summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-07-28ip6tables testingKevin Krakauer
We skip gVisor tests for now, as ip6tables aren't yet implemented.
2020-07-28Don't attempt to use the secret if it does not exist.Adin Scannell
Fixes #3326 PiperOrigin-RevId: 323589669
2020-07-28More test cases on receiving UDP mcast/bcastJay Zhuang
PiperOrigin-RevId: 323553832
2020-07-27Merge pull request #2797 from Rajpratik71:optimization/pip-no-cachegVisor bot
PiperOrigin-RevId: 323508910
2020-07-27Fix for gvisor-builder image.Bhasker Hariharan
As it happens gvisor/tools/bazel.mk:88 useradd --uid $(UID) --non-unique --no-create-home \ adds the user-id to /var/log/lastlog which happens to be a sparse file except Go's tar support can't handle sparse files so it actually tries to allocate the file to seek to the end causing the VM to run out of disk space. See: https://github.com/moby/moby/issues/5419#issuecomment-193876183 The fix is to pass -l to useradd to prevent it from trying to add to lastlog. Fixes #3397 PiperOrigin-RevId: 323492591
2020-07-27Fix strace for epoll event arrays.Jamie Liu
PiperOrigin-RevId: 323491461
2020-07-27Merge pull request #3201 from lubinszARM:pr_sys64_2gVisor bot
PiperOrigin-RevId: 323456118
2020-07-27Merge pull request #3299 from lubinszARM:pr_asidgVisor bot
PiperOrigin-RevId: 323455097
2020-07-27Enable RBE for standard-tests.Adin Scannell
PiperOrigin-RevId: 323454998
2020-07-27Add ability to send unicast ARP requests and Neighbor SolicitationsSam Balana
The previous implementation of LinkAddressRequest only supported sending broadcast ARP requests and multicast Neighbor Solicitations. The ability to send these packets as unicast is required for Neighbor Unreachability Detection. Tests: pkg/tcpip/network/arp:arp_test - TestLinkAddressRequest pkg/tcpip/network/ipv6:ipv6_test - TestLinkAddressRequest Updates #1889 Updates #1894 Updates #1895 Updates #1947 Updates #1948 Updates #1949 Updates #1950 PiperOrigin-RevId: 323451569
2020-07-27Fix memory accounting in TCP pending segment queue.Bhasker Hariharan
TCP now tracks the overhead of the segment structure itself in it's out-of-order queue (pending). This is required to ensure that a malicious sender sending 1 byte out-of-order segments cannot queue like 1000's of segments which bloat up memory usage. We also reduce the default receive window to 32KB. With TCP moderation there is no need to keep this window at 1MB which means that for new connections the default out-of-order queue will be small unless the application actually reads the data that is being sent. This prevents a sender from just maliciously filling up pending buf with lots of tiny out-of-order segments. PiperOrigin-RevId: 323450913
2020-07-27Merge pull request #2958 from lubinszARM:pr_vfs2_1gVisor bot
PiperOrigin-RevId: 323443142
2020-07-27Add device implementation for /dev/fuseRidwan Sharif
This PR adds the following: - [x] Marshall-able structs for fuse headers - [x] Data structures needed in /dev/fuse to communicate with the daemon server - [x] Implementation of the device interface - [x] Go unit tests This change adds the `/dev/fuse` implementation. `Connection` controls the communication between the server and the sentry. The FUSE server uses the `FileDescription` interface to interact with the Sentry. The Sentry implmenetation of fusefs, uses `Connection` and the Connection interface to interact with the Server. All communication messages are in the form of `go_marshal` backed structs defined in the ABI package. This change also adds some go unit tests that test (pretty basically) the interfaces and should be used as an example of an end to end FUSE operation. COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/3083 from ridwanmsharif:ridwanmsharif/fuse-device-impl 69aa2ce970004938fe9f918168dfe57636ab856e PiperOrigin-RevId: 323428180
2020-07-27Fix when FUSE tests need to be skipped due to sentry configuration.Rahat Mahmood
PiperOrigin-RevId: 323426851
2020-07-27Merge pull request #3371 from kevinGC:ipt-tests-udp-fastergVisor bot
PiperOrigin-RevId: 323426155
2020-07-27Move platform.File in memmapAndrei Vagin
The subsequent systrap changes will need to import memmap from the platform package. PiperOrigin-RevId: 323409486
2020-07-27Merge pull request #3377 from kevinGC:native-tagsgVisor bot
