summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-09-30arm64 kvm: add a test case for kernel-tls checkingBin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-09-29Stop depending on go_binary targets.Adin Scannell
Closes #3374 PiperOrigin-RevId: 334505627
2020-09-29Replace remaining uses of reflection-based marshalling.Rahat Mahmood
- Rewrite arch.Stack.{Push,Pop}. For the most part, stack now implements marshal.CopyContext and can be used as the target of marshal operations. Stack.Push had some extra logic for automatically null-terminating slices. This was only used for two specific types of slices, and is now handled explicitly. - Delete usermem.CopyObject{In,Out}. - Replace most remaining uses of the encoding/binary package with go-marshal. Most of these were using the binary package to compute the size of a struct, which go-marshal can directly replace. ~3 uses of the binary package remain. These aren't reasonably replaceable by go-marshal: for example one use is to construct the syscall trampoline for systrap. - Fill out remaining convenience wrappers in the primitive package. PiperOrigin-RevId: 334502375
2020-09-29go-marshal tests should respect build tags.Rahat Mahmood
Previously, the go-marshal-generated tests did not respect build tags. This can cause the test to unbuildable under some build configurations, as the original types the tests refer to may not be defined. This CL copies the build tags from the input files to the test, similar to the generated library; however test packages have an additional constraint. A test package cannot be totally empty (i.e. have no test/example/benchmark defined), otherwise the go compiler returns an error. To ensure the generated test package always contains a testable entity under all build configurations, we now emit an extra test file with no build tags that contains a single no-op example. PiperOrigin-RevId: 334496821
2020-09-29Don't allow broadcast/multicast source addressGhanan Gowripalan
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and multicast addresses are not allowed. Currently checks for these are done at the transport layer, but since it is explicitly forbidden at the IP layers, check for them there. This change also removes the UDP.InvalidSourceAddress stat since there is no longer a need for it. Test: ip_test.TestSourceAddressValidation PiperOrigin-RevId: 334490971
2020-09-29Add /proc/[pid]/cwdFabricio Voznika
PiperOrigin-RevId: 334478850
2020-09-29iptables: refactor to make targets extendableKevin Krakauer
Like matchers, targets should use a module-like register/lookup system. This replaces the brittle switch statements we had before. The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it much easier to add IPv6 redirect in the next change. Updates #3549. PiperOrigin-RevId: 334469418
2020-09-29Don't generate link-local IPv6 for loopbackGhanan Gowripalan
Linux doesn't generate a link-local address for the loopback interface. Test: integration_test.TestInitialLoopbackAddresses PiperOrigin-RevId: 334453182
2020-09-29Add nogo check annotations to GitHub.Adin Scannell
When nogo checks are violated, they will automatically posted as annotations on the specific GitHub commit. This allows us to ensure analysis & style rules and have them called out. PiperOrigin-RevId: 334447285
2020-09-29Support embedded fields in go-marshal.Rahat Mahmood
PiperOrigin-RevId: 334437990
2020-09-29Merge pull request #3875 from btw616:fix/issue-3874gVisor bot
PiperOrigin-RevId: 334428344
2020-09-29Discard IP fragments as soon as it expiresToshi Kikuchi
Currently expired IP fragments are discarded only if another fragment for the same IP datagram is received after timeout or the total size of the fragment queue exceeded a predefined value. Test: fragmentation.TestReassemblingTimeout Fixes #3960 PiperOrigin-RevId: 334423710
2020-09-29Migrates uses of deprecated map types to recommended types.gVisor bot
PiperOrigin-RevId: 334419854
2020-09-29Trim Network/Transport Endpoint/ProtocolGhanan Gowripalan
* Remove Capabilities and NICID methods from NetworkEndpoint. * Remove linkEP and stack parameters from NetworkProtocol.NewEndpoint. The LinkEndpoint can be fetched from the NetworkInterface. The stack is passed to the NetworkProtocol when it is created so the NetworkEndpoint can get it from its protocol. * Remove stack parameter from TransportProtocol.NewEndpoint. Like the NetworkProtocol/Endpoint, the stack is passed to the TransportProtocol when it is created. PiperOrigin-RevId: 334332721
2020-09-29Move IP state from NIC to NetworkEndpoint/ProtocolGhanan Gowripalan
