summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-03-15Packetimpact test for ACK to OTW Seq segments behavior in CLOSINGZeling Feng
TCP, in CLOSING state, MUST send an ACK with next expected SEQ number after receiving any segment with OTW SEQ number and remain in the same state. While I am here, I also changed shutdown to behave the same as other calls in posix_server. PiperOrigin-RevId: 362976955
2021-03-15Merge release-20210301.0-51-gb9c2174b0 (automated)gVisor bot
2021-03-14Fix race in tcp_retransmits_testMithun Iyer
The test queries for RTO via TCP_INFO and applies that to the rest of the test. The RTO is estimated by processing incoming ACK. There is a race in the test where we may query for RTO before the incoming ACK was processed. Fix the race in the test by letting the DUT complete a payload receive, thus estimating RTO before proceeding to query the RTO. Bump up the time correction to reduce flakes. PiperOrigin-RevId: 362865904
2021-03-14Merge release-20210301.0-50-gee6b22ca6 (automated)gVisor bot
2021-03-13[perf] Run benchmarks with VFS2.Ayush Ranjan
The run-benchmark target would run the benchmark with VFS1. PiperOrigin-RevId: 362754188
2021-03-12Merge release-20210301.0-49-g337b36e57 (automated)gVisor bot
2021-03-12Add escapes to newlines in syzkaller instructions.Nicolas Lacasse
So they can be copy-pasted. PiperOrigin-RevId: 362605833
2021-03-12Merge release-20210301.0-48-gf04d10bad (automated)gVisor bot
2021-03-12Merge pull request #5663 from avagin:apt-repogVisor bot
PiperOrigin-RevId: 362545342
2021-03-12Merge release-20210301.0-46-gab488702a (automated)gVisor bot
2021-03-11Support ICMP echo sockets on Linux DUTZeling Feng
By default net.ipv4.ping_group_range is set to "1 0" and no one (even the root) can create an ICMP socket. Setting it to "0 0" allows root, which we are inside the container, to create ICMP sockets for packetimpact tests. PiperOrigin-RevId: 362454201
2021-03-11make/release: Sign a package only if it isn't signed yet.Andrei Vagin
We can generate more than one apt repo for the same package. If we will sign a package again, its file will be changed and all hashes that have been generated before will be invalid.
2021-03-12Merge release-20210301.0-45-g002df1306 (automated)gVisor bot
2021-03-11Remove special casing of socket stress testKevin Krakauer
With /proc/sys/net/ipv4/ip_local_port_range implemented, the socket stress test runs in a more normal time and doesn't need to sacrifice coverage to prevent timeouts. PiperOrigin-RevId: 362443366
2021-03-12Merge release-20210301.0-44-g82d7fb2cb (automated)gVisor bot
2021-03-11improve readability of ports packageKevin Krakauer
Lots of small changes: - simplify package API via Reservation type - rename some single-letter variable names that were hard to follow - rename some types PiperOrigin-RevId: 362442366
2021-03-12Merge release-20210301.0-43-g192318a23 (automated)gVisor bot
2021-03-11fusefs: Implement default_permissions and allow_other mount options.Rahat Mahmood
By default, fusefs defers node permission checks to the server. The default_permissions mount option enables the usual unix permission checks based on the node owner and mode bits. Previously fusefs was incorrectly checking permissions unconditionally. Additionally, fusefs should restrict filesystem access to processes started by the mount owner to prevent the fuse daemon from gaining priviledge over other processes. The allow_other mount option overrides this behaviour. Previously fusefs was incorrectly skipping this check. Updates #3229 PiperOrigin-RevId: 362419092
2021-03-12Merge release-20210301.0-42-ga7197c9c6 (automated)gVisor bot
2021-03-11Implement Merkle tree generate tool binaryChong Cai
This binary is used to recursively enable and generate Merkle tree files for all files and directories in a file system from inside a gVisor sandbox. PiperOrigin-RevId: 362418770
2021-03-12Merge release-20210301.0-41-gcda7d5d44 (automated)gVisor bot
2021-03-11Merge pull request #5654 from sethvargo:sethvargo/cancelgVisor bot
PiperOrigin-RevId: 362416183
2021-03-12Merge release-20210301.0-38-gdf64c3a60 (automated)gVisor bot
2021-03-12Merge release-20210301.0-37-gc5667022b (automated)gVisor bot
2021-03-11Clear Merkle tree files in RuntimeEnable modeChong Cai
The Merkle tree files need to be cleared before enabling to avoid redundant content. PiperOrigin-RevId: 362409591
2021-03-11Report filesystem-specific mount options.Rahat Mahmood
PiperOrigin-RevId: 362406813
2021-03-11Major refactor of runsc mitigate.Zach Koopmans
PiperOrigin-RevId: 362360425
2021-03-11Update go.ymlSeth Vargo
2021-03-11Merge release-20210301.0-35-g1020ac83f (automated)gVisor bot
2021-03-11Move Arch specific code to arch specific files.Bhasker Hariharan
PiperOrigin-RevId: 362297474
2021-03-10Merge release-20210301.0-34-ga44dc15bd (automated)gVisor bot
