summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-03-02Plumb link address request errors up to requesterTamir Duberstein
Prevent the situation where callers to (*stack).GetLinkAddress provide incorrect arguments and are unable to observe this condition. Updates #5583. PiperOrigin-RevId: 360481557
2021-03-01tcp: endpoint.Write has to send all data that has been read from payloadAndrei Vagin
io.Reader.ReadFull returns the number of bytes copied and an error if fewer bytes were read. PiperOrigin-RevId: 360247614
2021-02-26Fix panic due to zero length writes in TCP.Bhasker Hariharan
There is a short race where in Write an endpoint can transition from writable to non-writable state due to say an incoming RST during the time we release the endpoint lock and reacquire after copying the payload. In such a case if the write happens to be a zero sized write we end up trying to call sendData() even though nothing was queued. This can panic when trying to enable/disable TCP timers if the endpoint had already transitioned to a CLOSED/ERROR state due to the incoming RST as we cleanup timers when the protocol goroutine terminates. Sadly the race window is small enough that my attempts at reproducing the panic in a syscall test has not been successful. PiperOrigin-RevId: 359887905
2021-02-26Assert UpdatedAtNanos in neighbor entry testsSam Balana
Changes the neighbor_entry_test.go tests to always assert UpdatedAtNanos. This field was historically not checked due to the lack of a deterministic, controllable clock. This is no longer true with the tcpip.Clock interface. While the tests have been adjusted to use Clock, asserting by the UpdatedAtNanos was neglected. Subsequent work is needed to assert UpdatedAtNanos in the neighbor cache tests. Updates #4663 PiperOrigin-RevId: 359868254
2021-02-26Embed sync.Mutex for entryTestLinkResolver and testNUDDispatcherSam Balana
Converts entryTestLinkResolver and testNUDDispatcher to use the embedded sync.Mutex pattern for fields that may be accessed concurrently from different gorountines. Fixes #5541 PiperOrigin-RevId: 359826169
2021-02-26Use helper functions in neighbor entry testsSam Balana
Adds helper functions for transitioning into common states. This reduces the boilerplate by a fair amount, decreasing the barriers to entry for new features added to neighborEntry. PiperOrigin-RevId: 359810465
2021-02-26Use closure to avoid manual unlockingTamir Duberstein
Also increase refcount of raw.endpoint.route while in use. Avoid allocating an array of size zero. PiperOrigin-RevId: 359797788
2021-02-26Emit the errorTamir Duberstein
Without this change, the error produced is quite useless: --- FAIL: TestZeroWindowProbeRetransmit (11.44s) tcp_zero_window_probe_retransmit_test.go:81: expected a probe with sequence number 824638527212: loop 5 FAIL PiperOrigin-RevId: 359796370
2021-02-25RACK: recovery logic should check for receive window before re-transmitting.Nayana Bidari
Use maybeSendSegment while sending segments in RACK recovery which checks if the receiver has space and splits the segments when the segment size is greater than MSS. PiperOrigin-RevId: 359641097
2021-02-25Move SetNonblocking into posix_serverZeling Feng
- open flags can be different on different OSs, by putting SetNonblocking into the posix_server rather than the testbench, we can always get the right value for O_NONBLOCK - merged the tcp_queue_{send,receive}_in_syn_sent into a single file PiperOrigin-RevId: 359620630
2021-02-25Remove deadlock in raw.endpoint caused by recursive read lockingKevin Krakauer
Prevents the following deadlock: - Raw packet is sent via e.Write(), which read locks e.mu - Connect() is called, blocking on write locking e.mu - The packet is routed to loopback and back to e.HandlePacket(), which read locks e.mu Per the atomic.RWMutex documentation, this deadlocks: "If a goroutine holds a RWMutex for reading and another goroutine might call Lock, no goroutine should expect to be able to acquire a read lock until the initial read lock is released. In particular, this prohibits recursive read locking. This is to ensure that the lock eventually becomes available; a blocked Lock call excludes new readers from acquiring the lock." Also, release eps.mu earlier in deliverRawPacket. PiperOrigin-RevId: 359600926
2021-02-25Implement SEM_STAT_ANY cmd of semctl.Jing Chen
PiperOrigin-RevId: 359591577
2021-02-25Strip all non-numeric characters from version.Adin Scannell
This will fix debian packaging. Updates #5510 PiperOrigin-RevId: 359563378
2021-02-24Use sync.Gate in p9.connState.Jamie Liu
sync.WaitGroup.Add(positive delta) is illegal if the WaitGroup counter is zero and WaitGroup.Wait() may be called concurrently. This is problematic for p9.connState.pendingWg, which counts inflight requests (so transitions from zero are normal) and is waited-upon when receiving from the underlying Unix domain socket returns an error, e.g. during connection shutdown. (Even if the socket has been closed, new requests can still be concurrently received via flipcall channels.) PiperOrigin-RevId: 359416057
