summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-07-30Revert change to default buffer size.Bhasker Hariharan
In https://github.com/google/gvisor/commit/ca6bded95dbce07f9683904b4b768dfc2d4a09b2 we reduced the default buffer size to 32KB. This mostly works fine except at high throughput where we hit zero window very quickly and the TCP receive buffer moderation is not able to grow the window. This can be seen in the benchmarks where with a 32KB buffer and 100 connections downloading a 10MB file we get about 30 requests/s vs the 1MB buffer gives us about 53 requests/s. A proper fix requires a few changes to when we send a zero window as well as when we decide to send a zero window update. Today we consider available space below 1MSS as zero and send an update when it crosses 1MSS of available space. This is way too low and results in the window staying very small once we hit a zero window condition as we keep sending updates with size barely over 1MSS. Linux and BSD are smarter about this and use different thresholds. We should separately update our logic to match linux or BSD so that we don't send window updates that are really tiny or wait until we drop below 1MSS to advertise a zero window. PiperOrigin-RevId: 324087019
2020-07-30Enforce fragment block size and validate argsGhanan Gowripalan
Allow configuring fragmentation.Fragmentation with a fragment block size which will be enforced when processing fragments. Also validate arguments when processing fragments. Test: - fragmentation.TestErrors - ipv6_test.TestReceiveIPv6Fragments - ipv4_test.TestReceiveIPv6Fragments PiperOrigin-RevId: 324081521
2020-07-30Implement overlayfs_stale_read for vfs2.Jamie Liu
PiperOrigin-RevId: 324080111
2020-07-30Allocate a pseudo-tty for exec.Adin Scannell
Otherwise Ctrl-C will kill the 'docker exec' as opposed to killing the bazel command being run inside the container. PiperOrigin-RevId: 324079339
2020-07-30Add runsc build benchmark.Zach Koopmans
PiperOrigin-RevId: 324071377
2020-07-30Implement neighbor unreachability detection for ARP and NDP.Sam Balana
This change implements the Neighbor Unreachability Detection (NUD) state machine, as per RFC 4861 [1]. The state machine operates on a single neighbor in the local network. This requires the state machine to be implemented on each entry of the neighbor table. This change also adds, but does not expose, several APIs. The first API is for performing basic operations on the neighbor table: - Create a static entry - List all entries - Delete all entries - Remove an entry by address The second API is used for changing the NUD protocol constants on a per-NIC basis to allow Neighbor Discovery to operate over links with widely varying performance characteristics. See [RFC 4861 Section 10][2] for the list of constants. Finally, the last API is for allowing users to subscribe to NUD state changes. See [RFC 4861 Appendix C][3] for the list of edges. [1]: https://tools.ietf.org/html/rfc4861 [2]: https://tools.ietf.org/html/rfc4861#section-10 [3]: https://tools.ietf.org/html/rfc4861#appendix-C Tests: pkg/tcpip/stack:stack_test - TestNeighborCacheAddStaticEntryThenOverflow - TestNeighborCacheClear - TestNeighborCacheClearThenOverflow - TestNeighborCacheConcurrent - TestNeighborCacheDuplicateStaticEntryWithDifferentLinkAddress - TestNeighborCacheDuplicateStaticEntryWithSameLinkAddress - TestNeighborCacheEntry - TestNeighborCacheEntryNoLinkAddress - TestNeighborCacheGetConfig - TestNeighborCacheKeepFrequentlyUsed - TestNeighborCacheNotifiesWaker - TestNeighborCacheOverflow - TestNeighborCacheOverwriteWithStaticEntryThenOverflow - TestNeighborCacheRemoveEntry - TestNeighborCacheRemoveEntryThenOverflow - TestNeighborCacheRemoveStaticEntry - TestNeighborCacheRemoveStaticEntryThenOverflow - TestNeighborCacheRemoveWaker - TestNeighborCacheReplace - TestNeighborCacheResolutionFailed - TestNeighborCacheResolutionTimeout - TestNeighborCacheSetConfig - TestNeighborCacheStaticResolution - TestEntryAddsAndClearsWakers - TestEntryDelayToProbe - TestEntryDelayToReachableWhenSolicitedOverrideConfirmation - TestEntryDelayToReachableWhenUpperLevelConfirmation - TestEntryDelayToStaleWhenConfirmationWithDifferentAddress - TestEntryDelayToStaleWhenProbeWithDifferentAddress - TestEntryFailedGetsDeleted - TestEntryIncompleteToFailed - TestEntryIncompleteToIncompleteDoesNotChangeUpdatedAt - TestEntryIncompleteToReachable - TestEntryIncompleteToReachableWithRouterFlag - TestEntryIncompleteToStale - TestEntryInitiallyUnknown - TestEntryProbeToFailed - TestEntryProbeToReachableWhenSolicitedConfirmationWithSameAddress - TestEntryProbeToReachableWhenSolicitedOverrideConfirmation - TestEntryProbeToStaleWhenConfirmationWithDifferentAddress - TestEntryProbeToStaleWhenProbeWithDifferentAddress - TestEntryReachableToStaleWhenConfirmationWithDifferentAddress - TestEntryReachableToStaleWhenConfirmationWithDifferentAddressAndOverride - TestEntryReachableToStaleWhenProbeWithDifferentAddress - TestEntryReachableToStaleWhenTimeout - TestEntryStaleToDelay - TestEntryStaleToReachableWhenSolicitedOverrideConfirmation - TestEntryStaleToStaleWhenOverrideConfirmation - TestEntryStaleToStaleWhenProbeUpdateAddress - TestEntryStaysDelayWhenOverrideConfirmationWithSameAddress - TestEntryStaysProbeWhenOverrideConfirmationWithSameAddress - TestEntryStaysReachableWhenConfirmationWithRouterFlag - TestEntryStaysReachableWhenProbeWithSameAddress - TestEntryStaysStaleWhenProbeWithSameAddress - TestEntryUnknownToIncomplete - TestEntryUnknownToStale - TestEntryUnknownToUnknownWhenConfirmationWithUnknownAddress pkg/tcpip/stack:stack_x_test - TestDefaultNUDConfigurations - TestNUDConfigurationFailsForNotSupported - TestNUDConfigurationsBaseReachableTime - TestNUDConfigurationsDelayFirstProbeTime - TestNUDConfigurationsMaxMulticastProbes - TestNUDConfigurationsMaxRandomFactor - TestNUDConfigurationsMaxUnicastProbes - TestNUDConfigurationsMinRandomFactor - TestNUDConfigurationsRetransmitTimer - TestNUDConfigurationsUnreachableTime - TestNUDStateReachableTime - TestNUDStateRecomputeReachableTime - TestSetNUDConfigurationFailsForBadNICID - TestSetNUDConfigurationFailsForNotSupported [1]: https://tools.ietf.org/html/rfc4861 [2]: https://tools.ietf.org/html/rfc4861#section-10 [3]: https://tools.ietf.org/html/rfc4861#appendix-C Updates #1889 Updates #1894 Updates #1895 Updates #1947 Updates #1948 Updates #1949 Updates #1950 PiperOrigin-RevId: 324070795
2020-07-30Use brodcast MAC for broadcast IPv4 packetsGhanan Gowripalan
When sending packets to a known network's broadcast address, use the broadcast MAC address. Test: - stack_test.TestOutgoingSubnetBroadcast - udp_test.TestOutgoingSubnetBroadcast PiperOrigin-RevId: 324062407
2020-07-30Have dockerutil.Wait* respect the context deadlineKevin Krakauer
PiperOrigin-RevId: 324044634
2020-07-30Fix SETOWN_EX return value.Dean Deng
Return on success should be 0, not size of the struct copied out. PiperOrigin-RevId: 324029193
2020-07-30[runtime tests] go language test enhancementAyush Ranjan
- Unexported some passing tests. This will increase the testing surface and will be especially helpful when this is enabled for vfs2. - Run tool tests with -v (verbose output). We only print the output when a test fails so this should not clutter the output. - Run tool tests with "-no-rebuild" flag. - Surround test name with appropriate regex, i.e. ^testname$. This will ensure that only that test is run. Earlier running go_test:os would also run go_test:os/exec, go_test:os/signal, go_test:os/user. This should help speed up the tests as we do not run the same test multiple times anymore. - Updated bugs. Updates #3191 PiperOrigin-RevId: 324028878