PiperOrigin-RevId: 323398518
2020-07-27Clean-up bazel wrapper.Adin Scannell
The bazel server was being started as the wrong user, leading to issues where the container would suddenly exit during a build. We can also simplify the waiting logic by starting the container in two separate steps: those that must complete first, then the asynchronous bit. PiperOrigin-RevId: 323391161
2020-07-27Port ffmpeg benchmarkZach Koopmans
PiperOrigin-RevId: 323383320
2020-07-27Port redis benchmarkZach Koopmans
PiperOrigin-RevId: 323381964
2020-07-27Ask for *testing.T instead of storing itJay Zhuang
Storing *testing.T on test helper structs is problematic when subtests are used, because it is possible for nested tests to call Fatal on parent test, which incorrect terminates the parent test. For example func TestOuter(t *testing.T) { dut := NewDUT(t) t.Run("first test", func(t *testing.T) { dut.FallibleCall() }) t.Run("second test", func(t *testing.T) { dut.FallibleCall() } } In the example above, assuming `FallibleCall` calls `t.Fatal` on the `t` it holds, if `dut.FallibleCall` fails in "first test", it will call `Fatal` on the parent `t`, quitting `TestOuter`. This is not a behavior we want. PiperOrigin-RevId: 323350241
2020-07-26Add profiling to dockerutilZach Koopmans
Adds profiling with `runsc debug` or pprof to dockerutil. All targets using dockerutil should now be able to use profiling. In addition, modifies existing benchmarks to use profiling. PiperOrigin-RevId: 323298634
2020-07-26Mark Passing Integration Tests for VFS2.Zach Koopmans
Mark the currently passing integration/image tests for VFS2. Bugs will be filed for remaining failing tests. Updates #1487 PiperOrigin-RevId: 323297260
2020-07-26allow guest user applications read CNTVCT_EL0/CNTFRQ_EL0Bin Lu
At present, when doing syscall_kvm test, we need to enable the function of ESR_ELx_SYS64_ISS_SYS_CNTVCT/ESR_ELx_SYS64_ISS_SYS_CNTFRQ to successfully pass the test. I set CNTKCTL_EL1.EL0VCTEN==1/CNTKCTL_EL1.EL0PCTEN==1, so that the related cases can passed. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-25test/syscall: run each test case in a separate network namespaceAndrei Vagin
... when it is possible. The guitar gVisorKernel*Workflow-s runs test with the local execution_method. In this case, blaze runs test cases locally without sandboxes. This means that all tests run in the same network namespace. We have a few tests which use hard-coded network ports and they can fail if one of these port will be used by someone else or by another test cases. PiperOrigin-RevId: 323137254
2020-07-25optimize size and time using "--no-cache-dir"Pratik raj
Using "--no-cache-dir" flag in pip install ,make sure dowloaded packages by pip don't cached on system . This is a best practise which make sure to fetch ftom repo instead of using local cached one . Further , in case of Docker Containers , by restricing caching , we can reduce image size. In term of stats , it depends upon the number of python packages multiplied by their respective size . e.g for heavy packages with a lot of dependencies it reduce a lot by don't caching pip packages. Further , more detail information can be found at https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6
2020-07-24Fix make devAyush Ranjan
The "dev" target had been failing. The failure was being caused due to variable overload of "RUNTIME". PiperOrigin-RevId: 323106040
2020-07-24travis: run only arm64 buildsAndrei Vagin
The travis capacity is limited, but we build and test amd64 on kokoro. PiperOrigin-RevId: 323103934
2020-07-24Bugfix: non-native tests were tagged as nativeKevin Krakauer
Copy the list of tags when passing it to _syscall_test.
2020-07-24Reduce walk and open cost in fsgoferFabricio Voznika
Implement WalkGetAttr() to reuse the stat that is already needed for Walk(). In addition, cache file QID, so it doesn't need to stat the file to compute it. open(2) time improved by 10%: Baseline: 6780 ns Change: 6083 ns Also fixed file type which was not being set in all places. PiperOrigin-RevId: 323102560
2020-07-24Speed up some iptables testsKevin Krakauer
Sending UDP packets in a loop can be done in a separate goroutine. We can't do this in ContainerAction because the container will terminate early. Locally, scripts/iptables_tests.sh runs ~40 seconds faster.