2021-02-24Validate MLD packetsArthur Sfez
Fixes #5490 PiperOrigin-RevId: 359401532
2021-02-24Kernfs should not try to rename a file to itself.Nicolas Lacasse
One precondition of VFS.PrepareRenameAt is that the `from` and `to` dentries are not the same. Kernfs was not checking this, which could lead to a deadlock. PiperOrigin-RevId: 359385974
2021-02-24Use mapped device number + topmost inode number for all files in VFS2 overlay.Jamie Liu
Before this CL, VFS2's overlayfs uses a single private device number and an autoincrementing generated inode number for directories; this is consistent with Linux's overlayfs in the non-samefs non-xino case. However, this breaks some applications more consistently than on Linux due to more aggressive caching of Linux overlayfs dentries. Switch from using mapped device numbers + the topmost layer's inode number for just non-copied-up non-directory files, to doing so for all files. This still allows directory dev/ino numbers to change across copy-up, but otherwise keeps them consistent. Fixes #5545: ``` $ docker run --runtime=runsc-vfs2-overlay --rm ubuntu:focal bash -c "mkdir -p 1/2/3/4/5/6/7/8 && rm -rf 1 && echo done" done ``` PiperOrigin-RevId: 359350716
2021-02-24Cleanup temp SLAAC address jobs on DAD conflictsGhanan Gowripalan
Previously, when DAD would detect a conflict for a temporary address, the address would be removed but its timers would not be stopped, resulting in a panic when the removed address's invalidation timer fired. While I'm here, remove the check for unicast-ness on removed address endpoints since multicast addresses are no longer stored in the same structure as unicast addresses as of 27ee4fe76ad586ac8751951a842b3681f93. Test: stack_test.TestMixedSLAACAddrConflictRegen PiperOrigin-RevId: 359344849
2021-02-24Move //pkg/gate.Gate to //pkg/sync.Jamie Liu
- Use atomic add rather than CAS in every Gate method, which is slightly faster in most cases. - Implement Close wakeup using gopark/goready to avoid channel allocation. New benchmarks: name old time/op new time/op delta GateEnterLeave-12 16.7ns ± 1% 10.3ns ± 1% -38.44% (p=0.000 n=9+8) GateClose-12 50.2ns ± 8% 42.4ns ± 6% -15.44% (p=0.000 n=10+10) GateEnterLeaveAsyncClose-12 972ns ± 2% 640ns ± 7% -34.15% (p=0.000 n=9+10) PiperOrigin-RevId: 359336344
2021-02-24Merge pull request #5519 from dqminh:runsc-ps-pidsgVisor bot
PiperOrigin-RevId: 359334029
2021-02-24runsc/filters: permit clock_nanosleep for raceAndrei Vagin
Syzkaller hosts contains many audit messages that runsc tries to call the clock_nanosleep syscall. PiperOrigin-RevId: 359331413
2021-02-24return root pids with runsc psDaniel Dao
`runsc ps` currently return pid for a task's immediate pid namespace, which is confusing when there're multiple pid namespaces. We should return only pids in the root namespace. Before: ``` 1000 1 0 0 ? 02:24 250ms chrome 1000 1 0 0 ? 02:24 40ms dumb-init 1000 1 0 0 ? 02:24 240ms chrome 1000 2 1 0 ? 02:24 2.78s node ``` After: ``` UID PID PPID C TTY STIME TIME CMD 1000 1 0 0 ? 12:35 0s dumb-init 1000 2 1 7 ? 12:35 240ms node 1000 13 2 21 ? 12:35 2.33s chrome 1000 27 13 3 ? 12:35 260ms chrome ``` Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
2021-02-24Add YAMA security module restrictions on ptrace(2).Dean Deng
Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723
2021-02-24Use async task context for async IO.Dean Deng
PiperOrigin-RevId: 359235699
2021-02-22Only detect mds for mitigate.Zach Koopmans
Only detect and mitigate on mds for the mitigate command. PiperOrigin-RevId: 358924466
2021-02-22Return nicer error message when cgroups v1 isn't availableFabricio Voznika
Updates #3481 Closes #5430 PiperOrigin-RevId: 358923208
2021-02-22Internal change.gVisor bot
PiperOrigin-RevId: 358890980
2021-02-22unix: sendmmsg and recvmsg have to cap a number of message to UIO_MAXIOVAndrei Vagin
Reported-by: syzbot+f2489ba0b999a45d1ad1@syzkaller.appspotmail.com PiperOrigin-RevId: 358866218
2021-02-22Fix `runsc kill --pid`Fabricio Voznika
Previously, loader.signalProcess was inconsitently using both root and container's PID namespace to find the process. It used root namespace for the exec'd process and container's PID namespace for other processes. This fixes the code to use the root PID namespace across the board, which is the same PID reported in `runsc ps` (or soon will after https://github.com/google/gvisor/pull/5519). PiperOrigin-RevId: 358836297
2021-02-19Don't hold baseEndpoint.mu while calling EventUpdate().Nicolas Lacasse
This removes a three-lock deadlock between fdnotifier.notifier.mu, epoll.EventPoll.listsMu, and baseEndpoint.mu. A lock order comment was added to epoll/epoll.go. Also fix unsafe access of baseEndpoint.connected/receiver. PiperOrigin-RevId: 358515191
2021-02-19Correctly set and respect b.N in fio benchmark.Zach Koopmans
