summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2019-10-18Cleanup host UDS supportMichael Pratt
This change fixes several issues with the fsgofer host UDS support. Notably, it adds support for SOCK_SEQPACKET and SOCK_DGRAM sockets [1]. It also fixes unsafe use of unet.Socket, which could cause a panic if Socket.FD is called when err != nil, and calls to Socket.FD with nothing to prevent the garbage collector from destroying and closing the socket. A set of tests is added to exercise host UDS access. This required extracting most of the syscall test runner into a library that can be used by custom tests. Updates #235 Updates #1003 [1] N.B. SOCK_DGRAM sockets are likely not particularly useful, as a server can only reply to a client that binds first. We don't allow bind, so these are unlikely to be used. PiperOrigin-RevId: 275558502
2019-10-18test/perf: optimize the getdents testAndrei Vagin
* Use mknod instead of open&close to create an empty file. * Limit a number of files to (1<<16) instead of 100K. In this case, a test set is (1, 8, 64, 512, 4K, 32K, 64K) instead of (1, 8, 64, 512, 4K, 32K, 98K). I think it is easier to compare results for 32K and 64K than 32K and 98K. And results for 98K doesn't give us more information than for 54K. PiperOrigin-RevId: 275552507
2019-10-18test: use a bigger buffer to fill a socketAndrei Vagin
Otherwise we need to do a lot of system calls and cooperative_save tests work slow. PiperOrigin-RevId: 275536957
2019-10-16Merge pull request #736 from tanjianfeng:fix-unixgVisor bot
PiperOrigin-RevId: 275114157
2019-10-16Remove death from exec test namesMichael Pratt
These aren't actually death tests in the GUnit sense. i.e., they don't call EXPECT_EXIT or EXPECT_DEATH. PiperOrigin-RevId: 275099957
2019-10-14Internal change.gVisor bot
PiperOrigin-RevId: 274700093
2019-10-10Allow for zero byte iovec with MSG_PEEK | MSG_TRUNC in recvmsg.Ian Lewis
This allows for peeking at the length of the next message on a netlink socket without pulling it off the socket's buffer/queue, allowing tools like 'ip' to work. This CL also fixes an issue where dump_done_errno was not included in the NLMSG_DONE messages payload. Issue #769 PiperOrigin-RevId: 274068637
2019-10-10Fix signalfd polling.Adin Scannell
The signalfd descriptors otherwise always show as available. This can lead programs to spin, assuming they are looking to see what signals are pending. Updates #139 PiperOrigin-RevId: 274017890
2019-10-09Add blacklists for remaining runtime tests, and test that they parse correctly.Nicolas Lacasse
PiperOrigin-RevId: 273781112
2019-10-07Implement IP_TTL.Ian Gudger
Also change the default TTL to 64 to match Linux. PiperOrigin-RevId: 273430341
2019-10-07Add tests for $HOMEIan Lewis
Adds two tests. One to make sure that $HOME is set when starting a container via 'docker run' and one to make sure that $HOME is set for each container in a multi-container sandbox. Issue #701 PiperOrigin-RevId: 273395763
2019-10-03Implement proper local broadcast behaviorChris Kuiper
The behavior for sending and receiving local broadcast (255.255.255.255) traffic is as follows: Outgoing -------- * A broadcast packet sent on a socket that is bound to an interface goes out that interface * A broadcast packet sent on an unbound socket follows the route table to select the outgoing interface + if an explicit route entry exists for 255.255.255.255/32, use that one + else use the default route * Broadcast packets are looped back and delivered following the rules for incoming packets (see next). This is the same behavior as for multicast packets, except that it cannot be disabled via sockopt. Incoming -------- * Sockets wishing to receive broadcast packets must bind to either INADDR_ANY (0.0.0.0) or INADDR_BROADCAST (255.255.255.255). No other socket receives broadcast packets. * Broadcast packets are multiplexed to all sockets matching it. This is the same behavior as for multicast packets. * A socket can bind to 255.255.255.255:<port> and then receive its own broadcast packets sent to 255.255.255.255:<port> In addition, this change implicitly fixes an issue with multicast reception. If two sockets want to receive a given multicast stream and one is bound to ANY while the other is bound to the multicast address, only one of them will receive the traffic. PiperOrigin-RevId: 272792377
2019-10-03Don't report partialResult errors from sendfileAndrei Vagin
