Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 384586164
|
|
Instead, roll the output scraping into the main runner. Pass a perf flag to
the runner in order to control leak checking, apply tags via the macro and
appropriately disable logging. This may be removed in the future.
PiperOrigin-RevId: 384348035
|
|
Set stdio ownership based on the container's user to ensure the
user can open/read/write to/from stdios.
1. stdios in the host are changed to have the owner be the same
uid/gid of the process running the sandbox. This ensures that the
sandbox has full control over it.
2. stdios owner owner inside the sandbox is changed to match the
container's user to give access inside the container and make it
behave the same as runc.
Fixes #6180
PiperOrigin-RevId: 384347009
|
|
PiperOrigin-RevId: 384295543
|
|
PiperOrigin-RevId: 383689096
|
|
This test single handedly causes the syscalls:socket_inet_loopback_test test
variants to take more than an hour to run on some of our testing environments.
Reduce how aggressively this test tries to replicate a fixed flake. This is a
regression test.
PiperOrigin-RevId: 382849039
|
|
In gVisor today its possible that when trying to bind a TCP socket
w/ SO_REUSEADDR specified and requesting the kernel pick a port by
setting port to zero can result in a previously bound port being
returned. This behaviour is incorrect as the user is clearly requesting
a free port. The behaviour is fine when the user explicity specifies
a port.
This change now checks if the user specified a port when making a port
reservation for a TCP port and only returns unbound ports even if
SO_REUSEADDR was specified.
Fixes #6209
PiperOrigin-RevId: 382607638
|
|
PiperOrigin-RevId: 382202462
|
|
PiperOrigin-RevId: 382194711
|
|
When TUN is created with IFF_NO_PI flag, there will be no Ethernet header and no packet info, therefore, both read and write will fail.
This commit fix this bug.
|
|
dns
PiperOrigin-RevId: 381949375
|
|
PiperOrigin-RevId: 381896875
|
|
PiperOrigin-RevId: 381515399
|
|
PiperOrigin-RevId: 381508674
|
|
This creates new user and network namespaces for all tests in
`:socket_inet_loopback_isolated_test_linux`.
PiperOrigin-RevId: 381374120
|
|
Compare
if (!thread_group_leader(tracee))
tracee = rcu_dereference(tracee->group_leader);
in security/yama/yama_lsm.c:ptracer_exception_found().
PiperOrigin-RevId: 381074242
|
|
PiperOrigin-RevId: 380967023
|
|
This allows these tests, which can cause flakiness when run in the same network
namespace as the other `socket_inet_loopback` tests, to run as separate tests
in their own environment. It also means that all of the shards of those tests
can be more isolated from each other as well.
PiperOrigin-RevId: 380930198
|
|
These aren't useful and create opportunities for flakes.
PiperOrigin-RevId: 380889223
|
|
Fixes #2726
PiperOrigin-RevId: 380753516
|
|
tcpdump is largely supported. We've also chose not to implement writeable
AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333).
Fixes #173.
PiperOrigin-RevId: 380733686
|
|
Also makes the behavior of raw sockets WRT fragmentation clearer, and makes the
ICMPv4 header-length check explicit.
Fixes #3160.
PiperOrigin-RevId: 380033450
|
|
Fixes #3159.
PiperOrigin-RevId: 379814096
|
|
The value can be off by one depending on the kernel we're running.
Tested with --runs_per_test=1000.
PiperOrigin-RevId: 379535390
|
|
PiperOrigin-RevId: 379380041
|
|
PiperOrigin-RevId: 379298590
|
|
Later kernels add empty arguments to argv, throwing off return values for the
exec_basic_workload.cc binary. This is result of a bug introduced by
ccbb18b67323b "exec/binfmt_script: Don't modify bprm->buf and then return -
ENOEXEC". Before this change, an empty interpreter string was reported if the
first non-space/non-tab character after "#!" was '\0' (end of file, previously-
overwritten trailing space or tab, or previously-overwritten first newline).
After this change, an empty interpreter string is reported if all characters
after "#!" are spaces or tabs, or the first non-space non-tab character is at
i_end, which is the position of the first newline after "#!". However, if
there is no newline after "#!" (as in ExecTest.InterpreterScriptNoPath),
then i_end = buf_end (= bprm->buf + sizeof(bprm->buf) - 1, the last possible
byte in the buffer) and neither condition holds.
Change white space for script inputs to take into account the above bug.
Co-authored-by: Andrei Vagin <avagin@gmail.com>
PiperOrigin-RevId: 378997171
|
|
PiperOrigin-RevId: 378974239
|
|
Intermittenly, the connection between the client redis_benchmark container can be
flaky with the server, even if the server has been up for a long time. If this
happens, just re-run a client until we get a result.
Also, don't start a new server for each operation.
Also also, modify Makefile run-benchmark call to accept RUNTIME=runc correctly.
PiperOrigin-RevId: 378918886
|
|
This test checks if an incoming ACK is dropped by the listener when the
accept queue is full. The ACK receive handling could race with the test
invoking accept on the DUT, causing the test to be flaky. Add a wait
time before invoking accept on the DUT to give cycles for the incoming
ACK to be handled/dropped by the listener.
