* listener, absl::SleepFor(absl::Seconds(1)); } +constexpr char kRangeFile[] = "/proc/sys/net/ipv4/ip_local_port_range"; + +PosixErrorOr<int> MaybeLimitEphemeralPorts() { + int min = 0; + int max = 1 << 16; + + // Read the ephemeral range from /proc. + ASSIGN_OR_RETURN_ERRNO(std::string rangefile, GetContents(kRangeFile)); + const std::string err_msg = + absl::StrFormat("%s has invalid content: %s", kRangeFile, rangefile); + if (rangefile.back() != '\n') { + return PosixError(EINVAL, err_msg); + } + rangefile.pop_back(); + std::vector<std::string> range = + absl::StrSplit(rangefile, absl::ByAnyChar("\t ")); + if (range.size() < 2 || !absl::SimpleAtoi(range.front(), &min) || + !absl::SimpleAtoi(range.back(), &max)) { + return PosixError(EINVAL, err_msg); + } + + // If we can open as writable, limit the range. + if (!access(kRangeFile, W_OK)) { + ASSIGN_OR_RETURN_ERRNO(FileDescriptor fd, + Open(kRangeFile, O_WRONLY | O_TRUNC, 0)); + int newMax = min + 50; + const std::string small_range = absl::StrFormat("%d %d", min, newMax); + int n = write(fd.get(), small_range.c_str(), small_range.size()); + if (n < 0) { + // Hostinet doesn't allow modifying the host port range. And if we're root + // (as we are in some tests), access and open will succeed even if the + // file mode is readonly. + if (errno != EACCES) { + return PosixError( + errno, + absl::StrFormat("write(%d [%s], \"%s\", %d)", fd.get(), kRangeFile, + small_range.c_str(), small_range.size())); + } + } else { + max = newMax; + } + } + return max - min; +} + } // namespace testing } // namespace gvisor diff --git a/test/syscalls/linux/socket_test_util.h b/test/util/socket_util.h index df4c26f26..0e2be63cc 100644 --- a/test/syscalls/linux/socket_test_util.h +++ b/test/util/socket_util.h @@ -576,6 +576,10 @@ void SetupTimeWaitClose(const TestAddress* listener, bool accept_close, sockaddr_storage* listen_addr, sockaddr_storage* conn_bound_addr); +// MaybeLimitEphemeralPorts attempts to reduce the number of ephemeral ports and +// returns the number of ephemeral ports. +PosixErrorOr<int> MaybeLimitEphemeralPorts(); + namespace internal { PosixErrorOr<int> TryPortAvailable(int port, AddressFamily family, SocketType type, bool reuse_addr); diff --git a/test/syscalls/linux/socket_test_util_impl.cc b/test/util/socket_util_impl.cc index ef661a0e3..04550ad7c 100644 --- a/test/syscalls/linux/socket_test_util_impl.cc +++ b/test/util/socket_util_impl.cc @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "test/syscalls/linux/socket_test_util.h" +#include "test/util/socket_util.h" namespace gvisor { namespace testing { diff --git a/test/util/test_util_impl.cc b/test/util/test_util_impl.cc index 7e1ad9e66..6b6826898 100644 --- a/test/util/test_util_impl.cc +++ b/test/util/test_util_impl.cc @@ -20,6 +20,7 @@ #include "benchmark/benchmark.h" #include "test/util/logging.h" +extern bool FLAGS_gtest_list_tests; extern bool FLAGS_benchmark_list_tests; extern std::string FLAGS_benchmark_filter; @@ -40,12 +41,18 @@ void TestInit(int* argc, char*** argv) { } int RunAllTests() { - if (FLAGS_benchmark_list_tests || FLAGS_benchmark_filter != ".") { + if (::testing::FLAGS_gtest_list_tests) { + return RUN_ALL_TESTS(); + } + if (FLAGS_benchmark_list_tests) { benchmark::RunSpecifiedBenchmarks(); return 0; - } else { - return RUN_ALL_TESTS(); } + + // Run selected tests & benchmarks. + int rc = RUN_ALL_TESTS(); + benchmark::RunSpecifiedBenchmarks(); + return rc; } } // namespace testing diff --git a/test/util/verity_util.cc b/test/util/verity_util.cc index f1b4c251b..b7d1cb212 100644 --- a/test/util/verity_util.cc +++ b/test/util/verity_util.cc @@ -54,18 +54,21 @@ PosixError FlipRandomBit(int fd, int size) { return NoError(); } -PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir, - std::string filename) { - // Mount a verity fs on the existing tmpfs mount. - std::string mount_opts = "lower_path=" + tmpfs_dir; +PosixErrorOr<std::string> MountVerity(std::string lower_dir, + std::vector<EnableTarget> targets) { + // Mount a verity fs on the existing mount. + std::string mount_opts = "lower_path=" + lower_dir; ASSIGN_OR_RETURN_ERRNO(TempPath verity_dir, TempPath::CreateDir()); RETURN_ERROR_IF_SYSCALL_FAIL( mount("", verity_dir.path().c_str(), "verity", 0, mount_opts.c_str())); - // Enable both the file and the directory. - ASSIGN_OR_RETURN_ERRNO( - auto fd, Open(JoinPath(verity_dir.path(), filename), O_RDONLY, 0777)); - RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(fd.get(), FS_IOC_ENABLE_VERITY)); + for (const EnableTarget& target : targets) { + ASSIGN_OR_RETURN_ERRNO( + auto target_fd, + Open(JoinPath(verity_dir.path(), target.path), target.flags, 0777)); + RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(target_fd.get(), FS_IOC_ENABLE_VERITY)); + } + ASSIGN_OR_RETURN_ERRNO(auto dir_fd, Open(verity_dir.path(), O_RDONLY, 0777)); RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(dir_fd.get(), FS_IOC_ENABLE_VERITY)); @@ -83,6 +86,7 @@ PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir, ASSIGN_OR_RETURN_ERRNO(TempPath verity_with_hash_dir, TempPath::CreateDir()); RETURN_ERROR_IF_SYSCALL_FAIL(mount("", verity_with_hash_dir.path().c_str(), "verity", 0, mount_opts.c_str())); + // Verity directories should not be deleted. Release the TempPath objects to // prevent those directories from being deleted by the destructor. verity_dir.release(); diff --git a/test/util/verity_util.h b/test/util/verity_util.h index 18743ecd6..ebb78b4bb 100644 --- a/test/util/verity_util.h +++ b/test/util/verity_util.h @@ -17,6 +17,8 @@ #include <stdint.h> +#include <vector> + #include "test/util/posix_error.h" namespace gvisor { @@ -44,6 +46,13 @@ struct fsverity_digest { unsigned char digest[]; }; +struct EnableTarget { + std::string path; + int flags; + + EnableTarget(std::string path, int flags) : path(path), flags(flags) {} +}; + constexpr int kMaxDigestSize = 64; constexpr int kDefaultDigestSize = 32; constexpr char kContents[] = "foobarbaz"; @@ -67,7 +76,7 @@ PosixError FlipRandomBit(int fd, int size); // Mount a verity on the tmpfs and enable both the file and the direcotry. Then // mount a new verity with measured root hash. PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir, - std::string filename); + std::vector<EnableTarget> targets); } // namespace testing } // namespace gvisor |