summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-08-29Merge pull request #655 from praveensastry:feature/runsc-ref-chk-leakgVisor bot
PiperOrigin-RevId: 266226714
2019-08-29Compile procter binaries during image creation.Nicolas Lacasse
Using "go run ..." in the ENTRYPOINT causes the go compiler to run each time the container is started. We can just compile the binary once as part of the image. PiperOrigin-RevId: 266212462
2019-08-29Internal change.gVisor bot
PiperOrigin-RevId: 266199211
2019-08-29Add limit_host_fd_translation Gofer mount option.Jamie Liu
PiperOrigin-RevId: 266177409
2019-08-29Don't log an error when stopping the container if it is not running.Nicolas Lacasse
This removes a lot of confusing messages from the test logs. PiperOrigin-RevId: 266164001
2019-08-29Internal change.Adin Scannell
PiperOrigin-RevId: 266073190
2019-08-28Fix permissions on .ssh filesAdin Scannell
PiperOrigin-RevId: 266066839
2019-08-28Fix kokoro image build scriptsAdin Scannell
The /tmpfs directory needs to be writable, and kokoro needs passwordless sudo access to execute the test scripts. PiperOrigin-RevId: 266063723
2019-08-28Export generated linkAddrEntryEntryTamir Duberstein
PiperOrigin-RevId: 266000128
2019-08-27kokoro: Add scripts to rebuild images.Adin Scannell
These scripts generated the following images: gvisor-kokoro-testing/image-a53bac71541a209e (ubuntu 18.04) gvisor-kokoro-testing/image-f5b20c5fbd23f448 (ubuntu 16.04) Any modifications to these scripts should generate new images. PiperOrigin-RevId: 265843929
2019-08-27Populate link address cache at dispatchTamir Duberstein
This allows the stack to learn remote link addresses on incoming packets, reducing the need to ARP to send responses. This also reduces the number of round trips to the system clock, since that may also prove to be performance-sensitive. Fixes #739. PiperOrigin-RevId: 265815816
2019-08-27Fix pwritev2 flaky test.Zach Koopmans
Fix a uninitialized memory bug in pwritev2 test. PiperOrigin-RevId: 265772176
2019-08-27Fix comment typoMichael Pratt
PiperOrigin-RevId: 265731735
2019-08-27Fix sendfile(2) error codeFabricio Voznika
When output file is in append mode, sendfile(2) should fail with EINVAL and not EBADF. Closes #721 PiperOrigin-RevId: 265718958
2019-08-27Mount volumes as super userFabricio Voznika
This used to be the case, but regressed after a recent change. Also made a few fixes around it and clean up the code a bit. Closes #720 PiperOrigin-RevId: 265717496
2019-08-26Don't lose test output.Adin Scannell
PiperOrigin-RevId: 265606322
2019-08-26netstack/tcp: Add LastAck transition.Rahat Mahmood
Add missing state transition to LastAck, which should happen when the endpoint has already recieved a FIN from the remote side, and is sending its own FIN. PiperOrigin-RevId: 265568314
2019-08-26Add support for Intel cache CPUID leafsMichael Pratt
This exposes L1, L2, etc. cache sizes, cache line size, etc. Across S/R, everything except cache line size can differ from the host. This is because cache line size is critical for correct use of CLFLUSH / CLFLUSHOPT, but as far as I know, the other cache parameters can only affect performance, not correctness. AMD uses different leafs for cache information, which are not yet supported. fail. There are no known cases of cache line size other than 64 in the fleet. PiperOrigin-RevId: 265544786
2019-08-26Internal change.gVisor bot
PiperOrigin-RevId: 265535438
2019-08-26Merge pull request #696 from xiaobo55x:tcpip_linkgVisor bot
PiperOrigin-RevId: 265534854
2019-08-26Prevent a network endpoint to send/rcv if its address was removedChris Kuiper
This addresses the problem where an endpoint has its address removed but still has outstanding references held by routes used in connected TCP/UDP sockets which prevent the removal of the endpoint. The fix adds a new "expired" flag to the referenced network endpoint, which is set when an endpoint has its address removed. Incoming packets are not delivered to an expired endpoint (unless in promiscuous mode), while sending outgoing packets triggers an error to the caller (unless in spoofing mode). In addition, a few helper functions were added to stack_test.go to reduce code duplications. PiperOrigin-RevId: 265514326
