summaryrefslogtreecommitdiffhomepage
path: root/test/syscalls
AgeCommit message (Collapse)Author
2019-07-09tss: block userspace access to all I/O ports.Liu Hua
A userspace process (CPL=3) can access an i/o port if the bit corresponding to the port is set to 0 in the I/O permission bitmap. Configure the I/O permission bitmap address beyond the last valid byte in the TSS so access to all i/o ports is blocked. Signed-off-by: Liu Hua <sdu.liu@huawei.com> Change-Id: I3df76980c3735491db768f7210e71703f86bb989 PiperOrigin-RevId: 257336518
2019-07-08Don't mask errors in createAt loop.Nicolas Lacasse
The error set in the loop in createAt was being masked by other errors declared with ":=". This allowed an ErrResolveViaReadlink error to escape, which can cause a sentry panic. Added test case which repros without the fix. PiperOrigin-RevId: 257061767
2019-07-03netstack/udp: connect with the AF_UNSPEC address family means disconnectAndrei Vagin
PiperOrigin-RevId: 256433283
2019-07-02Mark timers_test flaky because setrlimit(RLIMIT_CPU) is broken in some kernels.Neel Natu
https://bugzilla.redhat.com/show_bug.cgi?id=1568337 PiperOrigin-RevId: 256276198
2019-07-01Check remaining traversal limit when creating a file through a symlink.Nicolas Lacasse
This fixes the case when an app tries to create a file that already exists, and is a symlink to itself. A test was added. PiperOrigin-RevId: 256044811
2019-06-28Fix suggestions from clang.Nicolas Lacasse
PiperOrigin-RevId: 255679603
2019-06-28Automated rollback of changelist 255263686Nicolas Lacasse
PiperOrigin-RevId: 255679453
2019-06-27Complete pipe support on overlayfsFabricio Voznika
Get/Set pipe size and ioctl support were missing from overlayfs. It required moving the pipe.Sizer interface to fs so that overlay could get access. Fixes #318 PiperOrigin-RevId: 255511125
2019-06-27Fix various spelling issues in the documentationMichael Pratt
Addresses obvious typos, in the documentation only. COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/443 from Pixep:fix/documentation-spelling 4d0688164eafaf0b3010e5f4824b35d1e7176d65 PiperOrigin-RevId: 255477779
2019-06-27Merge pull request #461 from brb-g:128_procseekendgVisor bot
PiperOrigin-RevId: 255462850
2019-06-26Preserve permissions when checking lowerFabricio Voznika
The code was wrongly assuming that only read access was required from the lower overlay when checking for permissions. This allowed non-writable files to be writable in the overlay. Fixes #316 PiperOrigin-RevId: 255263686
2019-06-26Follow symlinks when creating a file, and create the target.Nicolas Lacasse
If we have a symlink whose target does not exist, creating the symlink (either via 'creat' or 'open' with O_CREAT flag) should create the target of the symlink. Previously, gVisor would error with EEXIST in this case PiperOrigin-RevId: 255232944
2019-06-24fs: synchronize concurrent writes into files with O_APPENDAndrei Vagin
For files with O_APPEND, a file write operation gets a file size and uses it as offset to call an inode write operation. This means that all other operations which can change a file size should be blocked while the write operation doesn't complete. PiperOrigin-RevId: 254873771
2019-06-24Implement /proc/net/tcp.Rahat Mahmood
PiperOrigin-RevId: 254854346
2019-06-24Use correct statx syscall number for amd64.Nicolas Lacasse
The previous number was for the arm architecture. Also change the statx tests to force them to run on gVisor, which would have caught this issue. PiperOrigin-RevId: 254846831
2019-06-24Add regression test for #128 (fixed in ab6774ce)brb-g
Tests run at HEAD (35719d52): ``` $ bazel test $(bazel query 'filter(".*getdents.*", //test/syscalls:all)') <snip> //test/syscalls:getdents_test_native PASSED in 0.3s //test/syscalls:getdents_test_runsc_ptrace PASSED in 4.9s //test/syscalls:getdents_test_runsc_ptrace_overlay PASSED in 4.7s //test/syscalls:getdents_test_runsc_ptrace_shared PASSED in 5.2s //test/syscalls:getdents_test_runsc_kvm FAILED in 4.0s ``` Tests run at ab6774ce~1 (6f933a93): ``` $ bazel test $(bazel query 'filter(".*getdents.*", //test/syscalls:all)') //test/syscalls:getdents_test_native PASSED in 0.2s //test/syscalls:getdents_test_runsc_kvm FAILED in 4.2s /usr/local/google/home/brb/.cache/bazel/_bazel_brb/967240a6aae7d353a221d73f4375e038/execroot/__main__/bazel-out/k8-fastbuild/testlogs/test/syscalls/getdents_test_runsc_kvm/test.log //test/syscalls:getdents_test_runsc_ptrace FAILED in 5.3s /usr/local/google/home/brb/.cache/bazel/_bazel_brb/967240a6aae7d353a221d73f4375e038/execroot/__main__/bazel-out/k8-fastbuild/testlogs/test/syscalls/getdents_test_runsc_ptrace/test.log //test/syscalls:getdents_test_runsc_ptrace_overlay FAILED in 4.9s /usr/local/google/home/brb/.cache/bazel/_bazel_brb/967240a6aae7d353a221d73f4375e038/execroot/__main__/bazel-out/k8-fastbuild/testlogs/test/syscalls/getdents_test_runsc_ptrace_overlay/test.log //test/syscalls:getdents_test_runsc_ptrace_shared FAILED in 5.2s /usr/local/google/home/brb/.cache/bazel/_bazel_brb/967240a6aae7d353a221d73f4375e038/execroot/__main__/bazel-out/k8-fastbuild/testlogs/test/syscalls/getdents_test_runsc_ptrace_shared/test.log ``` (I think all runsc_kvm tests are broken on my machine -- I'll rerun them if you can point me at the documentation to set it up)
