summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-02-02Stub out basic `runsc events --stat` CPU functionalityKevin Krakauer
Because we lack gVisor-internal cgroups, we take the CPU usage of the entire pod and divide it proportionally according to sentry-internal usage stats. This fixes `kubectl top pods`, which gets a pod's CPU usage by summing the usage of its containers. Addresses #172. PiperOrigin-RevId: 355229833
2021-02-02Move ring0 package.Adin Scannell
This allows the package to serve as a general purpose ring0 support package, as opposed to being bound to specific sentry platforms. Updates #5039 PiperOrigin-RevId: 355220044
2021-02-02Add ETIMEDOUT to partial result listFabricio Voznika
Reported-by: syzbot+db8d83f93b84fcb84374@syzkaller.appspotmail.com PiperOrigin-RevId: 355213994
2021-02-02Drop gazelle target from the Makefile.Adin Scannell
This is replaced with a straight call to bazel. Unfortunately, the built gazelle target requires a bazel installation to run anyways. PiperOrigin-RevId: 355211990
2021-02-02Add support for rate limiting out of window ACKs.Bhasker Hariharan
Netstack today will send dupACK's with no rate limit for incoming out of window segments. This can result in ACK loops for example if a TCP socket connects to itself (actually permitted by TCP). Where the ACK sent in response to packets being out of order itself gets considered as an out of window segment resulting in another ACK being generated. PiperOrigin-RevId: 355206877
2021-02-02Remove go_tool_library references.Adin Scannell
This is required only for the built-in bazel nogo functionality. Since we roll these targets manually via the wrappers, we don't need to use go_tool_library. The inconsistent use of these targets leads to conflicting instantiations of go_default_library and go_tool_library, which both contain the same output files. PiperOrigin-RevId: 355184975
2021-02-02Assert TCP_INFO size before checking contentTamir Duberstein
Also sync syscall test expectations on Fuchisa. PiperOrigin-RevId: 355163492
2021-02-02Minor page tables improvements.Adin Scannell
* Make split safe. * Enable looking up next valid address. * Support mappings with !accessType.Any(), distinct from unmap. These changes allow for the use of pagetables in low-level OS packages, such as ring0, and allow for the use of pagetables for more generic address space reservation (by writing entries with no access specified). Updates #5039 PiperOrigin-RevId: 355109016
2021-02-01Fix empty Packages file for APT repository.Adin Scannell
This change also adds an extra sanity check to the make_apt.sh script, in order to ensure that this simple mistake does not occur again. PiperOrigin-RevId: 355101754
2021-02-01Enable container checkpoint/restore tests with VFS2Fabricio Voznika
Updates #1663 PiperOrigin-RevId: 355077816
2021-02-01Add RACK reorder tests.Nayana Bidari
PiperOrigin-RevId: 355067082
2021-02-01Remove Go cache on failure.Adin Scannell
It's unclear why permissions wind up corrupted, but these can be cleared on any failure, similar to the bazel cache itself: https://buildkite.com/gvisor/pipeline/builds/2304#_ PiperOrigin-RevId: 355057421
2021-02-01Merge pull request #5403 from avagin:syzkaller3gVisor bot
PiperOrigin-RevId: 355047815
2021-02-01[infra] Consolidate all ubuntu tests into one image.Ayush Ranjan
This makes it easier to add more tests that run on Ubuntu. We can now just add a bash script and call that from integration_test without having to set up another image. PiperOrigin-RevId: 355000410
2021-02-01Refactor HandleControlPacket/SockErrorGhanan Gowripalan
...to remove the need for the transport layer to deduce the type of error it received. Rename HandleControlPacket to HandleError as HandleControlPacket only handles errors. tcpip.SockError now holds a tcpip.SockErrorCause interface that different errors can implement. PiperOrigin-RevId: 354994306
2021-02-01[infra] Fix gazelle target.Ayush Ranjan
PiperOrigin-RevId: 354991724
2021-02-01Assert expected size before unmarshallingTamir Duberstein
...to prevent panicking in case of failure. PiperOrigin-RevId: 354970257
