summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-04-17prlimit: don't check credentials on selfKevin Krakauer
prlimit was erroneously comparing UIDs and GIDs when getting/setting a process' own limits. From the manpage: To set or get the resources of a process other than itself, the caller must have the CAP_SYS_RESOURCE capability, or the real, effective, and saved set user IDs of the target process must match the real user ID of the caller and the real, effective, and saved set group IDs of the target process must match the real group ID of the caller. PiperOrigin-RevId: 307127266
2020-04-17Support NDP DNS Search List optionGhanan Gowripalan
Inform the netstack integrator when the netstack receives an NDP Router Advertisement message with the NDP DNS Search List option with at least one domain name. The stack will not maintain any state related to the search list - the integrator is expected to maintain any required state and invalidate domain names after their lifetime expires, or refresh the lifetime when a new one is received for a known domain name. Test: - header_test.TestNDPDNSSearchListOption - header_test.TestNDPDNSSearchListOptionSerialize - header_test.TestNDPSearchListOptionDomainNameLabelInvalidSymbols - header_test.TestNDPOptionsIterCheck - stack_test.TestNDPDNSSearchListDispatch PiperOrigin-RevId: 307109375
2020-04-17Add test name to boot and gofer log filesFabricio Voznika
This is to make easier to find corresponding logs in case test fails. PiperOrigin-RevId: 307104283
2020-04-17Merge pull request #1978 from lubinszARM:pr_signal_mmgVisor bot
PiperOrigin-RevId: 307078788
2020-04-17Get /bin/true to run on VFS2Zach Koopmans
Included: - loader_test.go RunTest and TestStartSignal VFS2 - container_test.go TestAppExitStatus on VFS2 - experimental flag added to runsc to turn on VFS2 Note: shared mounts are not yet supported. PiperOrigin-RevId: 307070753
2020-04-17proc net test: Annotate disable-save test with NoRandomSave.Ting-Yu Wang
PiperOrigin-RevId: 307069884
2020-04-17Allow caller-defined sinks for packet sniffing.Tamir Duberstein
PiperOrigin-RevId: 307053624
2020-04-17Permit setting unknown optionsTamir Duberstein
This previously changed in 305699233, but this behaviour turned out to be load bearing. PiperOrigin-RevId: 307033802
2020-04-16Implement pipe(2) and pipe2(2) for VFS2.Jamie Liu
Updates #1035 PiperOrigin-RevId: 306968644
2020-04-16Drop invalid NDP NA messagesGhanan Gowripalan
Better validate NDP NAs options before updating the link address cache. Test: stack_test.TestNeighorAdvertisementWithTargetLinkLayerOption PiperOrigin-RevId: 306962924
2020-04-16Properly delegate WaitTamir Duberstein
PiperOrigin-RevId: 306959393
2020-04-16Reset pending connections on listener shutdown.Mithun Iyer
When the listening socket is read shutdown, we need to reset all pending and incoming connections. Ensure that the endpoint is not cleaned up from the demuxer and subsequent bind to same port does not go through. PiperOrigin-RevId: 306958038
2020-04-16Return detailed errors when iterating NDP optionsGhanan Gowripalan
Test: header_test.TestNDPOptionsIterCheck PiperOrigin-RevId: 306953867
2020-04-16Fix data race in tcp_test.Bhasker Hariharan
This change makes SynRcvdCountThreshold and the global synRcvdCount into a stack configurable value. This is required because in cases like mod_proxy which create multiple Stack instances the count will be a global value that impacts all Stack instances. Further the tests relied on modifying the global threshold to simulate tests where we want to verify SYN cookie based behaviour. This lead to data races due to the global being modified/read without locks or atomics. PiperOrigin-RevId: 306947723
2020-04-16Use multierr in packetimpact Connection.Close()Eyal Soha
PiperOrigin-RevId: 306930652
2020-04-16Preserve log FD after execveFabricio Voznika
PiperOrigin-RevId: 306908296
