summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-08-10ip6tables: move target-specific code to targets.goKevin Krakauer
This is purely moving code, no changes. netfilter.go is cluttered and targets.go is a good place for this. #3549 PiperOrigin-RevId: 325879965
2020-08-10Mark DirCreation/tmp tests as passing.Zach Koopmans
PiperOrigin-RevId: 325861904
2020-08-10Run GC before sandbox exit when leak checking is enabled.Dean Deng
Running garbage collection enqueues all finalizers, which are used by the refs/refs_vfs2 packages to detect reference leaks. Note that even with GC, there is no guarantee that all finalizers will be run before the program exits. This is a best effort attempt to activate leak checks as much as possible. Updates #3545. PiperOrigin-RevId: 325834438
2020-08-08Use unicast source for ICMP echo repliesGhanan Gowripalan
Packets MUST NOT use a non-unicast source address for ICMP Echo Replies. Test: integration_test.TestPingMulticastBroadcast PiperOrigin-RevId: 325634380
2020-08-07Add context.FullStateChanged()Andrei Vagin
It indicates that the Sentry has changed the state of the thread and next calls of PullFullState() has to do nothing. PiperOrigin-RevId: 325567415
2020-08-07[vfs2] Fix tmpfs mounting.Ayush Ranjan
Earlier we were using NLink to decide if /tmp is empty or not. However, NLink at best tells us about the number of subdirectories (via the ".." entries). NLink = n + 2 for n subdirectories. But it does not tell us if the directory is empty. There still might be non-directory files. We could also not rely on NLink because host overlayfs always returned 1. VFS1 uses Readdir to decide if the directory is empty. Used a similar approach. We now use IterDirents to decide if the "/tmp" directory is empty. Fixes #3369 PiperOrigin-RevId: 325554234
2020-08-07Merge pull request #3520 from boyuan-he:marshal-implgVisor bot
PiperOrigin-RevId: 325546935
2020-08-07Don't hold gofer.filesystem.renameMu during dentry destruction.Jamie Liu
PiperOrigin-RevId: 325546629
2020-08-07Merge pull request #3069 from lubinszARM:pr_serr_injection2gVisor bot
PiperOrigin-RevId: 325546308
2020-08-07Remove doc rules for non-existent filesAndrei Vagin
These files have been deleted by cl/324775563. PiperOrigin-RevId: 325543067
2020-08-07Mark dropped pages unevictable in fsimpl/gofer.dentry.destroyLocked.Jamie Liu
PiperOrigin-RevId: 325531657
2020-08-07Remove old benchmark tools.Zach Koopmans
Remove the old benchmark-tools directory, including imports in the WORKSPACE file and associated bazel rules. The new Golang benchmark-tools can be found at //test/benchmarks and it is functionally equivalent, excepting syscall_test which can be found in //test/perf/linux. PiperOrigin-RevId: 325529075
2020-08-07Fix panic during Address Resolution of neighbor entry created by NSSam Balana
When a Neighbor Solicitation is received, a neighbor entry is created with the remote host's link layer address, but without a link layer address resolver. If the host decides to send a packet addressed to the IP address of that neighbor entry, Address Resolution starts with a nil pointer to the link layer address resolver. This causes the netstack to panic and crash. This change ensures that when a packet is sent in that situation, the link layer address resolver will be set before Address Resolution begins. Tests: pkg/tcpip/stack:stack_test + TestEntryUnknownToStaleToProbeToReachable - TestNeighborCacheEntryNoLinkAddress Updates #1889 Updates #1894 Updates #1895 Updates #1947 Updates #1948 Updates #1949 Updates #1950 PiperOrigin-RevId: 325516471
2020-08-07Port Ruby benchmark.Zach Koopmans
PiperOrigin-RevId: 325500772
2020-08-07Port Startup and Density Benchmarks.Zach Koopmans
PiperOrigin-RevId: 325497346
2020-08-07tcp: change the limit of TCP_LINGER2Andrei Vagin
It was changed in the Linux kernel: commit f0628c524fd188c3f9418e12478dfdfadacba815 Date: Fri Apr 24 16:06:16 2020 +0800 net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX PiperOrigin-RevId: 325493859
2020-08-07Support separate read/write handles in fsimpl/gofer.dentry.Jamie Liu
PiperOrigin-RevId: 325490674
2020-08-07[runtime tests] Exclude flaky/failing testsAyush Ranjan
PiperOrigin-RevId: 325481011
2020-08-07Tolerate EINTR from fallocate() in inotify test.Jamie Liu
PiperOrigin-RevId: 325472312
2020-08-07Try to update atime and mtime on VFS2 gofer files on dentry eviction.Jamie Liu
PiperOrigin-RevId: 325388385
2020-08-06Add LinkAt support to goferFabricio Voznika
Updates #1198 PiperOrigin-RevId: 325350818
2020-08-07add stub go marshallable implementationBoyuan He
2020-08-06Add bzl_library rules for .bzl files without one.Adin Scannell
PiperOrigin-RevId: 325280924
2020-08-06Add reference counting utility to VFS2.Dean Deng
The utility has several differences from the VFS1 equivalent: - There are no weak references, which have a significant overhead - In order to print useful debug messages with the type of the reference- counted object, we use a generic Refs object with the owner type as a template parameter. In vfs1, this was accomplished by storing a type name and caller stack directly in the ref count (as in vfs1), which increases the struct size by 6x. (Note that the caller stack was needed because fs types like Dirent were shared by all fs implementations; in vfs2, each impl has its own data structures, so this is no longer necessary.) Updates #1486. PiperOrigin-RevId: 325271469
