summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2021-07-13Replace whitelist with allowlistFabricio Voznika
PiperOrigin-RevId: 384586164
2021-07-12Drop dedicated benchmark lifecycle.Adin Scannell
Instead, roll the output scraping into the main runner. Pass a perf flag to the runner in order to control leak checking, apply tags via the macro and appropriately disable logging. This may be removed in the future. PiperOrigin-RevId: 384348035
2021-07-12Fix stdios ownershipFabricio Voznika
Set stdio ownership based on the container's user to ensure the user can open/read/write to/from stdios. 1. stdios in the host are changed to have the owner be the same uid/gid of the process running the sandbox. This ensures that the sandbox has full control over it. 2. stdios owner owner inside the sandbox is changed to match the container's user to give access inside the container and make it behave the same as runc. Fixes #6180 PiperOrigin-RevId: 384347009
2021-07-12Fix async-signal-unsafety in chroot test.Jamie Liu
PiperOrigin-RevId: 384295543
2021-07-08Fix async-signal-unsafety in socket test.Jamie Liu
PiperOrigin-RevId: 383689096
2021-07-02[op] Make TCPNonBlockingConnectClose more reasonable.Ayush Ranjan
This test single handedly causes the syscalls:socket_inet_loopback_test test variants to take more than an hour to run on some of our testing environments. Reduce how aggressively this test tries to replicate a fixed flake. This is a regression test. PiperOrigin-RevId: 382849039
2021-07-01Fix bug with TCP bind w/ SO_REUSEADDR.Bhasker Hariharan
In gVisor today its possible that when trying to bind a TCP socket w/ SO_REUSEADDR specified and requesting the kernel pick a port by setting port to zero can result in a previously bound port being returned. This behaviour is incorrect as the user is clearly requesting a free port. The behaviour is fine when the user explicity specifies a port. This change now checks if the user specified a port when making a port reservation for a TCP port and only returns unbound ports even if SO_REUSEADDR was specified. Fixes #6209 PiperOrigin-RevId: 382607638
2021-06-29Merge pull request #6085 from liornm:fix-tun-no_pigVisor bot
PiperOrigin-RevId: 382202462
2021-06-29Add SIOCGIFFLAGS ioctl support to hostinet.Lucas Manning
PiperOrigin-RevId: 382194711
2021-06-29Fix TUN IFF_NO_PI bugliornm
When TUN is created with IFF_NO_PI flag, there will be no Ethernet header and no packet info, therefore, both read and write will fail. This commit fix this bug.
2021-06-28code quality: cleanup lint messagesKevin Krakauer
dns PiperOrigin-RevId: 381949375
2021-06-28check explicitly that AF_PACKET sockets can't write in gVisorKevin Krakauer
PiperOrigin-RevId: 381896875
2021-06-25[tcp_info_test] Increase retransmission timeoutTamir Duberstein
PiperOrigin-RevId: 381515399
2021-06-25[tcp_info_test] Remove %vTamir Duberstein
PiperOrigin-RevId: 381508674
2021-06-24Run `:socket_inet_loopback_isolated_test_linux` tests in a container.Etienne Perot
This creates new user and network namespaces for all tests in `:socket_inet_loopback_isolated_test_linux`. PiperOrigin-RevId: 381374120
2021-06-23Fix PR_SET_PTRACER applicability to non-leader threads.Jamie Liu
Compare if (!thread_group_leader(tracee)) tracee = rcu_dereference(tracee->group_leader); in security/yama/yama_lsm.c:ptracer_exception_found(). PiperOrigin-RevId: 381074242
2021-06-22Wake up Writers when tcp socket is shutdown for writes.Bhasker Hariharan
PiperOrigin-RevId: 380967023
2021-06-22`socket_inet_loopback`: Split off tests that need isolation in their own file.Etienne Perot
This allows these tests, which can cause flakiness when run in the same network namespace as the other `socket_inet_loopback` tests, to run as separate tests in their own environment. It also means that all of the shards of those tests can be more isolated from each other as well. PiperOrigin-RevId: 380930198
2021-06-22Remove timeoutsTamir Duberstein
These aren't useful and create opportunities for flakes. PiperOrigin-RevId: 380889223
2021-06-22Trigger poll/epoll events on zero-length hostinet sendmsgIan Lewis
Fixes #2726 PiperOrigin-RevId: 380753516
2021-06-21clean up tcpdump TODOsKevin Krakauer
tcpdump is largely supported. We've also chose not to implement writeable AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333). Fixes #173. PiperOrigin-RevId: 380733686
2021-06-17raw sockets: don't overwrite destination addressKevin Krakauer
