summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-11-30Do not start a ContainerExec twiceZeling Feng
ContainerExecStart and ContainerExecAttach both call the /exec/id/start API endpoint. PiperOrigin-RevId: 344946627
2020-11-30Fix deadlock in UDP handleControlPacket path.Bhasker Hariharan
Fixing the sendto deadlock exposed yet another deadlock where a lock inversion occurs on the handleControlPacket path where e.mu and demuxer.epsByNIC.mu are acquired in reverse order from say when RegisterTransportEndpoint is called in endpoint.Connect(). This fix sidesteps the issue by just making endpoint.state an atomic and gets rid of the need to acquire e.mu in e.HandleControlPacket. PiperOrigin-RevId: 344939895
2020-11-30Add more fragment reassembly testsToshi Kikuchi
These tests check if a maximum-sized (64k) packet is reassembled without receiving a fragment with MF flag set to zero. PiperOrigin-RevId: 344913172
2020-11-30Do not os.Exit() from test/benchmarks/harness.Harness.Init with no args.Jamie Liu
PiperOrigin-RevId: 344896991
2020-11-30Perform IGMP/MLD when the NIC is enabled/disabledGhanan Gowripalan
Test: ip_test.TestMGPWithNICLifecycle Bug #4682, #4861 PiperOrigin-RevId: 344888091
2020-11-30Ensure containerd is used from installed location.Adin Scannell
Currently, if containerd is installed locally via tools/installers/containerd, then it will not necessarily be used if containerd is installed in the system path. This means that the existing containerd tests are all likely broken. Also, use libbtrfs-dev instead of btrfs-tools, which is not actually required. PiperOrigin-RevId: 344879109
2020-11-27Don't add a temporary address to send DAD/RS packetsGhanan Gowripalan
Bug #4803 PiperOrigin-RevId: 344553664
2020-11-26[netstack] Add SOL_TCP options to SocketOptions.Ayush Ranjan
Ports the following options: - TCP_NODELAY - TCP_CORK - TCP_QUICKACK Also deletes the {Get/Set}SockOptBool interface methods from all implementations PiperOrigin-RevId: 344378824
2020-11-25[netstack] Add SOL_IP and SOL_IPV6 options to SocketOptions.Ayush Ranjan
We will use SocketOptions for all kinds of options, not just SOL_SOCKET options because (1) it is consistent with Linux which defines all option variables on the top level socket struct, (2) avoid code complexity. Appropriate checks have been added for matching option level to the endpoint type. Ported the following options to this new utility: - IP_MULTICAST_LOOP - IP_RECVTOS - IPV6_RECVTCLASS - IP_PKTINFO - IP_HDRINCL - IPV6_V6ONLY Changes in behavior (these are consistent with what Linux does AFAICT): - Now IP_MULTICAST_LOOP can be set for TCP (earlier it was a noop) but does not affect the endpoint itself. - We can now getsockopt IP_HDRINCL (earlier we would get an error). - Now we return ErrUnknownProtocolOption if SOL_IP or SOL_IPV6 options are used on unix sockets. - Now we return ErrUnknownProtocolOption if SOL_IPV6 options are used on non AF_INET6 endpoints. This change additionally makes the following modifications: - Add State() uint32 to commonEndpoint because both tcpip.Endpoint and transport.Endpoint interfaces have it. It proves to be quite useful. - Gets rid of SocketOptionsHandler.IsListening(). It was an anomaly as it was not a handler. It is now implemented on netstack itself. - Gets rid of tcp.endpoint.EndpointInfo and directly embeds stack.TransportEndpointInfo. There was an unnecessary level of embedding which served no purpose. - Removes some checks dual_stack_test.go that used the errors from GetSockOptBool(tcpip.V6OnlyOption) to confirm some state. This is not consistent with the new design and also seemed to be testing the implementation instead of behavior. PiperOrigin-RevId: 344354051
2020-11-25Support listener-side MLDv1Ghanan Gowripalan