The input file descriptor is always a regular file, so sendfile can't lose any data if it will not be able to write them to the output file descriptor. Reported-by: syzbot+22d22330a35fa1c02155@syzkaller.appspotmail.com PiperOrigin-RevId: 272730357
2019-10-02Increase itimer test timeoutMichael Pratt
https://github.com/google/gvisor/commit/dd69b49ed1103bab82a6b2ac95221b89b46f3376 makes this test take longer. PiperOrigin-RevId: 272535892
2019-10-02Merge pull request #865 from tanjianfeng:fix-829gVisor bot
PiperOrigin-RevId: 272522508
2019-10-02Sanity test that open(2) on a UDS failsMichael Pratt
Spoiler alert: it doesn't. PiperOrigin-RevId: 272513529
2019-10-01Include AT_SECURE in the aux vectorMichael Pratt
gVisor does not currently implement the functionality that would result in AT_SECURE = 1, but Linux includes AT_SECURE = 0 in the normal case, so we should do the same. PiperOrigin-RevId: 272311488
2019-10-01Add blacklist support to the runtime test runner.Nicolas Lacasse
Tests in the blacklist will be explicitly skipped (with associated log line). Checks in a blacklist for the nodejs tests. PiperOrigin-RevId: 272272749
2019-10-01Support new interpreter requirements in testMichael Pratt
Refactoring in 0036d1f7eb95bcc52977f15507f00dd07018e7e2 (v4.10) caused Linux to start unconditionally zeroing the remainder of the last page in the interpreter. Previously it did not due so if filesz == memsz, and *still* does not do so when filesz == memsz for loading binaries, only interpreter. This inconsistency is not worth replicating in gVisor, as it is arguably a bug, but our tests must ensure we create interpreter ELFs compatible with this new requirement. PiperOrigin-RevId: 272266401
2019-10-01Disable cpuClockTicker when app is idleMichael Pratt
Kernel.cpuClockTicker increments kernel.cpuClock, which tasks use as a clock to track their CPU usage. This improves latency in the syscall path by avoid expensive monotonic clock calls on every syscall entry/exit. However, this timer fires every 10ms. Thus, when all tasks are idle (i.e., blocked or stopped), this forces a sentry wakeup every 10ms, when we may otherwise be able to sleep until the next app-relevant event. These wakeups cause the sentry to utilize approximately 2% CPU when the application is otherwise idle. Updates to clock are not strictly necessary when the app is idle, as there are no readers of cpuClock. This commit reduces idle CPU by disabling the timer when tasks are completely idle, and computing its effects at the next wakeup. Rather than disabling the timer as soon as the app goes idle, we wait until the next tick, which provides a window for short sleeps to sleep and wakeup without doing the (relatively) expensive work of disabling and enabling the timer. PiperOrigin-RevId: 272265822
2019-10-01Prevent CAP_NET_RAW from appearing in execFabricio Voznika
'docker exec' was getting CAP_NET_RAW even when --net-raw=false because it was not filtered out from when copying container's capabilities. PiperOrigin-RevId: 272260451
2019-10-01Honor X bit on extra anon pages in PT_LOAD segmentsMichael Pratt
Linux changed this behavior in 16e72e9b30986ee15f17fbb68189ca842c32af58 (v4.11). Previously, extra pages were always mapped RW. Now, those pages will be executable if the segment specified PF_X. They still must be writeable. PiperOrigin-RevId: 272256280
2019-09-30De-flake SetForegroundProcessGroupDifferentSession.Kevin Krakauer
PiperOrigin-RevId: 272059043
2019-09-30Only copy out remaining time on nanosleep successMichael Pratt
It looks like the old code attempted to do this, but didn't realize that err != nil even in the happy case. PiperOrigin-RevId: 272005887
2019-09-27Automated rollback of changelist 256276198Adin Scannell
PiperOrigin-RevId: 271665517
2019-09-27Merge pull request #864 from tanjianfeng:fix-861gVisor bot
PiperOrigin-RevId: 271649711
2019-09-27Implement SO_BINDTODEVICE sockoptgVisor bot
PiperOrigin-RevId: 271644926
2019-09-26Make raw socket tests pass in environments with or without CAP_NET_RAW.Kevin Krakauer
PiperOrigin-RevId: 271442321
2019-09-24test: don't use designated initializersAndrei Vagin
This change fixes compile errors: pty.cc:1460:7: error: expected primary-expression before '.' token ... PiperOrigin-RevId: 271033729
2019-09-24Stub out readahead implementation.Adin Scannell
Closes #261 PiperOrigin-RevId: 270973347
2019-09-23Run all runtime tests in a single container.Nicolas Lacasse
This makes them run much faster. Also cleaned up the log reporting. PiperOrigin-RevId: 270799808