2019-06-22Implement statx.Nicolas Lacasse
We don't have the plumbing for btime yet, so that field is left off. The returned mask indicates that btime is absent. Fixes #343 PiperOrigin-RevId: 254575752
2019-06-21Fix the logic for sending zero window updates.Bhasker Hariharan
Today we have the logic split in two places between endpoint Read() and the worker goroutine which actually sends a zero window. This change makes it so that when a zero window ACK is sent we set a flag in the endpoint which can be read by the endpoint to decide if it should notify the worker to send a nonZeroWindow update. The worker now does not do the check again but instead sends an ACK and flips the flag right away. Similarly today when SO_RECVBUF is set the SetSockOpt call has logic to decide if a zero window update is required. Rather than do that we move the logic to the worker goroutine and it can check the zeroWindow flag and send an update if required. PiperOrigin-RevId: 254505447
2019-06-20Close FD on TcpSocketTest loop failure.Ian Gudger
This helps prevent the blocking call from getting stuck and causing a test timeout. PiperOrigin-RevId: 254325926
2019-06-20Deflake TestSIGALRMToMainThread.Neel Natu
Bump up the threshold on number of SIGALRMs received by worker threads from 50 to 200. Even with the new threshold we still expect that the majority of SIGALRMs are received by the thread group leader. PiperOrigin-RevId: 254289787
2019-06-20Implement madvise(MADV_DONTFORK)Neel Natu
PiperOrigin-RevId: 254253777
2019-06-19Mark tcp_socket test flaky (for real)Michael Pratt
The tag on the binary has no effect. It must be on the test. PiperOrigin-RevId: 254103480
2019-06-19Deflake mount_test.Nicolas Lacasse
Inode ids are only stable across Save/Restore if we have an open FD on the inode. All tests that compare inode ids must therefor hold an FD open. PiperOrigin-RevId: 254086603
2019-06-19Abort loop on failureMichael Pratt
As-is, on failure these will infinite loop, resulting in test timeout instead of failure. PiperOrigin-RevId: 254074989
2019-06-19Mark tcp_socket test flaky.Neel Natu
PiperOrigin-RevId: 253997465
2019-06-18Use return values from syscalls in eventfd tests.Rahat Mahmood
PiperOrigin-RevId: 253890611
2019-06-18Replace usage of deprecated strtoul/strtoullBrad Burlage
PiperOrigin-RevId: 253864770
2019-06-18Fix PipeTest_Streaming timeoutFabricio Voznika
Test was calling Size() inside read and write loops. Size() makes 2 syscalls to return the pipe size, making the test do a lot more work than it should. PiperOrigin-RevId: 253824690
2019-06-13Fix deadlock in fasync.Ian Gudger
The deadlock can occur when both ends of a connected Unix socket which has FIOASYNC enabled on at least one end are closed at the same time. One end notifies that it is closing, calling (*waiter.Queue).Notify which takes waiter.Queue.mu (as a read lock) and then calls (*FileAsync).Callback, which takes FileAsync.mu. The other end tries to unregister for notifications by calling (*FileAsync).Unregister, which takes FileAsync.mu and calls (*waiter.Queue).EventUnregister which takes waiter.Queue.mu. This is fixed by moving the calls to waiter.Waitable.EventRegister and waiter.Waitable.EventUnregister outside of the protection of any mutex used in (*FileAsync).Callback. The new test is related, but does not cover this particular situation. Also fix a data race on FileAsync.e.Callback. (*FileAsync).Callback checked FileAsync.e.Callback under the protection of FileAsync.mu, but the waiter calling (*FileAsync).Callback could not and did not. This is fixed by making FileAsync.e.Callback immutable before passing it to the waiter for the first time. Fixes #346 PiperOrigin-RevId: 253138340
2019-06-13Implement getsockopt() SO_DOMAIN, SO_PROTOCOL and SO_TYPE.Rahat Mahmood
SO_TYPE was already implemented for everything but netlink sockets. PiperOrigin-RevId: 253138157
2019-06-13Update canonical repository.Adin Scannell
This can be merged after: https://github.com/google/gvisor-website/pull/77 or https://github.com/google/gvisor-website/pull/78 PiperOrigin-RevId: 253132620
2019-06-13Set optlen correctly when calling getsockopt.Bhasker Hariharan
PiperOrigin-RevId: 253096085