2019-08-26fsgofer_test.go: a socket file path can't be longer than UNIX_MAX_PATH (108)Andrei Vagin
PiperOrigin-RevId: 265478578
2019-08-23Second try at flaky futex test.Zach Koopmans
The flake had the call to futex_unlock_pi() returning EINVAL with the FUTEX_OWNER_DIED set. In this case, userspace has to clean up stale state. So instead of calling FUTEX_UNLOCK_PI outright, we'll use the advised atomic compare_exchange as advised in the man page. PiperOrigin-RevId: 265163920
2019-08-23Implement fmt.Stringer on Route by valueTamir Duberstein
This is more convenient, since it implements the interface for both value and pointer. PiperOrigin-RevId: 265086510
2019-08-22Log message sent before logging is setupFabricio Voznika
Moved log message to after the log options have been read and log setup. PiperOrigin-RevId: 264964171
2019-08-22Ensure yield-equivalent with an already-expired timeout.Adin Scannell
PiperOrigin-RevId: 264920977
2019-08-22test: set shard_count to 5 by defaultAndrei Vagin
In cl/264434674 and cl/264498919, we stop running test cases in parallel to not overload test hosts. But now tests requires more time to run, so we need to increase a default number of shards or a default test timeout. Let's start with increasing the number of shards and see how it will works. PiperOrigin-RevId: 264917055
2019-08-22Send sandbox log to test logFabricio Voznika
This used to be the case, but when --alsologtostderr was added, it stopped logging. PiperOrigin-RevId: 264905640
2019-08-22Remove ASSERT from fork childMichael Pratt
The gunit macros are not safe to use in the child. PiperOrigin-RevId: 264904348
2019-08-22Add log prefix for better claritypraveensastry
2019-08-21Support binding to multicast and broadcast addressesChris Kuiper
This fixes the issue of not being able to bind to either a multicast or broadcast address as well as to send and receive data from it. The way to solve this is to treat these addresses similar to the ANY address and register their transport endpoint ID with the global stack's demuxer rather than the NIC's. That way there is no need to require an endpoint with that multicast or broadcast address. The stack's demuxer is in fact the only correct one to use, because neither broadcast- nor multicast-bound sockets care which NIC a packet was received on (for multicast a join is still needed to receive packets on a NIC). I also took the liberty of refactoring udp_test.go to consolidate a lot of duplicate code and make it easier to create repetitive tests that test the same feature for a variety of packet and socket types. For this purpose I created a "flowType" that represents two things: 1) the type of packet being sent or received and 2) the type of socket used for the test. E.g., a "multicastV4in6" flow represents a V4-mapped multicast packet run through a V6-dual socket. This allows writing significantly simpler tests. A nice example is testTTL(). PiperOrigin-RevId: 264766909
2019-08-21tests: retry connect if it fails with EINTRAndrei Vagin
test/syscalls/linux/proc_net_tcp.cc:252: Failure Value of: connect(client->get(), &addr, addrlen) Expected: not -1 (success) Actual: -1 (of type int), with errno PosixError(errno=4 Interrupted system call) PiperOrigin-RevId: 264743815
2019-08-21Use tcpip.Subnet in tcpip.RouteTamir Duberstein
This is the first step in replacing some of the redundant types with the standard library equivalents. PiperOrigin-RevId: 264706552
2019-08-20Add tcpip.Route.String and tcpip.AddressMask.PrefixChris Kuiper
PiperOrigin-RevId: 264544163
2019-08-20test: reset a signal handler before closing a signal channelAndrei Vagin