2020-04-16Test TCP behavior when receiving unacceptable segment in CLOSE_WAITgVisor bot
TCP, in CLOSE-WAIT state, MUST return ACK with proper SEQ and ACK numbers after recv a seg with OTW SEQ or unacc ACK number, and remain in same state. If the connection is in a synchronized state, any unacceptable segment (out of window sequence number or unacceptable acknowledgment number) must elicit only an empty acknowledgment segment containing the current send-sequence number and an acknowledgment indicating the next sequence number expected to be received, and the connection remains in the same state. PiperOrigin-RevId: 306897984
2020-04-16Make ExtractErrno a functionFabricio Voznika
PiperOrigin-RevId: 306891171
2020-04-15Add tests for segments outside the receive window.Eyal Soha
The tests are based on RFC 793 page 69. Updates #1607 PiperOrigin-RevId: 306768847
2020-04-15Use hex.Dump for Layer.String() of byte slices.Eyal Soha
PiperOrigin-RevId: 306726587
2020-04-15Use if_nametoindex to get interface index.Ting-Yu Wang
Removed the TODO to use netlink. PiperOrigin-RevId: 306721468
2020-04-15Refactor connections.go to make it easier to add new connection types.Eyal Soha
Rather than have a struct for the state of each type of connection, such as TCP/IPv4, UDP/IPv4, TCP/IPv6, etc, have a state for each layer, such as UDP, TCP, IPv4, IPv6. Those states can be composed into connections. Tested: Existing unit tests still pass/fail as expected. PiperOrigin-RevId: 306703180
2020-04-15Deduplicate packet loggingTamir Duberstein
PiperOrigin-RevId: 306677789
2020-04-15Remove unnecessary codeTamir Duberstein
Remove useless casts and duplicate return statements. PiperOrigin-RevId: 306627916
2020-04-15Reset pending connections on listener closeMithun Iyer
Attempt to redeliver TCP segments that are enqueued into a closing TCP endpoint. This was being done for Established endpoints but not for those that are listening or performing connection handshake. Fixes #2417 PiperOrigin-RevId: 306598155
2020-04-14Reduce flakiness in tcp_test.Bhasker Hariharan
Tests now use a MinRTO of 3s instead of default 200ms. This reduced flakiness in a lot of the congestion control/recovery tests which were flaky due to retransmit timer firing too early in case the test executors were overloaded. This change also bumps some of the timeouts in tests which were too sensitive to timer variations and reduces the number of slow start iterations which can make the tests run for too long and also trigger retansmit timeouts etc if the executor is overloaded. PiperOrigin-RevId: 306562645
2020-04-14Attempt SLAAC address regeneration on DAD conflictsGhanan Gowripalan
As per RFC 7217 section 6, attempt to regenerate IPv6 SLAAC address in response to a DAD conflict if the address was generated with an opaque IID as outlined in RFC 7217 section 5. Test: - stack_test.TestAutoGenAddrWithOpaqueIIDDADRetries - stack_test.TestAutoGenAddrWithEUI64IIDNoDADRetries - stack_test.TestAutoGenAddrContinuesLifetimesAfterRetry PiperOrigin-RevId: 306555645
2020-04-14Fix cleanup around socketpair() failure to copy out FDs.Jamie Liu
- Use the fs.File, rather than the vfs.FileDescription, in the VFS1 version. - Check for a nil fs.File/vfs.FileDescription before calling DecRef, which is possible if a racing dup2() or dup3() replaces the file descriptor between when it is installed and when it is returned. (This is not possible in Linux because Linux separates allocation of a file descriptor from binding an allocated file descriptor to a struct file, and dup2/dup3 return EBUSY if asked to replace an allocated but unbound file descriptor.) PiperOrigin-RevId: 306517101
2020-04-14Pass O_LARGEFILE in syscalls/linux/vfs2.openat.Jamie Liu
Needed for PipeTest_Flags: files opened by open() and openat() get O_LARGEFILE (on architectures with 64-bit off_t), but not FDs created by other syscalls such as pipe(). Updates #1035 PiperOrigin-RevId: 306504788