...as defined by RFC 2710. Querier (router)-side MLDv1 is not yet supported. The core state machine is shared with IGMPv2. This is guarded behind a flag (ipv6.Options.MLDEnabled). Tests: ip_test.TestMGP* Bug #4861 PiperOrigin-RevId: 344344095
2020-11-25Make stack.Route safe to access concurrentlyGhanan Gowripalan
Multiple goroutines may use the same stack.Route concurrently so the stack.Route should make sure that any functions called on it are thread-safe. Fixes #4073 PiperOrigin-RevId: 344320491
2020-11-25[3/3] Support isolated containers for parallel packetimpact testsZeling Feng
To create DUTs in parallel, we need to create goroutines to do the setup. The old code base has a lot of t.Fatal(f) usage in those setup functions which is not great for this change: "FailNow must be called from the goroutine running the test or benchmark function, not from other goroutines created during the test" (https://golang.org/pkg/testing/#T.FailNow). - Cleanup all t.Fatal(f) usage in DUT.Prepare() - use goroutines to create DUTs in parallel PiperOrigin-RevId: 344275809
2020-11-24[2/3] Support isolated containers for parallel packetimpact testsZeling Feng
Added a new flag num_duts to the test runner to create multiple DUTs for the testbench can connect to. PiperOrigin-RevId: 344195435
2020-11-24Correctly lock when removing neighbor entriesSam Balana
Fix a panic when two entries in Failed state are removed at the same time. PiperOrigin-RevId: 344143777
2020-11-24Report correct pointer value for "bad next header" ICMP errorJulian Elischer
Because the code handles a bad header as "payload" right up to the last moment we need to make sure payload handling does not remove the error information. Fixes #4909 PiperOrigin-RevId: 344141690
2020-11-24Track number of packets queued to Failed neighborsSam Balana
Add a NIC-specific neighbor table statistic so we can determine how many packets have been queued to Failed neighbors, indicating an unhealthy local network. This change assists us to debug in-field issues where subsequent traffic to a neighbor fails. Fixes #4819 PiperOrigin-RevId: 344131119
2020-11-24Fix a potential indefinite blocking in packetimpact testbenchZeling Feng
1. setsockopt(SO_RCVTIMEO, 0) == never timeout 2. float64(time.Microsecond/time.Second) == 0 3. packetimpact tests use a lot of 1s timeouts This becomes a more significant problem because of a recent change that binds the sniffer only on the specific testNet interface so now the traffic on the ctrlNet cannot wake up the blocking call anymore. PiperOrigin-RevId: 344123465
2020-11-24Extract IGMPv2 core state machineGhanan Gowripalan
The IGMPv2 core state machine can be shared with MLDv1 since they are almost identical, ignoring specific addresses, constants and packets. Bug #4682, #4861 PiperOrigin-RevId: 344102615
2020-11-24Remove outdated TODO.Dean Deng
The bug has been fixed. PiperOrigin-RevId: 344088206
2020-11-24Deduplicate code in ipv6.protocolGhanan Gowripalan
PiperOrigin-RevId: 344009602
2020-11-23Use time.Duration for IGMP Max Response Time fieldGhanan Gowripalan
Bug #4682 PiperOrigin-RevId: 343993297
2020-11-23[1/3] Support isolated containers for parallel packetimpact testsZeling Feng
Summary of the approach: the test runner will set up a few DUTs according to a flag and pass all the test networks to the testbench. The testbench will only reside in a single container. The testbench will put all the test networks into a buffered channel which served as a semaphore and now the user can freely use t.Parallel() in (sub)tests and the true parallelism will be determined by how many DUTs are configured. Creating DUTs on demand is not supported yet, the test author should determine the number of DUTs to be used statically. Specifically in this change: - Don't export any global variables about the test network in testbench. - Sniffer only binds on the local interface because it will be possible to have multiple interfaces to multiple DUTs in a single testbench container. - Migrate existing tests to stop using global variables. PiperOrigin-RevId: 343965962