Also makes the behavior of raw sockets WRT fragmentation clearer, and makes the ICMPv4 header-length check explicit. Fixes #3160. PiperOrigin-RevId: 380033450
2021-06-16Fix broken hdrincl testKevin Krakauer
Fixes #3159. PiperOrigin-RevId: 379814096
2021-06-15Deflake SocketInetLoopbackTest.TCPBacklogKevin Krakauer
The value can be off by one depending on the kernel we're running. Tested with --runs_per_test=1000. PiperOrigin-RevId: 379535390
2021-06-14Cleanup lint messagesKevin Krakauer
PiperOrigin-RevId: 379380041
2021-06-14Remove debug lines from exec.ccZach Koopmans
PiperOrigin-RevId: 379298590
2021-06-11Fix //test/syscalls:exec_test_nativeZach Koopmans
Later kernels add empty arguments to argv, throwing off return values for the exec_basic_workload.cc binary. This is result of a bug introduced by ccbb18b67323b "exec/binfmt_script: Don't modify bprm->buf and then return - ENOEXEC". Before this change, an empty interpreter string was reported if the first non-space/non-tab character after "#!" was '\0' (end of file, previously- overwritten trailing space or tab, or previously-overwritten first newline). After this change, an empty interpreter string is reported if all characters after "#!" are spaces or tabs, or the first non-space non-tab character is at i_end, which is the position of the first newline after "#!". However, if there is no newline after "#!" (as in ExecTest.InterpreterScriptNoPath), then i_end = buf_end (= bprm->buf + sizeof(bprm->buf) - 1, the last possible byte in the buffer) and neither condition holds. Change white space for script inputs to take into account the above bug. Co-authored-by: Andrei Vagin <avagin@gmail.com> PiperOrigin-RevId: 378997171
2021-06-11Temorary skip test cases that fail on LinuxAndrei Vagin
PiperOrigin-RevId: 378974239
2021-06-11[benchmarks] Fix redis benchmark.Zach Koopmans
Intermittenly, the connection between the client redis_benchmark container can be flaky with the server, even if the server has been up for a long time. If this happens, just re-run a client until we get a result. Also, don't start a new server for each operation. Also also, modify Makefile run-benchmark call to accept RUNTIME=runc correctly. PiperOrigin-RevId: 378918886
2021-06-10Try to avoid accept, incoming ACK raceMithun Iyer
This test checks if an incoming ACK is dropped by the listener when the accept queue is full. The ACK receive handling could race with the test invoking accept on the DUT, causing the test to be flaky. Add a wait time before invoking accept on the DUT to give cycles for the incoming ACK to be handled/dropped by the listener. PiperOrigin-RevId: 378770225
2021-06-10Disable all tests dependent on cloud_gvisor::testing::FuseTest.Jamie Liu
PiperOrigin-RevId: 378753134
2021-06-10Add /proc/sys/vm/max_map_countFabricio Voznika
Set it to int32 max because gVisor doesn't have a limit. Fixes #2337 PiperOrigin-RevId: 378722230
2021-06-10Merge pull request #6103 from sudo-sturbia:semaphore-errgVisor bot
PiperOrigin-RevId: 378607458
2021-06-09Rename go files that contain "main" function to main.go.Nicolas Lacasse
This is a good Go convention that we should follow. PiperOrigin-RevId: 378538679
2021-06-09Remove unnecessary TODO bug.Nicolas Lacasse
The bug id was not adding anything relevant here PiperOrigin-RevId: 378485983
2021-06-07test: use std::vector instead of allocating memory with callocAndrei Vagin
A memory that is allocated with calloc has to be freed. PiperOrigin-RevId: 378001409
2021-06-07Implement RENAME_NOREPLACE for all VFS2 filesystem implementations.Jamie Liu
PiperOrigin-RevId: 377966969
2021-06-04Honor data and FIN from the ACK completing handshakeMithun Iyer
If the ACK completing the handshake has FIN or data, requeue the segment for further processing by the newly established endpoint. Otherwise, the segments would have to be retransmitted by the peer to be processed by the established endpoint. Doing this, keeps the behavior in parity with Linux. This also addresses a test flake with TCPNonBlockingConnectClose where the ACK (completing the handshake) and multiple retransmitted FINACKs from the peer could be dropped by the listener, when using syncookies and the accept queue is full. The handshake could eventually get completed with a retransmitted FINACK, without actual processing of FIN. This can cause the poll with POLLRDHUP on the accepted socket to sometimes time out before the next FINACK retransmission. PiperOrigin-RevId: 377651695
2021-06-04Forward verbose flag to packetimpact testerSam Balana