* Add network address to network endpoints. Hold network-specific state in the NetworkEndpoint instead of the stack. This results in the stack no longer needing to "know" about the network endpoints and special case certain work for various endpoints (e.g. IPv6 DAD). * Provide NetworkEndpoints with an NetworkInterface interface. Instead of just passing the NIC ID of a NIC, pass an interface so the network endpoint may query other information about the NIC such as whether or not it is a loopback device. * Move NDP code and state to the IPv6 package. NDP is IPv6 specific so there is no need for it to live in the stack. * Control forwarding through NetworkProtocols instead of Stack Forwarding should be controlled on a per-network protocol basis so forwarding configurations are now controlled through network protocols. * Remove stack.referencedNetworkEndpoint. Now that addresses are exposed via AddressEndpoint and only one NetworkEndpoint is created per interface, there is no need for a referenced NetworkEndpoint. * Assume network teardown methods are infallible. Fixes #3871, #3916 PiperOrigin-RevId: 334319433
2020-09-28Fix 1 zero window advertisement bug and a TCP test flake.Bhasker Hariharan
In TestReceiveBufferAutoTuning we now send a keep-alive packet to measure the current window rather than a 1 byte segment as the returned window value in the latter case is reduced due to the 1 byte segment now being held in the receive buffer and can cause the test to flake if the segment overheads were to change. In getSendParams in rcv.go we were advertising a non-zero window even if available window space was zero after we received the previous segment. In such a case newWnd and curWnd will be the same and we end up advertising a tiny but non-zero window and this can cause the next segment to be dropped. PiperOrigin-RevId: 334314070
2020-09-28Don't leak dentries returned by sockfs.NewDentry().Jamie Liu
PiperOrigin-RevId: 334263322
2020-09-28Fix lingering of TCP socket in the initial state.Nayana Bidari
When the socket is set with SO_LINGER and close()'d in the initial state, it should not linger and return immediately. PiperOrigin-RevId: 334263149
2020-09-28Support creating protocol instances with Stack refGhanan Gowripalan
Network or transport protocols may want to reach the stack. Support this by letting the stack create the protocol instances so it can pass a reference to itself at protocol creation time. Note, protocols do not yet use the stack in this CL but later CLs will make use of the stack from protocols. PiperOrigin-RevId: 334260210
2020-09-28Support inotify in overlayfs.Dean Deng
Fixes #1479, #317. PiperOrigin-RevId: 334258052
2020-09-27Fix kernfs race condition.Dean Deng
Do not release dirMu between checking whether to create a child and actually inserting it. Also fixes a bug in fusefs which was causing it to deadlock under the new lock ordering. We do not need to call kernfs.Dentry.InsertChild from newEntry because it will always be called at the kernfs filesystem layer. Updates #1193. PiperOrigin-RevId: 334049264
2020-09-27Clean up kcov.Dean Deng
Previously, we did not check the kcov mode when performing task work. As a result, disabling kcov did not do anything. Also avoid expensive atomic RMW when consuming coverage data. We don't need the swap if the value is already zero (which is most of the time), and it is ok if there are slight inconsistencies due to a race between coverage data generation (incrementing the value) and consumption (reading a nonzero value and writing zero). PiperOrigin-RevId: 334049207
2020-09-26Remove generic ICMP errorsGhanan Gowripalan
Generic ICMP errors were required because the transport dispatcher was given the responsibility of sending ICMP errors in response to transport packet delivery failures. Instead, the transport dispatcher should let network layer know it failed to deliver a packet (and why) and let the network layer make the decision as to what error to send (if any). Fixes #4068 PiperOrigin-RevId: 333962333
2020-09-25Add openat() to list of permitted syscalls in gotsan runs.Bhasker Hariharan
PiperOrigin-RevId: 333853498
2020-09-25Disable flaky java11 tests.Jamie Liu
Regarding ThreadCpuTimeArray.java: The test starts 10 threads, each of which does some computation, then blocks. When all threads are blocked, the test sleeps for 200ms, then checks that less than 100ns of CPU time in userspace elapse over the course of the sleep; AFAICT, the 100ns of slop is because a thread indicates that it's in the WAITING state before it actually blocks, and because signals can cause threads to be temporarily woken. gVisor's CPU clocks have a granularity of 10ms (the interval of Kernel.cpuClockTicker is //pkg/abi/linux.ClockTick), so a single tick pushes the test over the threshold. PiperOrigin-RevId: 333830287