2020-11-23Don't evict gofer.dentries with inotify watches before saving.Jamie Liu
PiperOrigin-RevId: 343959348
2020-11-23Fix bad Makefile variable reference.Adin Scannell
PiperOrigin-RevId: 343946859
2020-11-23Clean up build output.Adin Scannell
This change also simplifies and documents the build_cmd pipeline, and reduces general noise for debugging Makefile issues. It also drops the mapping for /etc/docker/daemon.json, which if it does not exist initially will create this as a directory (causing lots of confusion and breaks). PiperOrigin-RevId: 343932456
2020-11-23Fix link against runtime.goyield.Adin Scannell
This function does not exist in Go 1.13. We need to add an adaptor to build against Go 1.13, which is the default Ubuntu version. PiperOrigin-RevId: 343929132
2020-11-23Fail gracefully if Docker is not configured with ipv6.Adin Scannell
PiperOrigin-RevId: 343927315
2020-11-23Omit sandbox from chown test.Adin Scannell
This test fails because it must include additional UIDs. Omit the bazel sandbox to ensure that it can function correctly. PiperOrigin-RevId: 343927190
2020-11-23Ignore permission failures in CheckDuplicatesRecursively.Adin Scannell
Not all files are always accessible by the process itself. This was specifically seen with map_files, but there's no rule that every entry must be accessible by the process itself. PiperOrigin-RevId: 343919117
2020-11-23Don't rely on HOME for tools/go_branch.shAdin Scannell
PiperOrigin-RevId: 343885770
2020-11-20Refactor verity test for readabilityChong Cai
1. Add getD/getDentry methods to avoid long casting line in each test 2. Factor all calls to vfs.OpenAt/UnlinkAt/RenameAt on lower filesystem to their own method (for both lower file and lower Merkle file) so the tests are more readable 3. Add descriptive test names for delete/remove tests PiperOrigin-RevId: 343540202
2020-11-19Internal change.gVisor bot
PiperOrigin-RevId: 343419851
2020-11-19Perform IGMPv2 when joining IPv4 multicast groupsRyan Heacock
Added headers, stats, checksum parsing capabilities from RFC 2236 describing IGMPv2. IGMPv2 state machine is implemented for each condition, sending and receiving IGMP Membership Reports and Leave Group messages with backwards compatibility with IGMPv1 routers. Test: * Implemented igmp header parser and checksum calculator in header/igmp_test.go * ipv4/igmp_test.go tests incoming and outgoing IGMP messages and pathways. * Added unit test coverage for IGMPv2 RFC behavior + IGMPv1 backwards compatibility in ipv4/igmp_test.go. Fixes #4682 PiperOrigin-RevId: 343408809
2020-11-19Remove racy stringification of socket fds from /proc/net/*.Rahat Mahmood
PiperOrigin-RevId: 343398191
2020-11-19Add a helpful message in stuck task logs.Dean Deng
This also makes the formatting nicer; the caller will add ":\n" to the end of the message. PiperOrigin-RevId: 343397099
2020-11-19Add types to parse MLD messagesGhanan Gowripalan
Preparing for upcoming CLs that add MLD functionality. Bug #4861 Test: header.TestMLD PiperOrigin-RevId: 343391556
2020-11-19Fix possible panic due to bad data.Julian Elischer
Found by a Fuzzer. Reported-by: syzbot+619fa10be366d553ef7f@syzkaller.appspotmail.com PiperOrigin-RevId: 343379575
2020-11-19Propagate IP address prefix from host to netstackFabricio Voznika
Closes #4022 PiperOrigin-RevId: 343378647
2020-11-19Require sync.Mutex to lock and unlock from the same goroutineMichael Pratt