2019-06-12Add support for TCP_CONGESTION socket option.Bhasker Hariharan
This CL also cleans up the error returned for setting congestion control which was incorrectly returning EINVAL instead of ENOENT. PiperOrigin-RevId: 252889093
2019-06-11Eat sendfile partial errorAdin Scannell
For sendfile(2), we propagate a TCP error through the system call layer. This should be eaten if there is a partial result. This change also adds a test to ensure that there is no panic in this case, for both TCP sockets and unix domain sockets. PiperOrigin-RevId: 252746192
2019-06-11gvisor/test: create a per-testcase directory for runsc logsAndrei Vagin
Otherwise it's hard to find a directory for a specific test case. PiperOrigin-RevId: 252636901
2019-06-10Fixes to listen backlog handling.Bhasker Hariharan
Changes netstack to confirm to current linux behaviour where if the backlog is full then we drop the SYN and do not send a SYN-ACK. Similarly we allow upto backlog connections to be in SYN-RCVD state as long as the backlog is not full. We also now drop a SYN if syn cookies are in use and the backlog for the listening endpoint is full. Added new tests to confirm the behaviour. Also reverted the change to increase the backlog in TcpPortReuseMultiThread syscall test. Fixes #236 PiperOrigin-RevId: 252500462
2019-06-06"Implement" mbind(2).Jamie Liu
We still only advertise a single NUMA node, and ignore mempolicy accordingly, but mbind() at least now succeeds and has effects reflected by get_mempolicy(). Also fix handling of nodemasks: round sizes to unsigned long (as documented and done by Linux), and zero trailing bits when copying them out. PiperOrigin-RevId: 251950859
2019-06-06Remove tmpfs restriction from testFabricio Voznika
runsc supports UDS over gofer mounts and tmpfs is not needed for this test. PiperOrigin-RevId: 251944870
2019-06-06Track and export socket state.Rahat Mahmood
This is necessary for implementing network diagnostic interfaces like /proc/net/{tcp,udp,unix} and sock_diag(7). For pass-through endpoints such as hostinet, we obtain the socket state from the backend. For netstack, we add explicit tracking of TCP states. PiperOrigin-RevId: 251934850
2019-06-06Add overlay dimension to FS related syscall testsFabricio Voznika
PiperOrigin-RevId: 251929314
2019-06-06Try increase listen backlog.Rahat Mahmood
PiperOrigin-RevId: 251928000
2019-06-06Internal change.Googler
PiperOrigin-RevId: 251902567
2019-06-05Shutdown host sockets on internal shutdownMichael Pratt
This is required to make the shutdown visible to peers outside the sandbox. The readClosed / writeClosed fields were dropped, as they were preventing a shutdown socket from reading the remainder of queued bytes. The host syscalls will return the appropriate errors for shutdown. The control message tests have been split out of socket_unix.cc to make the (few) remaining tests accessible to testing inherited host UDS, which don't support sending control messages. Updates #273 PiperOrigin-RevId: 251763060
2019-06-05Adjust route when looping multicast packetsChris Kuiper
Multicast packets are special in that their destination address does not identify a specific interface. When sending out such a packet the multicast address is the remote address, but for incoming packets it is the local address. Hence, when looping a multicast packet, the route needs to be tweaked to reflect this. PiperOrigin-RevId: 251739298
2019-06-05Give test instantiations meaningful names.Ian Gudger
PiperOrigin-RevId: 251737069
2019-06-05Implement dumpability tracking and checksMichael Pratt
We don't actually support core dumps, but some applications want to get/set dumpability, which still has an effect in procfs. Lack of support for set-uid binaries or fs creds simplifies things a bit. As-is, processes started via CreateProcess (i.e., init and sentryctl exec) have normal dumpability. I'm a bit torn on whether sentryctl exec tasks should be dumpable, but at least since they have no parent normal UID/GID checks should protect them. PiperOrigin-RevId: 251712714
2019-06-03gvisor/sock/unix: pass creds when a message is sent between unconnected socketsAndrei Vagin
and don't report a sender address if it doesn't have one PiperOrigin-RevId: 251371284
2019-06-03Remove duplicate socket testsMichael Pratt
socket_unix_abstract.cc: Subset of socket_abstract.cc socket_unix_filesystem.cc: Subset of socket_filesystem.cc PiperOrigin-RevId: 251297117
2019-05-30Add VmData field to /proc/{pid}/statuschris.zn
VmData is the size of private data segments. It has the same meaning as in Linux. Change-Id: Iebf1ae85940a810524a6cde9c2e767d4233ddb2a PiperOrigin-RevId: 250593739
2019-05-30gvisor: socket() returns EPROTONOSUPPORT if protocol is not supportedAndrei Vagin
PiperOrigin-RevId: 250426407