summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-08-23Second try at flaky futex test.Zach Koopmans
The flake had the call to futex_unlock_pi() returning EINVAL with the FUTEX_OWNER_DIED set. In this case, userspace has to clean up stale state. So instead of calling FUTEX_UNLOCK_PI outright, we'll use the advised atomic compare_exchange as advised in the man page. PiperOrigin-RevId: 265163920
2019-08-23Implement fmt.Stringer on Route by valueTamir Duberstein
This is more convenient, since it implements the interface for both value and pointer. PiperOrigin-RevId: 265086510
2019-08-22Log message sent before logging is setupFabricio Voznika
Moved log message to after the log options have been read and log setup. PiperOrigin-RevId: 264964171
2019-08-22Ensure yield-equivalent with an already-expired timeout.Adin Scannell
PiperOrigin-RevId: 264920977
2019-08-22test: set shard_count to 5 by defaultAndrei Vagin
In cl/264434674 and cl/264498919, we stop running test cases in parallel to not overload test hosts. But now tests requires more time to run, so we need to increase a default number of shards or a default test timeout. Let's start with increasing the number of shards and see how it will works. PiperOrigin-RevId: 264917055
2019-08-22Send sandbox log to test logFabricio Voznika
This used to be the case, but when --alsologtostderr was added, it stopped logging. PiperOrigin-RevId: 264905640
2019-08-22Remove ASSERT from fork childMichael Pratt
The gunit macros are not safe to use in the child. PiperOrigin-RevId: 264904348
2019-08-21Support binding to multicast and broadcast addressesChris Kuiper
This fixes the issue of not being able to bind to either a multicast or broadcast address as well as to send and receive data from it. The way to solve this is to treat these addresses similar to the ANY address and register their transport endpoint ID with the global stack's demuxer rather than the NIC's. That way there is no need to require an endpoint with that multicast or broadcast address. The stack's demuxer is in fact the only correct one to use, because neither broadcast- nor multicast-bound sockets care which NIC a packet was received on (for multicast a join is still needed to receive packets on a NIC). I also took the liberty of refactoring udp_test.go to consolidate a lot of duplicate code and make it easier to create repetitive tests that test the same feature for a variety of packet and socket types. For this purpose I created a "flowType" that represents two things: 1) the type of packet being sent or received and 2) the type of socket used for the test. E.g., a "multicastV4in6" flow represents a V4-mapped multicast packet run through a V6-dual socket. This allows writing significantly simpler tests. A nice example is testTTL(). PiperOrigin-RevId: 264766909
2019-08-21tests: retry connect if it fails with EINTRAndrei Vagin
test/syscalls/linux/proc_net_tcp.cc:252: Failure Value of: connect(client->get(), &addr, addrlen) Expected: not -1 (success) Actual: -1 (of type int), with errno PosixError(errno=4 Interrupted system call) PiperOrigin-RevId: 264743815
2019-08-21Use tcpip.Subnet in tcpip.RouteTamir Duberstein
This is the first step in replacing some of the redundant types with the standard library equivalents. PiperOrigin-RevId: 264706552
2019-08-20Add tcpip.Route.String and tcpip.AddressMask.PrefixChris Kuiper
PiperOrigin-RevId: 264544163
2019-08-20test: reset a signal handler before closing a signal channelAndrei Vagin
goroutine 5 [running]: os/signal.process(0x10e21c0, 0xc00050c280) third_party/go/gc/src/os/signal/signal.go:227 +0x164 os/signal.loop() third_party/go/gc/src/os/signal/signal_unix.go:23 +0x3e created by os/signal.init.0 third_party/go/gc/src/os/signal/signal_unix.go:29 +0x41 PiperOrigin-RevId: 264518530