fio should scale by written/read bytes and not iterate runs of the fio container. PiperOrigin-RevId: 358511771
2021-02-19control.Proc.Exec should default to root pid namespace if none provided.Nicolas Lacasse
PiperOrigin-RevId: 358445320
2021-02-19Add a few more project ideas to the gsoc 2021 listRahat Mahmood
PiperOrigin-RevId: 358354414
2021-02-18Make socketops reflect correct sndbuf value for host UDS.Bhasker Hariharan
Also skips a test if the setsockopt to increase send buffer did not result in an increase. This is possible when the underlying socket is a host backed unix domain socket as in such cases gVisor does not permit increasing SO_SNDBUF. PiperOrigin-RevId: 358285158
2021-02-18Bump build constraints to Go 1.18Michael Pratt
These are bumped to allow early testing of Go 1.17. Use will be audited closer to the 1.17 release. PiperOrigin-RevId: 358278615
2021-02-18Make b.N increase by KB not bytes on iperf.Zach Koopmans
Currently, iperf runs a client that scales by bytes sent. In practice, this causes b.N to scale slowly and have several short lived containers. Instead, scale by KB to more quickly reach required time. PiperOrigin-RevId: 358244926
2021-02-18Validate IGMP packetsArthur Sfez
This change also adds support for Router Alert option processing on incoming packets, a new stat for Router Alert option, and exports all the IP-option related stats. Fixes #5491 PiperOrigin-RevId: 358238123
2021-02-18Use standard want/got syntax in test errorsTamir Duberstein
Remove unused argument while I'm here and avoid returning syscall.Errno(0) which should rather be a nil error. PiperOrigin-RevId: 358227396
2021-02-18Remove deprecated NUD types Failed and FailedEntryLookupsSam Balana
Completes the soft migration to Unreachable state by removing the Failed state and the the FailedEntryLookups StatCounter. Fixes #4667 PiperOrigin-RevId: 358226380
2021-02-18Remove side effect from pty testsFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 358207468
2021-02-17Deflake tcp_network_unreachable testZeling Feng
Previously, we make two connect attempts. If the first attempt is still on going when the second attempt is made, the test will fail. This change deflakes the situation by not making the second attempt, instead, we poll for the first attempt's completion and read the errno from SO_ERROR. PiperOrigin-RevId: 358104769
2021-02-17[infra] Update JDK11 version for java runtime tests.Ayush Ranjan
PiperOrigin-RevId: 358085809
2021-02-17Move Name() out of netstack Matcher. It can live in the sentry.Kevin Krakauer
PiperOrigin-RevId: 358078157
2021-02-17Add gohacks.Slice/StringHeader.Jamie Liu
See https://github.com/golang/go/issues/19367 for rationale. Note that the upstream decision arrived at in that thread, while useful for some of our use cases, doesn't account for all of our SliceHeader use cases (we often use SliceHeader to extract pointers from slices in a way that avoids bounds checking and/or handles nil slices correctly) and also doesn't exist yet. PiperOrigin-RevId: 358071574
2021-02-17Check for directory emptiness in VFS1 overlay rmdir().Jamie Liu
Note that this CL reorders overlayEntry.copyMu before overlayEntry.dirCacheMu in the overlayFileOperations.IterateDir() => readdirEntries() path - but this lock ordering is already required by overlayRemove/Bind() => overlayEntry.markDirectoryDirty(), so this actually just fixes an inconsistency. PiperOrigin-RevId: 358047121
2021-02-17Use TCP_INFO to get RTO in tcp_retransmits_testNayana Bidari
- TCP_INFO is used to get the RTO instead of calculating it manually. PiperOrigin-RevId: 358032487
2021-02-17Clean up test styleTamir Duberstein
- Wrap comments at 80 columns - Avoid duplicating the number of retries (5) - Reduce indentation - Use (*testing.T).Fatal rather than (*testing.T).Fatalf PiperOrigin-RevId: 358017412
2021-02-17[infra] Split tcpip/integration test targets to aid investigation.Ayush Ranjan
tcpip integration tests have been flaky lately. They usually run in 20 seconds and have a 60 seconds timeout. Sometimes they timeout which could be due to a bug or deadlock. To further investigate it might be helpful to split the targets and see which test is causing the flake. Added a new tcpip/tests/utils package to hold all common utilities across all tests. PiperOrigin-RevId: 358012936
2021-02-17Deflake //test/iptables:iptables_testKevin Krakauer
We were opening dual-stack sockets, but tests only set iptables rules for a single network protocol. Thus, packets (probably sent by previous tests) could sneak in and break tests. Tested with: bazel test ///test/iptables:iptables_test --test_arg=--runtime=runsc --nocache_test_results --test_output=errors --runs_per_test=1000 --test_filter=TestFilterInputDropUDP PiperOrigin-RevId: 357972385
2021-02-12Stop the control server only once.Adin Scannell
Operations are now shut down automatically by the main Stop command, and it is not necessary to call Stop during Destroy. Fixes #5454 PiperOrigin-RevId: 357295930