Forwards the testing verbose flag to the packetimpact test runner. This is necessary for debugging inside packetimpact tests. When this flag is present, all t.Logs in the packetimpact test wil be shown in the resulting test output. PiperOrigin-RevId: 377614550
2021-06-04Allow sniffer receive timeout durations less than one usecSam Balana
Fixes the erronously signaled fatal error when the sniffer receive timeout duration is less than one usec. This was caused by the converstion from float64 to int64; the integer conversion truncated the floating point to 0, which signaled the fatal error. PiperOrigin-RevId: 377600179
2021-06-04Add bind syscall tests for ICMP and ICMPv6Sam Balana
Updates #5711 Updates #6021 Updates #6022 PiperOrigin-RevId: 377582446
2021-06-03Reset global_num_signals_received on RegisterSignalHandlerAdam Barth
Previously, the value of global_num_signals_received would persist between tests. Now, we reset the value to zero when we register a signal handler. PiperOrigin-RevId: 377308357
2021-06-01Ensure full shutdown of endpoint on notifyCloseMithun Iyer
Address a race with non-blocking connect and socket close, causing the FIN (because of socket close) to not be sent out, even after completing the handshake. The race occurs with this sequence: (1) endpoint Connect starts handshake, sending out SYN (2) handshake complete() releases endpoint lock, waiting on sleeper.Fetch() (3) endpoint Close acquires endpoint lock, does not enqueue FIN (as the endpoint is not yet connected) and asserts notifyClose (4) SYNACK from peer gets enqueued asserting newSegmentWaker (5) handshake complete() re-aqcuires lock, first processes newSegmentWaker event, transitions to ESTABLISHED and proceeds to protocolMainLoop() (6) protocolMainLoop() exits while processing notifyClose When the execution follows the above sequence, no FIN is sent to the peer. This causes the listener side to have a half-open connection sitting in the accept queue. Fix this by ensuring that the protocolMainLoop() performs clean shutdown when the endpoint state is still ESTABLISHED. This would not be a bug, if during handshake complete(), sleeper.Fetch() prioritized notificationWaker over newSegmentWaker. In that case, the handshake would not have completed in (5) above. Fixes #6067 PiperOrigin-RevId: 376994395
2021-06-01Test system-wide semaphore limits.Zyad A. Ali
2021-06-01Ignore RST received for a TCP listenerMithun Iyer
The current implementation has a bug where TCP listener does not ignore RSTs from the peer. While handling RST+ACK from the peer, this bug can complete handshakes that use syncookies. This results in half-open connection delivered to the accept queue. Fixes #6076 PiperOrigin-RevId: 376868749
2021-05-27Fix test_app task-treeFabricio Voznika
Executing `select {}` to wait forever triggers Go runtime deadlock detection and kills the child, causing the number actual processes be less than expected. PiperOrigin-RevId: 376298799
2021-05-27Support SO_BINDTODEVICE in ICMP socketsSam Balana
Adds support for the SO_BINDTODEVICE socket option in ICMP sockets with an accompanying packetimpact test to exercise use of this socket option. Adds a unit test to exercise the NIC selection logic introduced by this change. The remaining unit tests for ICMP sockets need to be added in a subsequent CL. See https://gvisor.dev/issues/5623 for the list of remaining unit tests. Adds a "timeout" field to PacketimpactTestInfo, necessary due to the long runtime of the newly added packetimpact test. Fixes #5678 Fixes #4896 Updates #5623 Updates #5681 Updates #5763 Updates #5956 Updates #5966 Updates #5967 PiperOrigin-RevId: 376271581
2021-05-27nanosleep has to store the finish time in the restart blockAndrei Vagin
nanosleep has to count time that a thread spent in the stopped state. PiperOrigin-RevId: 376258641
2021-05-26Specify subsequent layers as ICMP payloads and add ICMPv6.PointerSam Balana
Moves specification of subsequent layers to the Payload field of the ICMP and ICMPv6 layers. Removes the need to manually encode type-specific ICMP or ICMPv6 headers, such as the "pointer" header of parameter problem messages, in the payload. This is necessary prework to enable matching of more type-specific headers, such as "ident" of echo requests. Fixes a bug where the "reserved" header defined by ICMPv6 RFC 4443 was being incorrectly encoded by ToBytes. This change fixes the implementation by copying the payload into Payload, instead of the MessageBody. PiperOrigin-RevId: 376026420
2021-05-26Add verity getdents testsChong Cai
PiperOrigin-RevId: 376001603