summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-03-11fusefs: Implement default_permissions and allow_other mount options.Rahat Mahmood
By default, fusefs defers node permission checks to the server. The default_permissions mount option enables the usual unix permission checks based on the node owner and mode bits. Previously fusefs was incorrectly checking permissions unconditionally. Additionally, fusefs should restrict filesystem access to processes started by the mount owner to prevent the fuse daemon from gaining priviledge over other processes. The allow_other mount option overrides this behaviour. Previously fusefs was incorrectly skipping this check. Updates #3229 PiperOrigin-RevId: 362419092
2021-03-11Implement Merkle tree generate tool binaryChong Cai
This binary is used to recursively enable and generate Merkle tree files for all files and directories in a file system from inside a gVisor sandbox. PiperOrigin-RevId: 362418770
2021-03-11Merge pull request #5654 from sethvargo:sethvargo/cancelgVisor bot
PiperOrigin-RevId: 362416183
2021-03-11Clear Merkle tree files in RuntimeEnable modeChong Cai
The Merkle tree files need to be cleared before enabling to avoid redundant content. PiperOrigin-RevId: 362409591
2021-03-11Report filesystem-specific mount options.Rahat Mahmood
PiperOrigin-RevId: 362406813
2021-03-11Major refactor of runsc mitigate.Zach Koopmans
PiperOrigin-RevId: 362360425
2021-03-11Update go.ymlSeth Vargo
2021-03-11Move Arch specific code to arch specific files.Bhasker Hariharan
PiperOrigin-RevId: 362297474
2021-03-10Add a rootfs filesystem to fs benchmarks. Also, fix fio benchmark.Zach Koopmans
The previous "bind" filesystem, already included in go/runsc-benchmarks is a remote re-validate mount. However, the non-re-validate mount was not present, and it has been added in the form of rootfs. Also, fix the fio runs to reads/writes of 10GB as running with --test.benchtime=Xs may scale beyond the memory available to tmpfs mounts on buildkite VMs. Currently, our buildkite pipelines are run on e2-standard-8 machines with 32GB of memory, allowing tmpfs mounts to safely be at least 10GB. PiperOrigin-RevId: 362143620
2021-03-10Improve Actions hygieneSeth Vargo
👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail. - (**you were already doing this, thank you!**) Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch. - For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits. There are other changes you could make, depending on your project (but I'm not an expert): - If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](https://github.com/google/exposure-notifications-verification-server/blob/c4f59fee71042cf668747e599e7c769fca736554/.github/workflows/terraform.yml#L3-L11). Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you!
2021-03-09Update flock to v0.8.0Fabricio Voznika
PiperOrigin-RevId: 361962416
2021-03-09Fix invalid interface conversion in runnerFabricio Voznika
panic: interface conversion: interface {} is syscall.WaitStatus, not unix.WaitStatus goroutine 1 [running]: main.runTestCaseNative(0xc0001fc000, 0xe3, 0xc000119b60, 0x1, 0x1, 0x0, 0x0) test/runner/runner.go:185 +0xa94 main.main() test/runner/runner.go:118 +0x745 PiperOrigin-RevId: 361957796
2021-03-09Give TCP flags a dedicated typeZeling Feng
- Implement Stringer for it so that we can improve error messages. - Use TCPFlags through the code base. There used to be a mixed usage of byte, uint8 and int as TCP flags. PiperOrigin-RevId: 361940150
2021-03-09Allow reading from PTY into bad buffer to return EAGAIN.Nicolas Lacasse
Kernels after 3b830a9c return EAGAIN in this case. PiperOrigin-RevId: 361936327
2021-03-08Implement /proc/sys/net/ipv4/ip_local_port_rangeKevin Krakauer
Speeds up the socket stress tests by a couple orders of magnitude. PiperOrigin-RevId: 361721050
2021-03-08Fix proc test flakinessFabricio Voznika
Thread from earlier test can show up in `/proc/self/tasks` while the thread tears down. Account for that when searching for procs for the first time in the test. PiperOrigin-RevId: 361689673
2021-03-08Internal change.Chong Cai
PiperOrigin-RevId: 361689477
2021-03-08[lisa] Do not generate any tests for dynamic types.Ayush Ranjan
The dynamic type user defines the marshalling logic, so we don't need to test for things like alignment, absence of slices, etc. For dynamic types, the go_marshal generator just generates the missing methods required to implement marshal.Marshallable. PiperOrigin-RevId: 361676311
2021-03-08Run shards in a single sandboxFabricio Voznika