2019-08-20Don't run runtime tests in parallel.Nicolas Lacasse
We need real sharding, and will let Bazel handle the parallelization. That is coming soon. Until then, remove this call to t.Parallel() so that we can run the tests without eating all CPU. PiperOrigin-RevId: 264498919
2019-08-20Add tests for raw AF_PACKET sockets.Kevin Krakauer
PiperOrigin-RevId: 264494359
2019-08-20Fix flaky futex test.Zach Koopmans
The test is long running (175128 ms or so) which causes timeouts. The test simply makes sure that private futexes can acquire locks concurrently. Dropping current threads and increasing the number of locks each thread tests the same concurrency concerns but drops execution time to ~1411 ms. PiperOrigin-RevId: 264476144
2019-08-20tests: syscall_test_runner should not run tests in parallelAndrei Vagin
bazel runs a few instances of syscall_test_runner in parallel and then syscall_test_runner runs test cases in parallel. It might be a reason why we see that test hosts are overloaded and sandboxes start slowly. It should be better to control how many tests are running in parallel from one place, so let's try to disable this feature in syscall_test_runner. PiperOrigin-RevId: 264434674
2019-08-19Document RWF_HIPRI not implemented for preadv2/pwritev2.Zach Koopmans
Document limitation of no reasonable implementation for RWF_HIPRI flag (High Priority Read/Write for block-based file systems). PiperOrigin-RevId: 264237589
2019-08-19Internal change.gVisor bot
PiperOrigin-RevId: 264218306
2019-08-19hostinet: fix parsing route netlink messageJianfeng Tan
We wrongly parses output interface as gateway address. The fix is straightforward. Fixes #638 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Change-Id: Ia4bab31f3c238b0278ea57ab22590fad00eaf061 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/684 from tanjianfeng:fix-638 b940e810367ad1273519bfa594f4371bdd293e83 PiperOrigin-RevId: 264211336
2019-08-19Read iptables via sockopts.Kevin Krakauer
PiperOrigin-RevId: 264180125
2019-08-16netstack: disconnect an unix socket only if the address family is AF_UNSPECAndrei Vagin
Linux allows to call connect for ANY and the zero port. PiperOrigin-RevId: 263892534
2019-08-16procfs: Migrate seqfile implementations.Ayush Ranjan
Migrates all (except 3) seqfile implementations to the vfs.DynamicBytesSource interface. There should not be any change in functionality due to this migration itself. Please note that the following seqfile implementations have not been migrated: - /proc/filesystems in proc/filesystems.go - /proc/[pid]/mountinfo in proc/mounts.go - /proc/[pid]/mounts in proc/mounts.go This is because these depend on pending changes in /pkg/senty/vfs. PiperOrigin-RevId: 263880719
2019-08-16ptrace: detect if a stub process exited unexpectedlyAndrei Vagin
PiperOrigin-RevId: 263880577
2019-08-16Add subnet checking to NIC.findEndpoint and consolidate with NIC.getRefChris Kuiper
This adds the same logic to NIC.findEndpoint that is already done in NIC.getRef. Since this makes the two functions very similar they were combined into one with the originals being wrappers. PiperOrigin-RevId: 263864708
2019-08-16Bump rules_go to v0.19.3 and bazel_gazelle to v0.18.1.Nicolas Lacasse
And bump go toolchain to v1.12.9. Protobuf dependencies must be explicitly included now. PiperOrigin-RevId: 263853370
2019-08-16vfs: Remove vfs.DefaultDirectoryFD from embedding vfs.DefaultFD.Ayush Ranjan
This fixes the implementation ambiguity issues when a filesystem implementation embeds vfs.DefaultDirectoryFD to its directory FD along with an internal common fileDescription utility. For similar reasons also removes FileDescriptionDefaultImpl from DynamicBytesFileDescriptionImpl. PiperOrigin-RevId: 263795513
2019-08-15Add tests for "cooked" AF_PACKET sockets.Kevin Krakauer
PiperOrigin-RevId: 263666789