We would like to track locks ordering to detect ordering violations. Detecting violations is much simpler if mutexes must be unlocked by the same goroutine that locked them. Thus, as a first step to tracking lock ordering, add this lock/unlock requirement to gVisor's sync.Mutex. This is more strict than the Go standard library's sync.Mutex, but initial testing indicates only a single lock that is used across goroutines. The new sync.CrossGoroutineMutex relaxes the requirement (but will not provide lock order checking). Due to the additional overhead, enforcement is only enabled with the "checklocks" build tag. Build with this tag using: bazel build --define=gotags=checklocks ... From my spot-checking, this has no changed inlining properties when disabled. Updates #4804 PiperOrigin-RevId: 343370200
2020-11-19Don't hold AddressEndpoints for multicast addressesGhanan Gowripalan
Group addressable endpoints can simply check if it has joined the multicast group without maintaining address endpoints. This also helps remove the dependency on AddressableEndpoint from GroupAddressableEndpoint. Now that group addresses are not tracked with address endpoints, we can avoid accidentally obtaining a route with a multicast local address. PiperOrigin-RevId: 343336912
2020-11-19Remove unused NoChecksumOptionBruno Dal Bo
Migration to unified socket options left this behind. PiperOrigin-RevId: 343305434
2020-11-19Fix some code not using NewPacketBuffer for creating a PacketBuffer.Ting-Yu Wang
PiperOrigin-RevId: 343299993
2020-11-18[vfs] kernfs: Do not panic if destroyed dentry is cached.Ayush Ranjan
If a kernfs user does not cache dentries, then cacheLocked will destroy the dentry. The current DecRef implementation will be racy in this case as the following can happen: - Goroutine 1 calls DecRef and decreases ref count from 1 to 0. - Goroutine 2 acquires d.fs.mu for reading and calls IncRef and increasing the ref count from 0 to 1. - Goroutine 2 releases d.fs.mu and calls DecRef again decreasing ref count from 1 to 0. - Goroutine 1 now acquires d.fs.mu and calls cacheLocked which destroys the dentry. - Goroutine 2 now acquires d.fs.mu and calls cacheLocked to find that the dentry is already destroyed! Earlier we would panic in this case, we could instead just return instead of adding complexity to handle this race. This is similar to what the gofer client does. We do not want to lock d.fs.mu in the case that the filesystem caches dentries (common case as procfs and sysfs do this) to prevent congestion due to lock contention. PiperOrigin-RevId: 343229496
2020-11-18[netstack] Move SO_KEEPALIVE and SO_ACCEPTCONN option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343217712
2020-11-18Remove unused methods from stack.RouteGhanan Gowripalan
PiperOrigin-RevId: 343211553
2020-11-18runsc: check whether cgroup exists or not for each controllerAndrei Vagin
We have seen a case when a memory cgroup exists but a perf_event one doesn't. Reported-by: syzbot+f31468b61d1a27e629dc@syzkaller.appspotmail.com Reported-by: syzbot+1f163ec0321768f1497e@syzkaller.appspotmail.com PiperOrigin-RevId: 343200070
2020-11-18Port filesystem metrics to VFS2.Jamie Liu
PiperOrigin-RevId: 343196927
2020-11-18Fix race condition in multi-container wait testFabricio Voznika
Container is not thread-safe, locking must be done in the caller. The test was calling Container.Wait() from multiple threads with no synchronization. Also removed Container.WaitPID from test because the process might have already existed when wait is called. PiperOrigin-RevId: 343176280
2020-11-18[netstack] Move SO_REUSEPORT and SO_REUSEADDR option to SocketOptions.Ayush Ranjan
This changes also introduces: - `SocketOptionsHandler` interface which can be implemented by endpoints to handle endpoint specific behavior on SetSockOpt. This is analogous to what Linux does. - `DefaultSocketOptionsHandler` which is a default implementation of the above. This is embedded in all endpoints so that we don't have to uselessly implement empty functions. Endpoints with specific behavior can override the embedded method by manually defining its own implementation. PiperOrigin-RevId: 343158301
2020-11-18Automated rollback of changelist 342700744Nayana Bidari
PiperOrigin-RevId: 343152780