2020-08-06Merge pull request #3511 from amscanne:packetimpact-testsgVisor bot
PiperOrigin-RevId: 325269275
2020-08-06[runtime tests] Exclude failing python and java testsAyush Ranjan
test_httplib was un-excluded in cl/325137657. Exclude it again. test_httplib fails consistently when running in a kokoro job. Could not repro with Docker. There are some java tests that pass locally on Docker but fail when running within a kokoro job. Also make shard count a multiple of 8 to minimize idle cores and minimize test time. PiperOrigin-RevId: 325267071
2020-08-06Only register /dev/net/tun if supported.Dean Deng
PiperOrigin-RevId: 325266487
2020-08-06Join IPv4 all-systems group on NIC enableGhanan Gowripalan
Test: - stack_test.TestJoinLeaveMulticastOnNICEnableDisable - integration_test.TestIncomingMulticastAndBroadcast PiperOrigin-RevId: 325185259
2020-08-05Add loss recovery option for TCP.Nayana Bidari
/proc/sys/net/ipv4/tcp_recovery is used to enable RACK loss recovery in TCP. PiperOrigin-RevId: 325157807
2020-08-05Correctly decrement link counts in tmpfs rename operations.Dean Deng
When a directory is replaced by a rename operation, its link count should reach zero. We were missing the link from `dir/.` PiperOrigin-RevId: 325141730
2020-08-05[runtime tests] Update python tests.Ayush Ranjan
- un-exclude passing tests to increase testing surface. - create/update bugs for tests that fail on runsc but pass on runc. PiperOrigin-RevId: 325137657
2020-08-05Support receiving broadcast IPv4 packetsGhanan Gowripalan
Test: integration_test.TestIncomingSubnetBroadcast PiperOrigin-RevId: 325135617
2020-08-05Release extra memfd reference.Dean Deng
PiperOrigin-RevId: 325122849
2020-08-05Prefer RLock over Lock in functions that don't need Lock().Bhasker Hariharan
Updates #231 PiperOrigin-RevId: 325097683
2020-08-05Merge pull request #3502 from ↵gVisor bot
craig08:fuse-integration-test-fix-connection-refused PiperOrigin-RevId: 325080329
2020-08-05Stop profiling when the sentry exitsFabricio Voznika
Also removes `--profile-goroutine` because it's equivalent to `debug --stacks`. PiperOrigin-RevId: 325061502
2020-08-05[runtime tests] Update bugs and un-exclude passing tests.Ayush Ranjan
PiperOrigin-RevId: 325045486
2020-08-05Add missing case in tmpfs.inode.direntType.Dean Deng
This was discovered by syzkaller. PiperOrigin-RevId: 325025193
2020-08-04Update variables for implementation of RACK in TCPNayana Bidari
RACK (Recent Acknowledgement) is a new loss detection algorithm in TCP. These are the fields which should be stored on connections to implement RACK algorithm. PiperOrigin-RevId: 324948703
2020-08-04Enable "make packetimpact-tests" to work.Adin Scannell
This required minor fixes to the bazel wrapper. The "dut_platform" is also changed to "native" to line-up with the system call tests and remove the hard-coded "linux" and "netstack" strings.
2020-08-04Handle EOF in vfs2 sendfile.Dean Deng
Discovered by syzkaller. PiperOrigin-RevId: 324938438
2020-08-04Inline gofer.regularFileFD.pwriteLockedFabricio Voznika
Go compiler barely inlines anything, so inline by hand pwriteLocked since it's called from a single place. PiperOrigin-RevId: 324937734
2020-08-04Automated rollback of changelist 324906582Dean Deng
PiperOrigin-RevId: 324931854
2020-08-04[runtime tests] Exclude flaky tests.Ayush Ranjan
PiperOrigin-RevId: 324923599
2020-08-04Port sysbench benchmark.Zach Koopmans
PiperOrigin-RevId: 324918229
2020-08-04Error if dup'ing stdio FDs will clobber another FDFabricio Voznika
The loader dup's stdio FD into stable FD's starting at a fixed number. During tests, it's possible that the target FD is already in use. Added check to error early so it's easier to debug failures. Also bumped up the starting FD number to prevent collisions. PiperOrigin-RevId: 324917299
2020-08-04Use 1 fragmentation component per IP stackGhanan Gowripalan
This will help manage memory consumption by IP reassembly when receiving IP fragments on multiple network endpoints. Previously, each endpoint would cap memory consumption at 4MB, but with this change, each IP stack will cap memory consumption at 4MB. No behaviour changes. PiperOrigin-RevId: 324913904
2020-08-04Add reference counting utility to VFS2.Dean Deng
The utility has several differences from the VFS1 equivalent: - There are no weak references, which have a significant overhead - In order to print useful debug messages with the type of the reference- counted object, we use a generic Refs object with the owner type as a template parameter. In vfs1, this was accomplished by storing a type name and caller stack directly in the ref count (as in vfs1), which increases the struct size by 6x. (Note that the caller stack was needed because fs types like Dirent were shared by all fs implementations; in vfs2, each impl has its own data structures, so this is no longer necessary.) As an example, the utility is added to tmpfs.inode. Updates #1486. PiperOrigin-RevId: 324906582
2020-08-04Fix FUSE integration test failed with ECONNREFUSEDCraig Chi
The newer version of FUSE_INIT checks the response from the FUSE server if its major number is equal to 7. If it's not, then FUSE_INIT fails and further filesystem operations will get ECONNREFUSED. To mitigate this issue, we can send back a response with major version equals to 7 when consuming the first FUSE_INIT request. Fixes #3500
2020-08-04Merge pull request #3320 from craig08:fuse-integration-testgVisor bot
PiperOrigin-RevId: 324877577