summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-09-04Resolve flakes with TestMultiContainerDestroyFabricio Voznika
Some processes are reparented to the root container depending on the kill order and the root container would not reap in time. So some zombie processes were still present when the test checked. Fix it by running the second container inside a PID namespace. PiperOrigin-RevId: 267278591
2019-09-04Fix continuous build breakageAdin Scannell
PiperOrigin-RevId: 267277711
2019-09-04Fix RST generation bugs.Bhasker Hariharan
There are a few cases addressed by this change - We no longer generate a RST in response to a RST packet. - When we receive a RST we cleanup and release all reservations immediately as the connection is now aborted. - An ACK received by a listening socket generates a RST when SYN cookies are not in-use. The only reason an ACK should land at the listening socket is if we are using SYN cookies otherwise the goroutine for the handshake in progress should have gotten the packet and it should never have arrived at the listening endpoint. - Also fixes the error returned when a connection times out due to a Keepalive timer expiration from ECONNRESET to a ETIMEDOUT. PiperOrigin-RevId: 267238427
2019-09-04Handle subnet and broadcast addresses correctly with NIC.subnetsChris Kuiper
This also renames "subnet" to "addressRange" to avoid any more confusion with an interface IP's subnet. Lastly, this also removes the Stack.ContainsSubnet(..) API since it isn't used by anyone. Plus the same information can be obtained from Stack.NICAddressRanges(). PiperOrigin-RevId: 267229843
2019-09-03Impose order on test scripts.Adin Scannell
The simple test script has gotten out of control. Shard this script into different pieces and attempt to impose order on overall test structure. This change helps lay some of the foundations for future improvements. * The runsc/test directories are moved into just test/. * The runsc/test/testutil package is split into logical pieces. * The scripts/ directory contains new top-level targets. * Each test is now responsible for building targets it requires. * The install functionality is moved into `runsc` itself for simplicity. * The existing kokoro run_tests.sh file now just calls all (can be split). After this change is merged, I will create multiple distinct workflows for Kokoro, one for each of the scripts currently targeted by `run_tests.sh` today, which should dramatically reduce the time-to-run for the Kokoro tests, and provides a better foundation for further improvements to the infrastructure. PiperOrigin-RevId: 267081397
2019-09-03Validate IPv6 Hop Limit field for received NDP packetsGhanan Gowripalan
Make sure that NDP packets are only received if their IP header's hop limit field is set to 255, as per RFC 4861. PiperOrigin-RevId: 267061457
2019-09-03Make UDP traceroute work.Bhasker Hariharan
Adds support to generate Port Unreachable messages for UDP datagrams received on a port for which there is no valid endpoint. Fixes #703 PiperOrigin-RevId: 267034418
2019-09-03Ensure that flipcall.Endpoint.Shutdown() shuts down inactive peers.Jamie Liu
PiperOrigin-RevId: 267022978
2019-09-03Merge pull request #782 from xiaobo55x:pkg_rawfilegVisor bot
PiperOrigin-RevId: 266976315
2019-09-02Remove duplicated file in pkg/tcpip/link/rawfile.Haibo Xu
The blockingpoll_unsafe.go was copied to blockingpoll_noyield_unsafe.go during merging commit 7206202bb9439499. If it still stay here, it would cause build errors on non-amd64 platform. ERROR: pkg/tcpip/link/rawfile/BUILD:5:1: GoCompilePkg pkg/tcpip/link/rawfile.a failed (Exit 1) builder failed: error executing command bazel-out/host/bin/external/go_sdk/builder compilepkg -sdk external/go_sdk -installsuffix linux_arm64 -src pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go -src ... (remaining 33 argument(s) skipped) Use --sandbox_debug to see verbose messages from the sandbox compilepkg: error running subcommand: exit status 2 pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go:35:6: BlockingPoll redeclared in this block previous declaration at pkg/tcpip/link/rawfile/blockingpoll_unsafe.go:26:78 Target //pkg/tcpip/link/rawfile:rawfile failed to build Use --verbose_failures to see the command lines of failed build steps. INFO: Elapsed time: 25.531s, Critical Path: 21.08s INFO: 262 processes: 262 linux-sandbox. FAILED: Build did NOT complete successfully Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I4e21f82984225d0aa173de456f7a7c66053a053e