2020-09-25Merge pull request #4077 from zhlhahaha:1973gVisor bot
PiperOrigin-RevId: 333805533
2020-09-25fix seccomp test for ARM64Howard Zhang
As open syscall is not support on ARM64, change syscall from 'open' to 'openat' in no_match_name_allow Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2020-09-25fix TestUserLog for multi-archHoward Zhang
based on arch, apply different syscall number for sched_rr_get_interval Signed-off-by: Howard Zhang <howard.zhang@arm.com>
2020-09-24Merge pull request #4018 from didier-durand:patch-1gVisor bot
PiperOrigin-RevId: 333611788
2020-09-24Remove useless endpoint constructionTamir Duberstein
PiperOrigin-RevId: 333591566
2020-09-24[vfs] kernfs: Do not hold reference on the inode when opening FD.Ayush Ranjan
The FD should hold a reference on the dentry they were opened on which in turn holds a reference on the inode it points to. PiperOrigin-RevId: 333589223
2020-09-24Merge pull request #4019 from didier-durand:patch-2gVisor bot
PiperOrigin-RevId: 333588387
2020-09-24Correct FS_IOC_GETFLAGS valueChong Cai
The previous value was for unix PiperOrigin-RevId: 333571962
2020-09-24[vfs] [2/2] kernfs: kernfs: Internally use kernfs.Dentry instead of vfs.Dentry.Ayush Ranjan
Update signatures for: - All methods in inodeDirectory - deferDecRef() and Filesystem.droppedDentries - newSyntheticDirectory() - `slot`s used in OrderedChildren and subsequent methods like replaceChildLocked() and checkExistingLocked() - stepExistingLocked(), walkParentDirLocked(), checkCreateLocked() Updates #1193 PiperOrigin-RevId: 333558866
2020-09-24Fix Nginx Startup and Size Benchmarks.Zach Koopmans
Changes in Nginx Benchmarks in network_tests also affect Startup/Size Nginx Benchmarks. Make sure the commands line up. PiperOrigin-RevId: 333543697
2020-09-24Add basic stateify annotations.Adin Scannell
Updates #1663 PiperOrigin-RevId: 333539293
2020-09-24Change segment/pending queue to use receive buffer limits.Bhasker Hariharan
segment_queue today has its own standalone limit of MaxUnprocessedSegments but this can be a problem in UnlockUser() we do not release the lock till there are segments to be processed. What can happen is as handleSegments dequeues packets more keep getting queued and we will never release the lock. This can keep happening even if the receive buffer is full because nothing can read() till we release the lock. Further having a separate limit for pending segments makes it harder to track memory usage etc. Unifying the limits makes it easier to reason about memory in use and makes the overall buffer behaviour more consistent. PiperOrigin-RevId: 333508122
2020-09-24test/syscall/mknod: Don't use a hard-coded file nameAndrei Vagin
PiperOrigin-RevId: 333461380
2020-09-23Merge pull request #4071 from avagin:travisgVisor bot
PiperOrigin-RevId: 333454489
2020-09-23fuse: don't call dentry.InsertChildAndrei Vagin
It is called from the kernfs code (OpenAt and revalidateChildLocked()). For RemoveChildLocked, it is opposed. We need to call it from fuse.RmDir and fuse.Unlink. PiperOrigin-RevId: 333453218
2020-09-24Fix socket record leak in VFS2Tiwei Bie
VFS2 socket record is not removed from the system-wide socket table when the socket is released, which will lead to a memory leak. This patch fixes this issue. Fixes: #3874 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2020-09-24Rename kernel.SocketEntry to kernel.SocketRecordTiwei Bie
SocketEntry can be confusing with the template types as the 'Entry' is usually used as a suffix for list element types, e.g. socketEntry in the same package. Suggested by Dean (@dean-deng). Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2020-09-23Clean up inotify tests.Dean Deng
Mostly simplifies SKIP_IF statements and adds some more documentation. Also, mknod is now supported by gofer fs, so remove SKIP_IFs related to this. PiperOrigin-RevId: 333449932
2020-09-23Add more descriptive comments on mount options.Dean Deng
PiperOrigin-RevId: 333447255
2020-09-23make: specify /dev/null for the tail toolAndrei Vagin
2020-09-23[vfs] kernfs: Enable leak checking consistently.Ayush Ranjan
There were some instances where we were not enabling leak checking. PiperOrigin-RevId: 333418571
2020-09-23Let underlying fs handle LockFD in verity fsChong Cai
PiperOrigin-RevId: 333412836
2020-09-23Remove unused scripts.Ayush Ranjan
PiperOrigin-RevId: 333408633
2020-09-23Remove unused field from neighborEntryGhanan Gowripalan
PiperOrigin-RevId: 333405169
2020-09-23Set verity underlying fs mount as internalChong Cai
PiperOrigin-RevId: 333404727