2021-03-10Add a rootfs filesystem to fs benchmarks. Also, fix fio benchmark.Zach Koopmans
The previous "bind" filesystem, already included in go/runsc-benchmarks is a remote re-validate mount. However, the non-re-validate mount was not present, and it has been added in the form of rootfs. Also, fix the fio runs to reads/writes of 10GB as running with --test.benchtime=Xs may scale beyond the memory available to tmpfs mounts on buildkite VMs. Currently, our buildkite pipelines are run on e2-standard-8 machines with 32GB of memory, allowing tmpfs mounts to safely be at least 10GB. PiperOrigin-RevId: 362143620
2021-03-10Improve Actions hygieneSeth Vargo
👋 hello there! I'm a fellow Googler who works on projects that leverage GitHub Actions for CI/CD. Recently I noticed a large increase in our queue time, and I've tracked it down to the [limit of 180 concurrent jobs](https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration) for an organization. To help be better citizens, I'm proposing changes across a few repositories that will reduce GitHub Actions hours and consumption. I hope these changes are reasonable and I'm happy to talk through them in more detail. - (**you were already doing this, thank you!**) Only run GitHub Actions for pushes and PRs against the main branch of the repository. If your team uses a forking model, this change will not affect you. If your team pushes branches to the repository directly, this changes actions to only run against the primary branches or if you open a Pull Request against a primary branch. - For long-running jobs (especially tests), I added the "Cancel previous" workflow. This is very helpful to prevent a large queue backlog when you are doing rapid development and pushing multiple commits. Without this, GitHub Actions' default behavior is to run all actions on all commits. There are other changes you could make, depending on your project (but I'm not an expert): - If you have tests that should only run when a subset of code changes, consider gating your workflow to particular file paths. For example, we have some jobs that do Terraform linting, but [they only run when Terraform files are changed](https://github.com/google/exposure-notifications-verification-server/blob/c4f59fee71042cf668747e599e7c769fca736554/.github/workflows/terraform.yml#L3-L11). Hopefully these changes are not too controversial and also hopefully you can see how this would reduce actions consumption to be good citizens to fellow Googlers. If you have any questions, feel free to respond here or ping me on chat. Thank you!
2021-03-10Merge release-20210301.0-33-g14fc2ddd6 (automated)gVisor bot
2021-03-09Update flock to v0.8.0Fabricio Voznika
PiperOrigin-RevId: 361962416
2021-03-10Merge release-20210301.0-32-ge0e04814b (automated)gVisor bot
2021-03-09Fix invalid interface conversion in runnerFabricio Voznika
panic: interface conversion: interface {} is syscall.WaitStatus, not unix.WaitStatus goroutine 1 [running]: main.runTestCaseNative(0xc0001fc000, 0xe3, 0xc000119b60, 0x1, 0x1, 0x0, 0x0) test/runner/runner.go:185 +0xa94 main.main() test/runner/runner.go:118 +0x745 PiperOrigin-RevId: 361957796
2021-03-10Merge release-20210301.0-31-g2a888a106 (automated)gVisor bot
2021-03-10Merge release-20210301.0-30-g6ef5bdab2 (automated)gVisor bot
2021-03-09Give TCP flags a dedicated typeZeling Feng
- Implement Stringer for it so that we can improve error messages. - Use TCPFlags through the code base. There used to be a mixed usage of byte, uint8 and int as TCP flags. PiperOrigin-RevId: 361940150
2021-03-09Allow reading from PTY into bad buffer to return EAGAIN.Nicolas Lacasse
Kernels after 3b830a9c return EAGAIN in this case. PiperOrigin-RevId: 361936327
2021-03-09Merge release-20210301.0-29-gabbdcebc5 (automated)gVisor bot
2021-03-08Implement /proc/sys/net/ipv4/ip_local_port_rangeKevin Krakauer
Speeds up the socket stress tests by a couple orders of magnitude. PiperOrigin-RevId: 361721050
2021-03-09Merge release-20210301.0-28-g3c4485966 (automated)gVisor bot
2021-03-08Fix proc test flakinessFabricio Voznika
Thread from earlier test can show up in `/proc/self/tasks` while the thread tears down. Account for that when searching for procs for the first time in the test. PiperOrigin-RevId: 361689673
2021-03-09Merge release-20210301.0-27-g8018bf62b (automated)gVisor bot
2021-03-08Internal change.Chong Cai
PiperOrigin-RevId: 361689477
2021-03-08Merge release-20210301.0-26-g333e48976 (automated)gVisor bot
2021-03-08[lisa] Do not generate any tests for dynamic types.Ayush Ranjan
The dynamic type user defines the marshalling logic, so we don't need to test for things like alignment, absence of slices, etc. For dynamic types, the go_marshal generator just generates the missing methods required to implement marshal.Marshallable. PiperOrigin-RevId: 361676311
2021-03-08Merge release-20210301.0-25-g1b9d45dbe (automated)gVisor bot