2020-07-24Merge pull request #3356 from amscanne:generics_testsgVisor bot
PiperOrigin-RevId: 323066414
2020-07-24Enable automated marshalling for netstack.Ayush Ranjan
PiperOrigin-RevId: 322954792
2020-07-24[go-marshal] Update APIAyush Ranjan
- All Marshal* and Unmarshal* methods now require buffers to be correctly sized - Only the Copy{In/Out} variants can handle smaller buffers (or address spaces) PiperOrigin-RevId: 322953881
2020-07-24Enable open testAyush Ranjan
Updates #2923 PiperOrigin-RevId: 322953552
2020-07-23Merge pull request #3142 from tanjianfeng:fix-3141gVisor bot
PiperOrigin-RevId: 322937495
2020-07-23Merge pull request #3317 from sevki:patch-2gVisor bot
PiperOrigin-RevId: 322928424
2020-07-23Add permission checks to vfs2 truncate.Dean Deng
- Check write permission on truncate(2). Unlike ftruncate(2), truncate(2) fails if the user does not have write permissions on the file. - For gofers under InteropModeShared, check file type before making a truncate request. We should fail early and avoid making an rpc when possible. Furthermore, depending on the remote host's failure may give us unexpected behavior--if the host converts the truncate request to an ftruncate syscall on an open fd, we will get EINVAL instead of EISDIR. Updates #2923. PiperOrigin-RevId: 322913569
2020-07-23FileDescription is hard to spell.Dean Deng
Fix typos. PiperOrigin-RevId: 322913282
2020-07-23Add AfterFunc to tcpip.ClockSam Balana
Changes the API of tcpip.Clock to also provide a method for scheduling and rescheduling work after a specified duration. This change also implements the AfterFunc method for existing implementations of tcpip.Clock. This is the groundwork required to mock time within tests. All references to CancellableTimer has been replaced with the tcpip.Job interface, allowing for custom implementations of scheduling work. This is a BREAKING CHANGE for clients that implement their own tcpip.Clock or use tcpip.CancellableTimer. Migration plan: 1. Add AfterFunc(d, f) to tcpip.Clock 2. Replace references of tcpip.CancellableTimer with tcpip.Job 3. Replace calls to tcpip.CancellableTimer#StopLocked with tcpip.Job#Cancel 4. Replace calls to tcpip.CancellableTimer#Reset with tcpip.Job#Schedule 5. Replace calls to tcpip.NewCancellableTimer with tcpip.NewJob. PiperOrigin-RevId: 322906897
2020-07-23Convert go_generics tests to starlark.Adin Scannell
For some reason these tests were broken when run via the bazel docker container. The mechanism used was a bit crazy (self-extracting bundle), so convert them to use straight-forward starlark rules. This has the added advantaged that they are now independent tests.
2020-07-23Implement get/set_robust_list.Nicolas Lacasse
PiperOrigin-RevId: 322904430
2020-07-23Merge pull request #3024 from ridwanmsharif:ridwanmsharif/fuse-stub-implgVisor bot
PiperOrigin-RevId: 322890087
2020-07-23Add task work mechanism.Dean Deng
Like task_work in Linux, this allows us to register callbacks to be executed before returning to userspace. This is needed for kcov support, which requires coverage information to be up-to-date whenever we are in user mode. We will provide coverage data through the kcov interface to enable coverage-directed fuzzing in syzkaller. One difference from Linux is that task work cannot queue work before the transition to userspace that it precedes; queued work will be picked up before the next transition. PiperOrigin-RevId: 322889984
2020-07-23Automated rollback of changelist 321227330Kevin Krakauer
PiperOrigin-RevId: 322888057
2020-07-23kvm-tls-2:add the preservation of user-TLS in the Arm64 kvm platformlubinszARM
This patch load/save TLS for the container application. Related issue: full context-switch supporting for Arm64 #1238 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/2761 from lubinszARM:pr_tls_2 cb5dbca1c9c3f378002406da7a58887f9b5032b3 PiperOrigin-RevId: 322887044
2020-07-23iptables: use keyed array literalsKevin Krakauer
PiperOrigin-RevId: 322882426
2020-07-23Use mode supplied by the mount optionsRidwan Sharif
2020-07-23Added stub FUSE filesystemRidwan Sharif
Allow FUSE filesystems to be mounted using libfuse. The appropriate flags and mount options are parsed and understood by fusefs.
2020-07-23Internal change.gVisor bot
PiperOrigin-RevId: 322859907