2019-08-30Remove support for non-incremental mapped accounting.Jamie Liu
PiperOrigin-RevId: 266496644
2019-08-30Automated rollback of changelist 261387276Bhasker Hariharan
PiperOrigin-RevId: 266491264
2019-08-30Fix async-signal-unsafety in MlockallTest_Future.Jamie Liu
PiperOrigin-RevId: 266491246
2019-08-30Fix data race accessing referencedNetworkEndpoint.kindChris Kuiper
Wrapping "kind" into atomic access functions. Fixes #789 PiperOrigin-RevId: 266485501
2019-08-30Return correct buffer size for ioctl(socket, FIONREAD)Fabricio Voznika
Ioctl was returning just the buffer size from epsocket.endpoint and it was not considering data from epsocket.SocketOperations that was read from the endpoint, but not yet sent to the caller. PiperOrigin-RevId: 266485461
2019-08-30Update image to install docker and fix permissionsAdin Scannell
PiperOrigin-RevId: 266467361
2019-08-30Add C++ toolchain and fix compile issues.Adin Scannell
This was accidentally introduced in 31f05d5d4f62c4cd4fe3b95b333d0130aae4b2c1. Fixes #788. PiperOrigin-RevId: 266462843
2019-08-29Handle new representation of abstract UDS paths.Rahat Mahmood
When abstract unix domain socket paths are displayed in /proc/net/unix, Linux historically emitted null bytes as padding at the end of the path. Newer versions of Linux (v4.9, e7947ea770d0de434d38a0f823e660d3fd4bebb5) display these as '@' characters. Update proc_net_unix test to handle both version of the padding. PiperOrigin-RevId: 266230200
2019-08-29Implement /proc/net/udp.Rahat Mahmood
PiperOrigin-RevId: 266229756
2019-08-29Merge pull request #655 from praveensastry:feature/runsc-ref-chk-leakgVisor bot
PiperOrigin-RevId: 266226714
2019-08-29Compile procter binaries during image creation.Nicolas Lacasse
Using "go run ..." in the ENTRYPOINT causes the go compiler to run each time the container is started. We can just compile the binary once as part of the image. PiperOrigin-RevId: 266212462
2019-08-29Internal change.gVisor bot
PiperOrigin-RevId: 266199211
2019-08-29Add limit_host_fd_translation Gofer mount option.Jamie Liu
PiperOrigin-RevId: 266177409
2019-08-29Don't log an error when stopping the container if it is not running.Nicolas Lacasse
This removes a lot of confusing messages from the test logs. PiperOrigin-RevId: 266164001
2019-08-29Internal change.Adin Scannell
PiperOrigin-RevId: 266073190
2019-08-28Fix permissions on .ssh filesAdin Scannell
PiperOrigin-RevId: 266066839
2019-08-28Fix kokoro image build scriptsAdin Scannell
The /tmpfs directory needs to be writable, and kokoro needs passwordless sudo access to execute the test scripts. PiperOrigin-RevId: 266063723
2019-08-28Export generated linkAddrEntryEntryTamir Duberstein
PiperOrigin-RevId: 266000128
2019-08-27kokoro: Add scripts to rebuild images.Adin Scannell
These scripts generated the following images: gvisor-kokoro-testing/image-a53bac71541a209e (ubuntu 18.04) gvisor-kokoro-testing/image-f5b20c5fbd23f448 (ubuntu 16.04) Any modifications to these scripts should generate new images. PiperOrigin-RevId: 265843929
2019-08-27Populate link address cache at dispatchTamir Duberstein
This allows the stack to learn remote link addresses on incoming packets, reducing the need to ARP to send responses. This also reduces the number of round trips to the system clock, since that may also prove to be performance-sensitive. Fixes #739. PiperOrigin-RevId: 265815816
2019-08-27Fix pwritev2 flaky test.Zach Koopmans
Fix a uninitialized memory bug in pwritev2 test. PiperOrigin-RevId: 265772176
2019-08-27Fix comment typoMichael Pratt
PiperOrigin-RevId: 265731735
2019-08-27Fix sendfile(2) error codeFabricio Voznika
When output file is in append mode, sendfile(2) should fail with EINVAL and not EBADF. Closes #721 PiperOrigin-RevId: 265718958
2019-08-27Mount volumes as super userFabricio Voznika
This used to be the case, but regressed after a recent change. Also made a few fixes around it and clean up the code a bit. Closes #720 PiperOrigin-RevId: 265717496
2019-08-26Don't lose test output.Adin Scannell
PiperOrigin-RevId: 265606322
2019-08-26netstack/tcp: Add LastAck transition.Rahat Mahmood
Add missing state transition to LastAck, which should happen when the endpoint has already recieved a FIN from the remote side, and is sending its own FIN. PiperOrigin-RevId: 265568314