2020-04-14Merge pull request #2212 from aaronlu:dup_stdioFDsgVisor bot
PiperOrigin-RevId: 306477639
2020-04-14Test TCP should piggyback ACK in ESTAB stategVisor bot
TCP, in ESTABLISHED state, SHOULD piggyback acknowledgement with a segment being transmitted (whenever possible) without incurring undue delay PiperOrigin-RevId: 306474550
2020-04-14Merge pull request #2375 from lubinszARM:pr_exec_binarygVisor bot
PiperOrigin-RevId: 306432289
2020-04-13Add Sniffer.Drain() draining socket receive buffergVisor bot
Add Sniffer.Drain() which drains the socket's receive buffer by temporarily setting the socket to non-blocking, and receiving in a loop until EINTR, EWOULDBLOCK or EAGAIN. This method should be used when long periods of time elapses without receiving on the socket, because uninteresting packets may have piled up in the receive buffer, filling it up and causing packets critical to test operation to be dropped. PiperOrigin-RevId: 306380480
2020-04-13Don't allow read/write when offset+size overflows.Nicolas Lacasse
PiperOrigin-RevId: 306348346
2020-04-13Remove unnecessary threadsTamir Duberstein
The work being done in these threads is not asynchronous with respect to the test; that is, it is equivalent to issue non-blocking `connect` calls serially, since the work is done asynchronously with respect to the caller. Futhermore, this test was added to test closing a listener with completed but not delivered connections, which never required threading in the first place. PiperOrigin-RevId: 306339486
2020-04-13Merge pull request #2168 from xiaobo55x:ptrace_testgVisor bot
PiperOrigin-RevId: 306306809
2020-04-13Merge pull request #2288 from xiaobo55x:fork_testgVisor bot
PiperOrigin-RevId: 306306494
2020-04-13Merge pull request #2289 from xiaobo55x:syscall_cleanupgVisor bot
PiperOrigin-RevId: 306303148
2020-04-13Merge pull request #2321 from lubinszARM:pr_nogogVisor bot
PiperOrigin-RevId: 306300032
2020-04-13Port socket-related syscalls to VFS2.Dean Deng
Note that most kinds of sockets are not yet supported in VFS2 (only Unix sockets are partially supported at the moment), so these syscalls will still generally fail. Enabling them allows us to begin running socket tests for VFS2 as more features are ported over. Updates #1476, #1478, #1484, #1485. PiperOrigin-RevId: 306292294
2020-04-13Fix build.sh and VM targets.Adin Scannell
PiperOrigin-RevId: 306289643
2020-04-13Remove obsolete TODOs for b/38173783Jon Budd
The comments in the ticket indicate that this behavior is fine and that the ticket should be closed, so we shouldn't need pointers to the ticket. PiperOrigin-RevId: 306266071
2020-04-13Fix VFS2 getdents()/getdents64() alignment.Jamie Liu
PiperOrigin-RevId: 306263615
2020-04-12Refactor parser to use a for loop instead of recursion.Eyal Soha
This makes the code shorter and less repetitive. TESTED: All unit tests still pass. PiperOrigin-RevId: 306161475
2020-04-11Improve error messages when parsing headers.Eyal Soha
Tested: Looked at output of failing tests. PiperOrigin-RevId: 306031407
2020-04-10Add logging message for noNewPrivileges OCI option.Ian Lewis
noNewPrivileges is ignored if set to false since gVisor assumes that PR_SET_NO_NEW_PRIVS is always enabled. PiperOrigin-RevId: 305991947
2020-04-10Port extended attributes to VFS2.Dean Deng
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs and goferfs. Note that because of the slightly different order of checks between VFS2 and Linux, one of the xattr tests needs to be relaxed slightly. Fixes #2363. PiperOrigin-RevId: 305985121
2020-04-10Use O_CLOEXEC when dup'ing FDsFabricio Voznika
The sentry doesn't allow execve, but it's a good defense in-depth measure. PiperOrigin-RevId: 305958737
2020-04-10Automated rollback of changelist 305940483Nicolas Lacasse
PiperOrigin-RevId: 305944892
2020-04-10Upgrade Kokoro and RBE to bazel 3.0.0Nicolas Lacasse
PiperOrigin-RevId: 305940483