2019-09-23Always set HOME env var with `runsc exec`.Nicolas Lacasse
We already do this for `runsc run`, but need to do the same for `runsc exec`. PiperOrigin-RevId: 270793459
2019-09-23Fix bug in RstCausesPollHUP.Bhasker Hariharan
The test is checking the wrong poll_fd for POLLHUP. The only reason it passed till now was because it was also checking for POLLIN which was always true on the other fd from the previous poll! PiperOrigin-RevId: 270780401
2019-09-23Add test that runsc exec inherits the same environment as run.Nicolas Lacasse
PiperOrigin-RevId: 270764996
2019-09-20fix set hostnameJianfeng Tan
Previously, when we set hostname: $ strace hostname abc ... sethostname("abc", 3) = -1 ENAMETOOLONG (File name too long) ... According to man 2 sethostname: "The len argument specifies the number of bytes in name. (Thus, name does not require a terminating null byte.)" We wrongly use the CopyStringIn() to check terminating zero byte in the implementation of sethostname syscall. To fix this, we use CopyInBytes() instead. Fixes: #861 Reported-by: chenglang.hy <chenglang.hy@antfin.com> Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
2019-09-20Implement /proc/net/tcp6Jianfeng Tan
Fixes: #829 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Signed-off-by: Jielong Zhou <jielong.zjl@antfin.com>
2019-09-19Job control: controlling TTYs and foreground process groups.Kevin Krakauer
Adresses a deadlock with the rolled back change: https://github.com/google/gvisor/commit/b6a5b950d28e0b474fdad160b88bc15314cf9259 Creating a session from an orphaned process group was causing a lock to be acquired twice by a single goroutine. This behavior is addressed, and a test (OrphanRegression) has been added to pty.cc. Implemented the following ioctls: - TIOCSCTTY - set controlling TTY - TIOCNOTTY - remove controlling tty, maybe signal some other processes - TIOCGPGRP - get foreground process group. Also enables tcgetpgrp(). - TIOCSPGRP - set foreground process group. Also enabled tcsetpgrp(). Next steps are to actually turn terminal-generated control characters (e.g. C^c) into signals to the proper process groups, and to send SIGTTOU and SIGTTIN when appropriate. PiperOrigin-RevId: 270088599
2019-09-18Shard the runtime tests.Nicolas Lacasse
Default of 20 shards was arbitrary and will need fine-tuning in later CLs. PiperOrigin-RevId: 269922871
2019-09-18Signalfd supportAdin Scannell
Note that the exact semantics for these signalfds are slightly different from Linux. These signalfds are bound to the process at creation time. Reads, polls, etc. are all associated with signals directed at that task. In Linux, all signalfd operations are associated with current, regardless of where the signalfd originated. In practice, this should not be an issue given how signalfds are used. In order to fix this however, we will need to plumb the context through all the event APIs. This gets complicated really quickly, because the waiter APIs are all netstack-specific, and not generally exposed to the context. Probably not worthwhile fixing immediately. PiperOrigin-RevId: 269901749
2019-09-17Follow-up fixes for image tests.Nicolas Lacasse
- Fix ARG syntax in Dockerfiles. - Fix curl commands in Dockerfiles. - Fix some paths in proctor binaries. - Check error from Walk in search helper. PiperOrigin-RevId: 269641686
2019-09-16Refactor and clean up image tests.Nicolas Lacasse
* Use multi-stage builds in Dockerfiles. * Combine all proctor binaries into a single binary. * Change the TestRunner interface to reduce code duplication. PiperOrigin-RevId: 269462101
2019-09-16Migrate from gflags to absl flagsMichael Pratt
absl flags are more modern and we can easily depend on them directly. The repo now successfully builds with --incompatible_load_cc_rules_from_bzl. PiperOrigin-RevId: 269387081
2019-09-16Bring back to life features lost in recent refactorFabricio Voznika
- Sandbox logs are generated when running tests - Kokoro uploads the sandbox logs - Supports multiple parallel runs - Revive script to install locally built runsc with docker PiperOrigin-RevId: 269337274
2019-09-13gvisor: return ENOTDIR from the unlink syscallAndrei Vagin
ENOTDIR has to be returned when a component used as a directory in pathname is not, in fact, a directory. PiperOrigin-RevId: 269037893
2019-09-12Implement splice methods for pipes and sockets.Adin Scannell