2020-07-30Update call in Node benchmark.Zach Koopmans
PiperOrigin-RevId: 324028183
2020-07-30Override the test timeout for runtimes.Adin Scannell
PiperOrigin-RevId: 324026021
2020-07-30Fix merge flow for Go branch.Adin Scannell
PiperOrigin-RevId: 324024075
2020-07-30Drop complex awk step.Adin Scannell
PiperOrigin-RevId: 324023425
2020-07-30Double the number of jobs used by RBE.Adin Scannell
PiperOrigin-RevId: 324022546
2020-07-30Disable consistently failing test.Adin Scannell
PiperOrigin-RevId: 324017310
2020-07-29Force registration for EPOLLHUP, not EPOLLRDHUP, in vfs2's epoll.Jamie Liu
Compare Linux's fs/eventpoll.c:do_epoll_ctl(). I don't know where EPOLLRDHUP came from. PiperOrigin-RevId: 323874419
2020-07-29Port fio benchmarkZach Koopmans
PiperOrigin-RevId: 323810654
2020-07-29Port node benchmark.Zach Koopmans
PiperOrigin-RevId: 323810235
2020-07-29Test UDP socket bound to ANY can receive unicastJay Zhuang
PiperOrigin-RevId: 323773771
2020-07-28Redirect TODO to GitHub issuesFabricio Voznika
PiperOrigin-RevId: 323715260
2020-07-28Merge pull request #3025 from kevinGC:ipv6-iptables-testing2gVisor bot
PiperOrigin-RevId: 323692144
2020-07-28Delete unused script.Adin Scannell
PiperOrigin-RevId: 323676189
2020-07-28Add MIT license to top-level LICENSE file.Adin Scannell
This is needed for e.g. pkg/safecopy/memcpy_amd64.s. PiperOrigin-RevId: 323673052
2020-07-28Use the appropriate remote configuration.Adin Scannell
PiperOrigin-RevId: 323646156
2020-07-28Merge pull request #3102 from stripe:andrew/cgroup-eintrgVisor bot
PiperOrigin-RevId: 323638518
2020-07-28Port tensorflow benchmark.Zach Koopmans
PiperOrigin-RevId: 323633737
2020-07-28[Runtime Tests] Exclude flaky/failing testsAyush Ranjan
PiperOrigin-RevId: 323632510
2020-07-28ip6tables testingKevin Krakauer
We skip gVisor tests for now, as ip6tables aren't yet implemented.
2020-07-28Don't attempt to use the secret if it does not exist.Adin Scannell
Fixes #3326 PiperOrigin-RevId: 323589669
2020-07-28More test cases on receiving UDP mcast/bcastJay Zhuang
PiperOrigin-RevId: 323553832
2020-07-27Merge pull request #2797 from Rajpratik71:optimization/pip-no-cachegVisor bot
PiperOrigin-RevId: 323508910
2020-07-27Fix for gvisor-builder image.Bhasker Hariharan
As it happens gvisor/tools/bazel.mk:88 useradd --uid $(UID) --non-unique --no-create-home \ adds the user-id to /var/log/lastlog which happens to be a sparse file except Go's tar support can't handle sparse files so it actually tries to allocate the file to seek to the end causing the VM to run out of disk space. See: https://github.com/moby/moby/issues/5419#issuecomment-193876183 The fix is to pass -l to useradd to prevent it from trying to add to lastlog. Fixes #3397 PiperOrigin-RevId: 323492591
2020-07-27Fix strace for epoll event arrays.Jamie Liu
PiperOrigin-RevId: 323491461
2020-07-27Merge pull request #3201 from lubinszARM:pr_sys64_2gVisor bot
PiperOrigin-RevId: 323456118
2020-07-27Merge pull request #3299 from lubinszARM:pr_asidgVisor bot
PiperOrigin-RevId: 323455097
2020-07-27Enable RBE for standard-tests.Adin Scannell
PiperOrigin-RevId: 323454998
2020-07-27Add ability to send unicast ARP requests and Neighbor SolicitationsSam Balana
The previous implementation of LinkAddressRequest only supported sending broadcast ARP requests and multicast Neighbor Solicitations. The ability to send these packets as unicast is required for Neighbor Unreachability Detection. Tests: pkg/tcpip/network/arp:arp_test - TestLinkAddressRequest pkg/tcpip/network/ipv6:ipv6_test - TestLinkAddressRequest Updates #1889 Updates #1894 Updates #1895 Updates #1947 Updates #1948 Updates #1949 Updates #1950 PiperOrigin-RevId: 323451569