2019-08-15Document source and versioning of the TCPInfo struct.Rahat Mahmood
PiperOrigin-RevId: 263637194
2019-08-15Don't dereference errors passed to panic()Tamir Duberstein
These errors are always pointers; there's no sense in dereferencing them in the panic call. Changed one false positive for clarity. PiperOrigin-RevId: 263611579
2019-08-15netstack: move resumption logic into *_state.goTamir Duberstein
13a98df rearranged some of this code in a way that broke compilation of the netstack-only export at github.com/google/netstack because *_state.go files are not included in that export. This commit moves resumption logic back into *_state.go, fixing the compilation breakage. PiperOrigin-RevId: 263601629
2019-08-14Replace uinptr with int64 when returning lengthsTamir Duberstein
This is in accordance with newer parts of the standard library. PiperOrigin-RevId: 263449916
2019-08-14Add tcpip.AddressWithPrefix.StringTamir Duberstein
PiperOrigin-RevId: 263436592
2019-08-14Improve SendMsg performance.Bhasker Hariharan
SendMsg before this change would copy all the data over into a new slice even if the underlying socket could only accept a small amount of data. This is really inefficient with non-blocking sockets and under high throughput where large writes could get ErrWouldBlock or if there was say a timeout associated with the sendmsg() syscall. With this change we delay copying bytes in till they are needed and only copy what can be potentially sent/held in the socket buffer. Reducing the need to repeatedly copy data over. Also a minor fix to change state FIN-WAIT-1 when shutdown(..., SHUT_WR) is called instead of when we transmit the actual FIN. Otherwise the socket could remain in CONNECTED state even though the user has called shutdown() on the socket. Updates #627 PiperOrigin-RevId: 263430505
2019-08-13Add vfs.DynamicBytesFileDescriptionImpl.Jamie Liu
This replaces fs/proc/seqfile for vfs2-based filesystems. PiperOrigin-RevId: 263254647
2019-08-13Fix file mode check in pipeOperationsFabricio Voznika
PiperOrigin-RevId: 263203441
2019-08-13Add note to name logging mentioning trace logging should be enabled to debug.Ian Gudger
PiperOrigin-RevId: 263194584
2019-08-13Fix file mode check in fsgofer AttachFabricio Voznika
PiperOrigin-RevId: 263189654
2019-08-13gonet: Replace NewPacketConn with DialUDP.Ian Gudger
This better matches the standard library and allows creating connected PacketConns. PiperOrigin-RevId: 263187462
2019-08-13tests: print stack traces if test failed by timeoutAndrei Vagin
PiperOrigin-RevId: 263184083
2019-08-13Bump Bazel to v0.28.0Nicolas Lacasse
The new version has a change in behavior when using a custom platform: * Old behavior: rules that don't require a toolchain used host_platform, no matter what execution platforms are specified. * New behavior: rules that don't require a toolchain use standard platform resolution that starts with execution platforms. As part of this change, we cannot use the "extra_exectution_platforms" flag provided by the default bazelrc. I got rid of the default bazelrc file, and made our custom .bazelrc as minimal as possible. PiperOrigin-RevId: 263176802
2019-08-12Handle ENOSPC with a partial write.Nicolas Lacasse
Similar to the EPIPE case, we can return the number of bytes written before ENOSPC was encountered. If the app tries to write more, we can return ENOSPC on the next write. PiperOrigin-RevId: 263041648
2019-08-12Compute size of struct tcp_info instead of hardcoding it.Rahat Mahmood
PiperOrigin-RevId: 263040624
2019-08-12Fix netstack build error on non-AMD64.Ian Gudger
This stub had the wrong function signature. PiperOrigin-RevId: 262992682
2019-08-09netlink: return an error in nlmsgerrAndrei Vagin