goroutine 5 [running]: os/signal.process(0x10e21c0, 0xc00050c280) third_party/go/gc/src/os/signal/signal.go:227 +0x164 os/signal.loop() third_party/go/gc/src/os/signal/signal_unix.go:23 +0x3e created by os/signal.init.0 third_party/go/gc/src/os/signal/signal_unix.go:29 +0x41 PiperOrigin-RevId: 264518530
2019-08-20Don't run runtime tests in parallel.Nicolas Lacasse
We need real sharding, and will let Bazel handle the parallelization. That is coming soon. Until then, remove this call to t.Parallel() so that we can run the tests without eating all CPU. PiperOrigin-RevId: 264498919
2019-08-20Add tests for raw AF_PACKET sockets.Kevin Krakauer
PiperOrigin-RevId: 264494359
2019-08-20Fix flaky futex test.Zach Koopmans
The test is long running (175128 ms or so) which causes timeouts. The test simply makes sure that private futexes can acquire locks concurrently. Dropping current threads and increasing the number of locks each thread tests the same concurrency concerns but drops execution time to ~1411 ms. PiperOrigin-RevId: 264476144
2019-08-20tests: syscall_test_runner should not run tests in parallelAndrei Vagin
bazel runs a few instances of syscall_test_runner in parallel and then syscall_test_runner runs test cases in parallel. It might be a reason why we see that test hosts are overloaded and sandboxes start slowly. It should be better to control how many tests are running in parallel from one place, so let's try to disable this feature in syscall_test_runner. PiperOrigin-RevId: 264434674
2019-08-19Document RWF_HIPRI not implemented for preadv2/pwritev2.Zach Koopmans
Document limitation of no reasonable implementation for RWF_HIPRI flag (High Priority Read/Write for block-based file systems). PiperOrigin-RevId: 264237589
2019-08-19Internal change.gVisor bot
PiperOrigin-RevId: 264218306
2019-08-19hostinet: fix parsing route netlink messageJianfeng Tan
We wrongly parses output interface as gateway address. The fix is straightforward. Fixes #638 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Change-Id: Ia4bab31f3c238b0278ea57ab22590fad00eaf061 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/684 from tanjianfeng:fix-638 b940e810367ad1273519bfa594f4371bdd293e83 PiperOrigin-RevId: 264211336
2019-08-19Read iptables via sockopts.Kevin Krakauer
PiperOrigin-RevId: 264180125
2019-08-16netstack: disconnect an unix socket only if the address family is AF_UNSPECAndrei Vagin
Linux allows to call connect for ANY and the zero port. PiperOrigin-RevId: 263892534
2019-08-16procfs: Migrate seqfile implementations.Ayush Ranjan
Migrates all (except 3) seqfile implementations to the vfs.DynamicBytesSource interface. There should not be any change in functionality due to this migration itself. Please note that the following seqfile implementations have not been migrated: - /proc/filesystems in proc/filesystems.go - /proc/[pid]/mountinfo in proc/mounts.go - /proc/[pid]/mounts in proc/mounts.go This is because these depend on pending changes in /pkg/senty/vfs. PiperOrigin-RevId: 263880719
2019-08-16ptrace: detect if a stub process exited unexpectedlyAndrei Vagin
PiperOrigin-RevId: 263880577
2019-08-16Add subnet checking to NIC.findEndpoint and consolidate with NIC.getRefChris Kuiper
This adds the same logic to NIC.findEndpoint that is already done in NIC.getRef. Since this makes the two functions very similar they were combined into one with the originals being wrappers. PiperOrigin-RevId: 263864708
2019-08-16Bump rules_go to v0.19.3 and bazel_gazelle to v0.18.1.Nicolas Lacasse
And bump go toolchain to v1.12.9. Protobuf dependencies must be explicitly included now. PiperOrigin-RevId: 263853370
2019-08-16vfs: Remove vfs.DefaultDirectoryFD from embedding vfs.DefaultFD.Ayush Ranjan
This fixes the implementation ambiguity issues when a filesystem implementation embeds vfs.DefaultDirectoryFD to its directory FD along with an internal common fileDescription utility. For similar reasons also removes FileDescriptionDefaultImpl from DynamicBytesFileDescriptionImpl. PiperOrigin-RevId: 263795513
2019-08-15Add tests for "cooked" AF_PACKET sockets.Kevin Krakauer
PiperOrigin-RevId: 263666789