2021-01-31Default to NUD/neighborCache instead of linkAddrCacheGhanan Gowripalan
This change flips gvisor to use Neighbor unreachability detection by default to populate the neighbor table as defined by RFC 4861 section 7. Although RFC 4861 is targeted at IPv6, the same algorithm is used for link resolution on IPv4 networks using ARP. Integrators may still use the legacy link address cache by setting stack.Options.UseLinkAddrCache to true; stack.Options.UseNeighborCache is now unused and will be removed. A later change will remove linkAddrCache and associated code. Updates #4658. PiperOrigin-RevId: 354850531
2021-01-31Use closure for IPv6 testContext cleanupGhanan Gowripalan
PiperOrigin-RevId: 354827491
2021-01-31Remove NICs before closing their link endpointsGhanan Gowripalan
...in IPv6 ICMP tests. A channel link endpoint's channel is closed when the link endpoint is closed. When the stack tries to send packets through a NIC with a closed channel endpoint, a panic will occur when attempting to write to a closed channel (https://golang.org/ref/spec#Close). To make sure the stack does not try to send packets through a NIC, we remove it. PiperOrigin-RevId: 354822085
2021-01-31Use different neighbor tables per network endpointGhanan Gowripalan
This stores each protocol's neighbor state separately. This change also removes the need for each neighbor entry to keep track of their own link address resolver now that all the entries in a cache will use the same resolver. PiperOrigin-RevId: 354818155
2021-01-31Hide neighbor table kind from NetworkEndpointGhanan Gowripalan
The network endpoint should not need to have logic to handle different kinds of neighbor tables. Network endpoints can let the NIC know about differnt neighbor discovery messages and let the NIC decide which table to update. This allows us to remove the LinkAddressCache interface. PiperOrigin-RevId: 354812584
2021-01-30Extract route table from Stack lockTamir Duberstein
PiperOrigin-RevId: 354746864
2021-01-30Remove side effect from open testsFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 354730126
2021-01-30Implement LinkAddressResolver on NetworkEndpointsGhanan Gowripalan
This removes the need to provide the link address request with the NIC the request is being performed on since the NetworkEndpoints already have a reference to the NIC. PiperOrigin-RevId: 354721940
2021-01-29Add syzkaller docker imageAndrei Vagin
2021-01-29Make fragmentation return a reassembled PacketBufferTing-Yu Wang
This allows later decoupling of the backing network buffer implementation. PiperOrigin-RevId: 354643297
2021-01-29Clear IGMPv1 present flag on NIC downGhanan Gowripalan
This is dynamic state that can be re-learned when the NIC comes back up. Test: ipv4_test.TestIgmpV1Present PiperOrigin-RevId: 354630921
2021-01-29setgid directory syscall testsKevin Krakauer
PiperOrigin-RevId: 354615220
2021-01-29Remove side effect from test casesFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 354604389
2021-01-29Refresh delayed report timers on query messagesGhanan Gowripalan
...as per As per RFC 2236 section 3 page 3 (for IGMPv2) and RFC 2710 section 4 page 5 (for MLDv1). See comments in code for more details. Test: ip_test.TestHandleQuery PiperOrigin-RevId: 354603068
2021-01-29- Add more comments for the TCP_INFO struct fields.Nayana Bidari
PiperOrigin-RevId: 354595623
2021-01-29Fix deadlock in specialFileFD.pwriteFabricio Voznika
When file is regular and metadata cache is authoritative, metadata lock is taken. The code deadlocks trying to acquire the metadata lock again to update time stampts. PiperOrigin-RevId: 354584594
2021-01-29Merge pull request #4503 from dqminh:nested-cgroupgVisor bot
PiperOrigin-RevId: 354568091
2021-01-29Discard invalid Neighbor AdvertisementsPeter Johnston
...per RFC 4861 s7.1.2. Startblock: has LGTM from sbalana and then add reviewer ghanan PiperOrigin-RevId: 354539026
2021-01-28Avoid locking when route doesn't require resolutionGhanan Gowripalan
When a route does not need to resolve a remote link address to send a packet, avoid having to obtain the pending packets queue's lock. PiperOrigin-RevId: 354456280