Now if a process sends an unsupported netlink requests, an error is returned from the send system call. The linux kernel works differently in this case. It returns errors in the nlmsgerr netlink message. Reported-by: syzbot+571d99510c6f935202da@syzkaller.appspotmail.com PiperOrigin-RevId: 262690453
2019-08-09Create tests for common.Search().Brett Landau
Using the path_test.go file built by the Golang devs as a base, tests have been created to verify the functionality of common.Search(). A mock file system is created and fake test files are generated to see if they get picked up by common.Search(). Also included in this CL is a bug fix for proctor-nodejs that was discovered using this test. proctor-nodejs used to allow multiple "-" in its test name filter. The regex has been updated to prevent this. PiperOrigin-RevId: 262647263
2019-08-09Add congestion control states to sender.Bhasker Hariharan
This change just introduces different congestion control states and ensures the sender.state is updated to reflect the current state of the connection. It is not used for any decisions yet but this is required before algorithms like Eiffel/PRR can be implemented. Fixes #394 PiperOrigin-RevId: 262638292
2019-08-09Add initial ptrace stub and syscall support for arm64.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I1dbd23bb240cca71d0cc30fc75ca5be28cb4c37c PiperOrigin-RevId: 262619519
2019-08-09ext: Move to pkg/sentry/fsimpl.Ayush Ranjan
fsimpl is the keeper of all filesystem implementations in VFS2. PiperOrigin-RevId: 262617869
2019-08-08ext: Benchmark tests.Ayush Ranjan
Added benchmark tests which emulate memfs benchmarks. Stat benchmarks BenchmarkVFS2Ext4fsStat/1-12 10000000 145 ns/op BenchmarkVFS2Ext4fsStat/2-12 10000000 170 ns/op BenchmarkVFS2Ext4fsStat/3-12 10000000 202 ns/op BenchmarkVFS2Ext4fsStat/8-12 3000000 374 ns/op BenchmarkVFS2Ext4fsStat/64-12 500000 2159 ns/op BenchmarkVFS2Ext4fsStat/100-12 300000 3459 ns/op BenchmarkVFS1TmpfsStat/1-12 5000000 348 ns/op BenchmarkVFS1TmpfsStat/2-12 3000000 487 ns/op BenchmarkVFS1TmpfsStat/3-12 2000000 655 ns/op BenchmarkVFS1TmpfsStat/8-12 1000000 1365 ns/op BenchmarkVFS1TmpfsStat/64-12 200000 9565 ns/op BenchmarkVFS1TmpfsStat/100-12 100000 15158 ns/op BenchmarkVFS2MemfsStat/1-12 10000000 133 ns/op BenchmarkVFS2MemfsStat/2-12 10000000 155 ns/op BenchmarkVFS2MemfsStat/3-12 10000000 182 ns/op BenchmarkVFS2MemfsStat/8-12 5000000 310 ns/op BenchmarkVFS2MemfsStat/64-12 1000000 1659 ns/op BenchmarkVFS2MemfsStat/100-12 500000 2787 ns/op Mount Stat benchmarks BenchmarkVFS2ExtfsMountStat/1-12 5000000 245 ns/op BenchmarkVFS2ExtfsMountStat/2-12 5000000 266 ns/op BenchmarkVFS2ExtfsMountStat/3-12 5000000 304 ns/op BenchmarkVFS2ExtfsMountStat/8-12 3000000 456 ns/op BenchmarkVFS2ExtfsMountStat/64-12 500000 2308 ns/op BenchmarkVFS2ExtfsMountStat/100-12 300000 3482 ns/op BenchmarkVFS1TmpfsMountStat/1-12 3000000 488 ns/op BenchmarkVFS1TmpfsMountStat/2-12 2000000 658 ns/op BenchmarkVFS1TmpfsMountStat/3-12 2000000 806 ns/op BenchmarkVFS1TmpfsMountStat/8-12 1000000 1514 ns/op BenchmarkVFS1TmpfsMountStat/64-12 100000 10037 ns/op BenchmarkVFS1TmpfsMountStat/100-12 100000 15280 ns/op BenchmarkVFS2MemfsMountStat/1-12 10000000 212 ns/op BenchmarkVFS2MemfsMountStat/2-12 5000000 232 ns/op BenchmarkVFS2MemfsMountStat/3-12 5000000 264 ns/op BenchmarkVFS2MemfsMountStat/8-12 3000000 390 ns/op BenchmarkVFS2MemfsMountStat/64-12 1000000 1813 ns/op BenchmarkVFS2MemfsMountStat/100-12 500000 2812 ns/op PiperOrigin-RevId: 262477158
2019-08-08Return a well-defined socket address type from socket funtions.Rahat Mahmood
Previously we were representing socket addresses as an interface{}, which allowed any type which could be binary.Marshal()ed to be used as a socket address. This is fine when the address is passed to userspace via the linux ABI, but is problematic when used from within the sentry such as by networking procfs files. PiperOrigin-RevId: 262460640