PiperOrigin-RevId: 378770225
|
|
PiperOrigin-RevId: 378753134
|
|
Set it to int32 max because gVisor doesn't have a limit.
Fixes #2337
PiperOrigin-RevId: 378722230
|
|
PiperOrigin-RevId: 378607458
|
|
This is a good Go convention that we should follow.
PiperOrigin-RevId: 378538679
|
|
The bug id was not adding anything relevant here
PiperOrigin-RevId: 378485983
|
|
A memory that is allocated with calloc has to be freed.
PiperOrigin-RevId: 378001409
|
|
PiperOrigin-RevId: 377966969
|
|
If the ACK completing the handshake has FIN or data, requeue the segment
for further processing by the newly established endpoint. Otherwise,
the segments would have to be retransmitted by the peer to be processed
by the established endpoint. Doing this, keeps the behavior in parity
with Linux.
This also addresses a test flake with TCPNonBlockingConnectClose where
the ACK (completing the handshake) and multiple retransmitted FINACKs
from the peer could be dropped by the listener, when using syncookies
and the accept queue is full. The handshake could eventually get
completed with a retransmitted FINACK, without actual processing of
FIN. This can cause the poll with POLLRDHUP on the accepted socket to
sometimes time out before the next FINACK retransmission.
PiperOrigin-RevId: 377651695
|
|
Forwards the testing verbose flag to the packetimpact test runner. This is
necessary for debugging inside packetimpact tests. When this flag is present,
all t.Logs in the packetimpact test wil be shown in the resulting test output.
PiperOrigin-RevId: 377614550
|
|
Fixes the erronously signaled fatal error when the sniffer receive timeout
duration is less than one usec. This was caused by the converstion from float64
to int64; the integer conversion truncated the floating point to 0, which
signaled the fatal error.
PiperOrigin-RevId: 377600179
|
|
Updates #5711
Updates #6021
Updates #6022
PiperOrigin-RevId: 377582446
|
|
Previously, the value of global_num_signals_received would persist between
tests. Now, we reset the value to zero when we register a signal handler.
PiperOrigin-RevId: 377308357
|
|
Address a race with non-blocking connect and socket close, causing the
FIN (because of socket close) to not be sent out, even after completing
the handshake.
The race occurs with this sequence:
(1) endpoint Connect starts handshake, sending out SYN
(2) handshake complete() releases endpoint lock, waiting on sleeper.Fetch()
(3) endpoint Close acquires endpoint lock, does not enqueue FIN (as the
endpoint is not yet connected) and asserts notifyClose
(4) SYNACK from peer gets enqueued asserting newSegmentWaker
(5) handshake complete() re-aqcuires lock, first processes newSegmentWaker
event, transitions to ESTABLISHED and proceeds to protocolMainLoop()
(6) protocolMainLoop() exits while processing notifyClose
When the execution follows the above sequence, no FIN is sent to the peer.
This causes the listener side to have a half-open connection sitting in
the accept queue.
Fix this by ensuring that the protocolMainLoop() performs clean shutdown
when the endpoint state is still ESTABLISHED.
This would not be a bug, if during handshake complete(), sleeper.Fetch()
prioritized notificationWaker over newSegmentWaker. In that case, the
handshake would not have completed in (5) above.
Fixes #6067
PiperOrigin-RevId: 376994395
|
|
|
|
The current implementation has a bug where TCP listener does not ignore
RSTs from the peer. While handling RST+ACK from the peer, this bug can
complete handshakes that use syncookies. This results in half-open
connection delivered to the accept queue.
Fixes #6076
PiperOrigin-RevId: 376868749
|
|
Executing `select {}` to wait forever triggers Go runtime deadlock
detection and kills the child, causing the number actual processes
be less than expected.
PiperOrigin-RevId: 376298799
|
|
Adds support for the SO_BINDTODEVICE socket option in ICMP sockets with an
accompanying packetimpact test to exercise use of this socket option.
Adds a unit test to exercise the NIC selection logic introduced by this change.
The remaining unit tests for ICMP sockets need to be added in a subsequent CL.
See https://gvisor.dev/issues/5623 for the list of remaining unit tests.
Adds a "timeout" field to PacketimpactTestInfo, necessary due to the long
runtime of the newly added packetimpact test.
Fixes #5678
Fixes #4896
Updates #5623
Updates #5681
Updates #5763
Updates #5956
Updates #5966
Updates #5967
PiperOrigin-RevId: 376271581
|
|
nanosleep has to count time that a thread spent in the stopped state.
PiperOrigin-RevId: 376258641
|
|
Moves specification of subsequent layers to the Payload field of the ICMP and
ICMPv6 layers.
Removes the need to manually encode type-specific ICMP or ICMPv6 headers, such
as the "pointer" header of parameter problem messages, in the payload. This is
necessary prework to enable matching of more type-specific headers, such as
"ident" of echo requests.
Fixes a bug where the "reserved" header defined by ICMPv6 RFC 4443 was being
incorrectly encoded by ToBytes. This change fixes the implementation by copying
the payload into Payload, instead of the MessageBody.
PiperOrigin-RevId: 376026420
|
|
PiperOrigin-RevId: 376001603
|