2021-01-28RACK: Update reorder window.Nayana Bidari
After receiving an ACK(cumulative or selective), RACK will update the reorder window which is used as a settling time before marking the packet as lost. This change will add an init function to initialize the variables in RACK and also store the reference to sender in rackControl. The reorder window is calculated as per rfc: https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.2 Step 4. PiperOrigin-RevId: 354453528
2021-01-28Acquire entry lock with cache lock heldTamir Duberstein
Avoid a race condition in which an entry is acquired while it is being evicted by overlapping the entry lock with the cache lock. PiperOrigin-RevId: 354452639
2021-01-28Change EXPECT/ASSERT to TEST_CHECK inside InForkedProcessFabricio Voznika
PiperOrigin-RevId: 354441239
2021-01-28Change tcpip.Error to an interfaceTamir Duberstein
This makes it possible to add data to types that implement tcpip.Error. ErrBadLinkEndpoint is removed as it is unused. PiperOrigin-RevId: 354437314
2021-01-28Propagate reader error in ReadFromTamir Duberstein
This was removed in 6c0e1d9cfe6adbfbb32e7020d6426608ac63ad37 but turns out to be crucial to prevent flaky behaviour in sendfile. PiperOrigin-RevId: 354434144
2021-01-28Do not use clockwork for faketimeGhanan Gowripalan
Clockwork does not support timers being reset/stopped from different goroutines. Our current use of clockwork causes data races and gotsan complains about clockwork. This change uses our own implementation of faketime, avoiding data races. PiperOrigin-RevId: 354428208
2021-01-28Re-enable ipv4 reassembly packetimpact testsArthur Sfez
When these specific tests were first added, they would fail when ran by kokoro during the presubmit tests (but they always passed locally). These tests are now passing, so they can be re-enabled. Unclear what changed, one hypothesis is the move from kokoro to buildkite. Fixes #4971 PiperOrigin-RevId: 354425395
2021-01-28[vfs] Fix rename implementation in OrderedChildren.Ayush Ranjan
Fixes #3027 as there is just 1 writable user using OrderedChildren's rename, unlink and rmdir (kernfs.syntheticDirectory) but it doesn't support the sticky bit yet. Fuse which is the other writable user implements its own Inode operations. PiperOrigin-RevId: 354386522
2021-01-28Make tcp_noaccept_close_rst more robustZeling Feng
There used to be a race condition where we may call Close before the connection is established. Adding poll support so that we can eliminate this kind of race. Startblock: has LGTM from iyerm and then add reviewer tamird PiperOrigin-RevId: 354369130
2021-01-28Add O_PATH support in vfs2gVisor bot
PiperOrigin-RevId: 354367665
2021-01-28Correctly check permissions in ping socket testTamir Duberstein
The previous check was using SOCK_RAW, despite the fact that the test only uses SOCK_DGRAM. Simplify the test machinery while I'm here. PiperOrigin-RevId: 354359842
2021-01-28Internal change.Michael Pratt
PiperOrigin-RevId: 354327882
2021-01-28Respect SO_BINDTODEVICE in unconnected UDP writesMarina Ciocea
Previously, sending on an unconnected UDP socket would ignore the SO_BINDTODEVICE option. Send on the configured interface when an UDP socket is bound to an interface through setsockop SO_BINDTODEVICE. Add packetimpact tests exercising UDP reads and writes with every combination of bound/unbound, broadcast/multicast/unicast destination, and bound/not-bound to device. PiperOrigin-RevId: 354299670
2021-01-27Confirm neighbor reachability with TCP ACKsGhanan Gowripalan
As per RFC 4861 section 7.3.1, A neighbor is considered reachable if the node has recently received a confirmation that packets sent recently to the neighbor were received by its IP layer. Positive confirmation can be gathered in two ways: hints from upper-layer protocols that indicate a connection is making "forward progress", or receipt of a Neighbor Advertisement message that is a response to a Neighbor Solicitation message. This change adds support for TCP to let the IP/link layers know that a neighbor is reachable. Test: integration_test.TestTCPConfirmNeighborReachability PiperOrigin-RevId: 354222833