Run all tests (or a given test partition) in a single sandbox. Previously, each individual unit test executed in a new sandbox, which takes much longer to execute. Before After Syscall tests: 37m22.768s 14m5.272s PiperOrigin-RevId: 361661726
2021-03-08Avoid a race with test peer advert and DUT sendMithun Iyer
Fix a race where the DUT could send out test data before it received the peer window advertisement. Such a race results in the DUT taking longer time to retransmit zero window probe, thus causing the test to fail receiving the last expected probe. To ensure this ordering, piggyback a non-zero payload with the zero window advertisement and let the DUT receive that, before continuing with the test. PiperOrigin-RevId: 361640241
2021-03-08Fix SocketInetLoopbackTest flakinessFabricio Voznika
Remove part of test that was making it flaky. It runs for native only, so not really important since it's not testing gVisor. Before: http://sponge2/37557c41-298e-408d-9b54-50ba3d41e22f After: http://sponge2/7bca72be-cb9b-42f8-8c54-af4956c39455 PiperOrigin-RevId: 361611512
2021-03-06[op] Replace syscall package usage with golang.org/x/sys/unix in runsc/.Ayush Ranjan
The syscall package has been deprecated in favor of golang.org/x/sys. Note that syscall is still used in some places because the following don't seem to have an equivalent in unix package: - syscall.SysProcIDMap - syscall.Credential Updates #214 PiperOrigin-RevId: 361381490
2021-03-06[op] Replace syscall package usage with golang.org/x/sys/unix in test/.Ayush Ranjan
The syscall package has been deprecated in favor of golang.org/x/sys. Note that syscall is still used in some places because the following don't seem to have an equivalent in unix package: - syscall.SysProcIDMap - syscall.Credential Updates #214 PiperOrigin-RevId: 361332034
2021-03-05Increment the counters when sending Echo requestsArthur Sfez
Updates #5597 PiperOrigin-RevId: 361252003
2021-03-05Fix network protocol/endpoint lock order violationGhanan Gowripalan
IPv4 would violate the lock ordering of protocol > endpoint when closing network endpoints by calling `ipv4.protocol.forgetEndpoint` while holding the network endpoint lock. PiperOrigin-RevId: 361232817
2021-03-05Include duplicate address holder info in DADResultGhanan Gowripalan
The integrator may be interested in who owns a duplicate address so pass this information (if available) along. Fixes #5605. PiperOrigin-RevId: 361213556
2021-03-05Implement IterDirent in verity fsChong Cai
PiperOrigin-RevId: 361196154
2021-03-05Gather uname information from DUTZeling Feng
Some OSs behave slightly differently, but still within the RFC. It can be useful to have access to uname information from the testbench. PiperOrigin-RevId: 361193766
2021-03-05Make stack.DADResult an interfaceGhanan Gowripalan
While I'm here, update NDPDispatcher.OnDuplicateAddressDetectionStatus to take a DADResult and rename it to OnDuplicateAddressDetectionResult. Fixes #5606. PiperOrigin-RevId: 360965416
2021-03-04Nit fix: Should use maxTimeout in backoffTimerTing-Yu Wang
The only user is in (*handshake).complete and it specifies MaxRTO, so there is no behavior changes. PiperOrigin-RevId: 360954447
2021-03-03Deflake //pkg/tcpip/tests/integration:forward_testTing-Yu Wang
clientEP.Connect may fail because serverEP was not listening. PiperOrigin-RevId: 360780667
2021-03-03Make dedicated methods for data operations in PacketBufferTing-Yu Wang
One of the preparation to decouple underlying buffer implementation. There are still some methods that tie to VectorisedView, and they will be changed gradually in later CLs. This CL also introduce a new ICMPv6ChecksumParams to replace long list of parameters when calling ICMPv6Checksum, aiming to be more descriptive. PiperOrigin-RevId: 360778149
2021-03-03Remove dependency on golang.org/x/sys/unixTamir Duberstein
(*os.PathError).Timeout does the same thing. PiperOrigin-RevId: 360756784
2021-03-03Export faketime to go branchGhanan Gowripalan
PiperOrigin-RevId: 360732928
2021-03-03Assert UpdatedAtNanos in neighbor cache testsSam Balana
Changes the neighbor_cache_test.go tests to always assert UpdatedAtNanos. Completes the assertion of UpdatedAtNanos in every NUD test, a field that was historically not checked due to the lack of a deterministic, controllable clock. This is no longer true with the tcpip.Clock interface. While the tests have been adjusted to use Clock, asserting by the UpdatedAtNanos was neglected. Fixes #4663 PiperOrigin-RevId: 360730077
2021-03-03Add checklocks analyzer.Bhasker Hariharan
