Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 370181621
|
|
Dropping CAP_SYS_ADMIN and not restoring it causes
other tests to be skipped.
PiperOrigin-RevId: 370002644
|
|
PiperOrigin-RevId: 369993733
|
|
In https://github.com/google/gvisor/commit/f075522849fa a check to increase zero
to a minimum backlog length was removed from sys_socket.go to bring it in parity
with linux and then in tcp/endpoint.go we bump backlog by 1. But this broke
calling listen on a AF_UNIX socket w/ a zero backlog as in linux it does allow 1
connection even with a zero backlog.
This was caught by a php runtime test socket_abstract_path.phpt.
PiperOrigin-RevId: 369974744
|
|
PiperOrigin-RevId: 369967629
|
|
PiperOrigin-RevId: 369909691
|
|
PiperOrigin-RevId: 369724358
|
|
PiperOrigin-RevId: 369505182
|
|
Remote revalidating requires to update file size on every write
on a file opened with O_APPEND. If host FD exists, it can be
used to update the size and skip round trip to the gofer. With
this change, O_APPEND writes with remote revalidating is almost
as fast as exclusive mode:
BM_Append
VFS1 60.7us
VFS2 56.8us
VFS2 exclusive 14.2us
This change 15.8us
Updates #1792
PiperOrigin-RevId: 369486801
|
|
Fixes #2926, #674
PiperOrigin-RevId: 369457123
|
|
This fixes a race that occurs while the endpoint is being unregistered
and the transport demuxer attempts to match the incoming packet to any
endpoint. The race specifically occurs when the unregistration (and
deletion of the endpoint) occurs, after a successful endpointsByNIC
lookup and before the endpoints map is further looked up with ingress
NICID of the packet.
The fix is to notify the caller of lookup-with-NICID failure, so that
the logic falls through to handling unknown destination packets.
For TCP this can mean replying back with RST.
The syscall test in this CL catches this race as the ACK completing the
handshake could get silently dropped on a listener close, causing no
RST sent to the peer and timing out the poll waiting for POLLHUP.
Fixes #5850
PiperOrigin-RevId: 369023779
|
|
Add a coverage-report flag that will cause the sandbox to generate a coverage
report (with suffix .cov) in the debug log directory upon exiting. For the
report to be generated, runsc must have been built with the following Bazel
flags: `--collect_code_coverage --instrumentation_filter=...`.
With coverage reports, we should be able to aggregate results across all tests
to surface code coverage statistics for the project as a whole.
The report is simply a text file with each line representing a covered block
as `file:start_line.start_col,end_line.end_col`. Note that this is similar to
the format of coverage reports generated with `go test -coverprofile`,
although we omit the count and number of statements, which are not useful for
us.
Some simple ways of getting coverage reports:
bazel test <some_test> --collect_code_coverage \
--instrumentation_filter=//pkg/...
bazel build //runsc --collect_code_coverage \
--instrumentation_filter=//pkg/...
runsc -coverage-report=dir/ <other_flags> do ...
PiperOrigin-RevId: 368952911
|
|
PiperOrigin-RevId: 368938936
|
|
PiperOrigin-RevId: 368919557
|
|
PiperOrigin-RevId: 368779532
|
|
PiperOrigin-RevId: 368749894
|
|
PiperOrigin-RevId: 368495641
|
|
We do not currently run random save tests.
PiperOrigin-RevId: 368309921
|
|
Fix a race where the ACK completing the handshake can be dropped by
a closing listener without RST to the peer. The listener close would
reset the accepted queue and that causes the connecting endpoint
in SYNRCVD state to drop the ACK thinking the queue if filled up.
PiperOrigin-RevId: 368165509
|
|
It's a common pattern in test code to reinterpret_cast<sockaddr*> from
sockaddr_* structs. Make AsSockAddr() for them so code looks better.
Note: Why not a wrapper type for `sockaddr_storage` and etc?
It's also a common need to have a local in-out variable of socklen_t.
Creating a wrapper type may however lead to this wrong code:
Wrapper addr;
socklen_t addrlen = sizeof(addr);
where sizeof(Wrapper) may not equal to sizeof(sockaddr_storage).
PiperOrigin-RevId: 368126229
|
|
The current SNAT implementation has several limitations:
- SNAT source port has to be specified. It is not optional.
- SNAT source port range is not supported.