2019-08-26Add support for Intel cache CPUID leafsMichael Pratt
This exposes L1, L2, etc. cache sizes, cache line size, etc. Across S/R, everything except cache line size can differ from the host. This is because cache line size is critical for correct use of CLFLUSH / CLFLUSHOPT, but as far as I know, the other cache parameters can only affect performance, not correctness. AMD uses different leafs for cache information, which are not yet supported. fail. There are no known cases of cache line size other than 64 in the fleet. PiperOrigin-RevId: 265544786
2019-08-26Internal change.gVisor bot
PiperOrigin-RevId: 265535438
2019-08-26Merge pull request #696 from xiaobo55x:tcpip_linkgVisor bot
PiperOrigin-RevId: 265534854
2019-08-26Prevent a network endpoint to send/rcv if its address was removedChris Kuiper
This addresses the problem where an endpoint has its address removed but still has outstanding references held by routes used in connected TCP/UDP sockets which prevent the removal of the endpoint. The fix adds a new "expired" flag to the referenced network endpoint, which is set when an endpoint has its address removed. Incoming packets are not delivered to an expired endpoint (unless in promiscuous mode), while sending outgoing packets triggers an error to the caller (unless in spoofing mode). In addition, a few helper functions were added to stack_test.go to reduce code duplications. PiperOrigin-RevId: 265514326
2019-08-26fsgofer_test.go: a socket file path can't be longer than UNIX_MAX_PATH (108)Andrei Vagin
PiperOrigin-RevId: 265478578
2019-08-23Second try at flaky futex test.Zach Koopmans
The flake had the call to futex_unlock_pi() returning EINVAL with the FUTEX_OWNER_DIED set. In this case, userspace has to clean up stale state. So instead of calling FUTEX_UNLOCK_PI outright, we'll use the advised atomic compare_exchange as advised in the man page. PiperOrigin-RevId: 265163920
2019-08-23Implement fmt.Stringer on Route by valueTamir Duberstein
This is more convenient, since it implements the interface for both value and pointer. PiperOrigin-RevId: 265086510
2019-08-22Log message sent before logging is setupFabricio Voznika
Moved log message to after the log options have been read and log setup. PiperOrigin-RevId: 264964171
2019-08-22Ensure yield-equivalent with an already-expired timeout.Adin Scannell
PiperOrigin-RevId: 264920977
2019-08-22test: set shard_count to 5 by defaultAndrei Vagin
In cl/264434674 and cl/264498919, we stop running test cases in parallel to not overload test hosts. But now tests requires more time to run, so we need to increase a default number of shards or a default test timeout. Let's start with increasing the number of shards and see how it will works. PiperOrigin-RevId: 264917055
2019-08-22Send sandbox log to test logFabricio Voznika
This used to be the case, but when --alsologtostderr was added, it stopped logging. PiperOrigin-RevId: 264905640
2019-08-22Remove ASSERT from fork childMichael Pratt
The gunit macros are not safe to use in the child. PiperOrigin-RevId: 264904348
2019-08-22Add log prefix for better claritypraveensastry
2019-08-21Support binding to multicast and broadcast addressesChris Kuiper
This fixes the issue of not being able to bind to either a multicast or broadcast address as well as to send and receive data from it. The way to solve this is to treat these addresses similar to the ANY address and register their transport endpoint ID with the global stack's demuxer rather than the NIC's. That way there is no need to require an endpoint with that multicast or broadcast address. The stack's demuxer is in fact the only correct one to use, because neither broadcast- nor multicast-bound sockets care which NIC a packet was received on (for multicast a join is still needed to receive packets on a NIC). I also took the liberty of refactoring udp_test.go to consolidate a lot of duplicate code and make it easier to create repetitive tests that test the same feature for a variety of packet and socket types. For this purpose I created a "flowType" that represents two things: 1) the type of packet being sent or received and 2) the type of socket used for the test. E.g., a "multicastV4in6" flow represents a V4-mapped multicast packet run through a V6-dual socket. This allows writing significantly simpler tests. A nice example is testTTL(). PiperOrigin-RevId: 264766909