This validates that struct fields if annotated with "// checklocks:mu" where "mu" is a mutex field in the same struct then access to the field is only done with "mu" locked. All types that are guarded by a mutex must be annotated with // +checklocks:<mutex field name> For more details please refer to README.md. PiperOrigin-RevId: 360729328
2021-03-03Export stats that were forgottenArthur Sfez
While I'm here, simplify the comments and unify naming of certain stats across protocols. PiperOrigin-RevId: 360728849
2021-03-03Use struct embedding to avoid casts and reuse methodsZeling Feng
- Removed (*testbench.Connection)(&conn) like casts - Removed redundant definition of Drain, Close and ExpectFrame PiperOrigin-RevId: 360727788
2021-03-03[op] Replace syscall package usage with golang.org/x/sys/unix in pkg/.Ayush Ranjan
The syscall package has been deprecated in favor of golang.org/x/sys. Note that syscall is still used in the following places: - pkg/sentry/socket/hostinet/stack.go: some netlink related functionalities are not yet available in golang.org/x/sys. - syscall.Stat_t is still used in some places because os.FileInfo.Sys() still returns it and not unix.Stat_t. Updates #214 PiperOrigin-RevId: 360701387
2021-03-02Add reverse flag to mitigate.Zach Koopmans
Add reverse operation to mitigate that just enables all CPUs. PiperOrigin-RevId: 360511215
2021-03-02[rack] Support running tcp_benchmarks with RACK.Ayush Ranjan
PiperOrigin-RevId: 360491700
2021-03-02Plumb link address request errors up to requesterTamir Duberstein
Prevent the situation where callers to (*stack).GetLinkAddress provide incorrect arguments and are unable to observe this condition. Updates #5583. PiperOrigin-RevId: 360481557
2021-03-01tcp: endpoint.Write has to send all data that has been read from payloadAndrei Vagin
io.Reader.ReadFull returns the number of bytes copied and an error if fewer bytes were read. PiperOrigin-RevId: 360247614
2021-02-26Fix panic due to zero length writes in TCP.Bhasker Hariharan
There is a short race where in Write an endpoint can transition from writable to non-writable state due to say an incoming RST during the time we release the endpoint lock and reacquire after copying the payload. In such a case if the write happens to be a zero sized write we end up trying to call sendData() even though nothing was queued. This can panic when trying to enable/disable TCP timers if the endpoint had already transitioned to a CLOSED/ERROR state due to the incoming RST as we cleanup timers when the protocol goroutine terminates. Sadly the race window is small enough that my attempts at reproducing the panic in a syscall test has not been successful. PiperOrigin-RevId: 359887905
2021-02-26Assert UpdatedAtNanos in neighbor entry testsSam Balana
Changes the neighbor_entry_test.go tests to always assert UpdatedAtNanos. This field was historically not checked due to the lack of a deterministic, controllable clock. This is no longer true with the tcpip.Clock interface. While the tests have been adjusted to use Clock, asserting by the UpdatedAtNanos was neglected. Subsequent work is needed to assert UpdatedAtNanos in the neighbor cache tests. Updates #4663 PiperOrigin-RevId: 359868254
2021-02-26Embed sync.Mutex for entryTestLinkResolver and testNUDDispatcherSam Balana
Converts entryTestLinkResolver and testNUDDispatcher to use the embedded sync.Mutex pattern for fields that may be accessed concurrently from different gorountines. Fixes #5541 PiperOrigin-RevId: 359826169
2021-02-26Use helper functions in neighbor entry testsSam Balana
Adds helper functions for transitioning into common states. This reduces the boilerplate by a fair amount, decreasing the barriers to entry for new features added to neighborEntry. PiperOrigin-RevId: 359810465
2021-02-26Use closure to avoid manual unlockingTamir Duberstein
Also increase refcount of raw.endpoint.route while in use. Avoid allocating an array of size zero. PiperOrigin-RevId: 359797788
2021-02-26Emit the errorTamir Duberstein
Without this change, the error produced is quite useless: --- FAIL: TestZeroWindowProbeRetransmit (11.44s) tcp_zero_window_probe_retransmit_test.go:81: expected a probe with sequence number 824638527212: loop 5 FAIL PiperOrigin-RevId: 359796370
2021-02-25RACK: recovery logic should check for receive window before re-transmitting.Nayana Bidari
Use maybeSendSegment while sending segments in RACK recovery which checks if the receiver has space and splits the segments when the segment size is greater than MSS. PiperOrigin-RevId: 359641097