This also allows the tee(2) implementation to be enabled, since dup can now be properly supported via WriteTo. Note that this change necessitated some minor restructoring with the fs.FileOperations splice methods. If the *fs.File is passed through directly, then only public API methods are accessible, which will deadlock immediately since the locking is already done by fs.Splice. Instead, we pass through an abstract io.Reader or io.Writer, which elide locks and use the underlying fs.FileOperations directly. PiperOrigin-RevId: 268805207
2019-09-10Fix minor Kokoro issues.Adin Scannell
A recent Kokoro change pointed to go_tests.cfg (in line with the other configurations), which unfortunately broke the presubmits. This change also enabled the KVM tests, which were still using a remote execution strategy. This fixes both of these issues and allows presubmits to pass. One additional test was caught with this case, which seems to have been broken. It's unclear why this was not being caught. PiperOrigin-RevId: 268166291
2019-09-06Load C++ rules from @rules_ccMichael Pratt
See https://github.com/bazelbuild/bazel/issues/8743. This will be required in Bazel 1.0. Protobuf was updated in https://github.com/protocolbuffers/protobuf/commit/bf0c69e1302fe9568fbe310cc54b37d20a9d16a3#diff-96239ee297e0a92ac6ff96a6bc434ef0. GoogleTest was updated in https://github.com/google/googletest/commit/6fd262ecf787d0dc2a91696fd4bf1d3ee1ebfa14. gflags has not yet been updated, so the repo still won't build with --incompatible_load_cc_rules_from_bzl. Tested with buildifier -warnings=native-cc -lint=warn **/BUILD. PiperOrigin-RevId: 267638515
2019-09-05Ignore the root container when calculating oom_score_adj for the sandbox.Ian Lewis
This is done because the root container for CRI is the infrastructure (pause) container and always gets a low oom_score_adj. We do this to ensure that only the oom_score_adj of user containers is used to calculated the sandbox oom_score_adj. Implemented in runsc rather than the containerd shim as it's a bit cleaner to implement here (in the shim it would require overwriting the oomScoreAdj and re-writing out the config.json again). This processing is Kubernetes(CRI) specific but we are currently only supporting CRI for multi-container support anyway. PiperOrigin-RevId: 267507706
2019-09-05Fix bug in proc_test.Bhasker Hariharan
TestNoDuplicates is racy as it tries to read the /proc file system while the test is running. But it's possible that from the time a directory entries are read and each entry processed something could change and in some cases the entry being processed could have been deleted. In such cases we should not fail the test but just ignore the error and move on. PiperOrigin-RevId: 267483094
2019-09-05Deflake aio_test.Jamie Liu
- Most AIO tests call io_setup(nr_events = 128). sizeof(struct io_event) (128*32 = 4096). However, the actual size of the mapping created by io_setup() is determined by: (from fs/aio.c:ioctx_alloc()) /* * We keep track of the number of available ringbuffer slots, to prevent * overflow (reqs_available), and we also use percpu counters for this. * * So since up to half the slots might be on other cpu's percpu counters * and unavailable, double nr_events so userspace sees what they * expected: additionally, we move req_batch slots to/from percpu * counters at a time, so make sure that isn't 0: */ nr_events = max(nr_events, num_possible_cpus() * 4); nr_events *= 2; (from fs/aio.c:aio_setup_ring()) /* Compensate for the ring buffer's head/tail overlap entry */ nr_events += 2; /* 1 is required, 2 for good luck */ size = sizeof(struct aio_ring); size += sizeof(struct io_event) * nr_events; nr_pages = PFN_UP(size); When we mremap() only the first page of a multi-page AIO ring buffer mapping, fs/aio.c:aio_ring_mremap() updates struct kioctx::mmap_base - but struct kioctx::mmap_size is untouched, so sys_io_destroy() => kill_ioctx() vm_unmaps() the mremapped page, plus some number of pages after it. Just get the actual size of the mapping from /proc/self/maps. - Delete test case MremapOver; while it is correct that Linux will not complain if you overwrite the AIO ring buffer with another mapping, it won't actually work in the sense that AIO events will not be written to the new mapping, because Linux stores the struct pages of the ring buffer in struct kioctx::ring_pages and writes to those through kmap() rather than using userspace addresses. - Don't munmap() after mremap(MREMAP_FIXED) returns EFAULT; see new comment in factored-out test case MremapExpansion. PiperOrigin-RevId: 267482903