2020-07-27Fix memory accounting in TCP pending segment queue.Bhasker Hariharan
TCP now tracks the overhead of the segment structure itself in it's out-of-order queue (pending). This is required to ensure that a malicious sender sending 1 byte out-of-order segments cannot queue like 1000's of segments which bloat up memory usage. We also reduce the default receive window to 32KB. With TCP moderation there is no need to keep this window at 1MB which means that for new connections the default out-of-order queue will be small unless the application actually reads the data that is being sent. This prevents a sender from just maliciously filling up pending buf with lots of tiny out-of-order segments. PiperOrigin-RevId: 323450913
2020-07-27Merge pull request #2958 from lubinszARM:pr_vfs2_1gVisor bot
PiperOrigin-RevId: 323443142
2020-07-27Add device implementation for /dev/fuseRidwan Sharif
This PR adds the following: - [x] Marshall-able structs for fuse headers - [x] Data structures needed in /dev/fuse to communicate with the daemon server - [x] Implementation of the device interface - [x] Go unit tests This change adds the `/dev/fuse` implementation. `Connection` controls the communication between the server and the sentry. The FUSE server uses the `FileDescription` interface to interact with the Sentry. The Sentry implmenetation of fusefs, uses `Connection` and the Connection interface to interact with the Server. All communication messages are in the form of `go_marshal` backed structs defined in the ABI package. This change also adds some go unit tests that test (pretty basically) the interfaces and should be used as an example of an end to end FUSE operation. COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/3083 from ridwanmsharif:ridwanmsharif/fuse-device-impl 69aa2ce970004938fe9f918168dfe57636ab856e PiperOrigin-RevId: 323428180
2020-07-27Fix when FUSE tests need to be skipped due to sentry configuration.Rahat Mahmood
PiperOrigin-RevId: 323426851
2020-07-27Merge pull request #3371 from kevinGC:ipt-tests-udp-fastergVisor bot
PiperOrigin-RevId: 323426155
2020-07-27Move platform.File in memmapAndrei Vagin
The subsequent systrap changes will need to import memmap from the platform package. PiperOrigin-RevId: 323409486
2020-07-27Merge pull request #3377 from kevinGC:native-tagsgVisor bot
PiperOrigin-RevId: 323398518
2020-07-27Clean-up bazel wrapper.Adin Scannell
The bazel server was being started as the wrong user, leading to issues where the container would suddenly exit during a build. We can also simplify the waiting logic by starting the container in two separate steps: those that must complete first, then the asynchronous bit. PiperOrigin-RevId: 323391161
2020-07-27Port ffmpeg benchmarkZach Koopmans
PiperOrigin-RevId: 323383320
2020-07-27Port redis benchmarkZach Koopmans
PiperOrigin-RevId: 323381964
2020-07-27Ask for *testing.T instead of storing itJay Zhuang
Storing *testing.T on test helper structs is problematic when subtests are used, because it is possible for nested tests to call Fatal on parent test, which incorrect terminates the parent test. For example func TestOuter(t *testing.T) { dut := NewDUT(t) t.Run("first test", func(t *testing.T) { dut.FallibleCall() }) t.Run("second test", func(t *testing.T) { dut.FallibleCall() } } In the example above, assuming `FallibleCall` calls `t.Fatal` on the `t` it holds, if `dut.FallibleCall` fails in "first test", it will call `Fatal` on the parent `t`, quitting `TestOuter`. This is not a behavior we want. PiperOrigin-RevId: 323350241
2020-07-26Add profiling to dockerutilZach Koopmans
Adds profiling with `runsc debug` or pprof to dockerutil. All targets using dockerutil should now be able to use profiling. In addition, modifies existing benchmarks to use profiling. PiperOrigin-RevId: 323298634