- SNAT for UDP is a one-way translation. No response packets
are handled (because conntrack doesn't support UDP currently).
- SNAT and REDIRECT can't work on the same connection.
Fixes #5489
PiperOrigin-RevId: 367750325
|
|
PiperOrigin-RevId: 367730917
|
|
Move maxListenBacklog check to the caller of endpoint Listen so that it
is applicable to Unix domain sockets as well.
This was changed in cl/366935921.
Reported-by: syzbot+a35ae7cdfdde0c41cf7a@syzkaller.appspotmail.com
PiperOrigin-RevId: 367728052
|
|
This is the most often pattern of calling system calls in real applications.
PiperOrigin-RevId: 367320048
|
|
- Change the accept queue full condition for a listening endpoint
to only honor completed (and delivered) connections.
- Use syncookies if the number of incomplete connections is beyond
listen backlog. This also cleans up the SynThreshold option code
as that is no longer used with this change.
- Added a new stack option to unconditionally generate syncookies.
Similar to sysctl -w net.ipv4.tcp_syncookies=2 on Linux.
- Enable keeping of incomplete connections beyond listen backlog.
- Drop incoming SYNs only if the accept queue is filled up.
- Drop incoming ACKs that complete handshakes when accept queue is full
- Enable the stack to accept one more connection than programmed by
listen backlog.
- Handle backlog argument being zero, negative for listen, as Linux.
- Add syscall and packetimpact tests to reflect the changes above.
- Remove TCPConnectBacklog test which is polling for completed
connections on the client side which is not reflective of whether
the accept queue is filled up by the test. The modified syscall test
in this CL addresses testing of connecting sockets.
Fixes #3153
PiperOrigin-RevId: 366935921
|
|
PiperOrigin-RevId: 366923274
|
|
PiperOrigin-RevId: 366907152
|
|
Closes #3373
PiperOrigin-RevId: 366903991
|
|
Updates #5273
PiperOrigin-RevId: 366902314
|
|
This benchmark currently takes > 15 minutes to run in that case.
PiperOrigin-RevId: 366891726
|
|
There's no reason to actually increment the semaphore, it just introduces the
chance of a race.
PiperOrigin-RevId: 366851795
|
|
Allow user mounting a verity fs on an existing mount by specifying mount
flags root_hash and lower_path.
PiperOrigin-RevId: 366843846
|
|
PiperOrigin-RevId: 366839955
|
|
This benchmark currently takes > 15 minutes to run in that case.
PiperOrigin-RevId: 366817185
|
|
PiperOrigin-RevId: 366573366
|
|
A skeleton implementation of cgroupfs. It supports trivial cpu and
memory controllers with no support for hierarchies.
PiperOrigin-RevId: 366561126
|
|
PiperOrigin-RevId: 366344222
|
|
PiperOrigin-RevId: 366292533
|
|
VFS1 skips over mounts that overrides files in /dev because the list of
files is hardcoded. This is not needed for VFS2 and a recent change
lifted this restriction. However, parts of the code were still skipping
/dev mounts even in VFS2, causing the loader to panic when it ran short
of FDs to connect to the gofer.
PiperOrigin-RevId: 365858436
|
|
Split usermem package to help remove syserror dependency in go_marshal.
New hostarch package contains code not dependent on syserror.
PiperOrigin-RevId: 365651233
|
|
PiperOrigin-RevId: 365092320
|
|
On Linux these are meant to be equivalent to POLLIN/POLLOUT. Rather
than hack these on in sys_poll etc it felt cleaner to just cleanup
the call sites to notify for both events. This is what linux does
as well.
Fixes #5544
PiperOrigin-RevId: 364859977
|
|
Also adds support for clearing the setuid bit when appropriate (writing,
truncating, changing size, changing UID, or changing GID).
VFS2 only.
PiperOrigin-RevId: 364661835
|
|
- Don't cleanup containers in Network.Cleanup, otherwise containers will
be killed and removed several times.
- Don't set AutoRemove for containers. This will prevent the confusing
'removal already in progress' messages.
Fixes #3795
PiperOrigin-RevId: 364404414
|
|
The tests were not using the correct windowSize so the testing segments were
actually within the window for seqNumOffset=0 tests. The issue is already fixed
by #5674.
PiperOrigin-RevId: 364252630
|
|
syserror allows packages to register translators for errors. These
translators should be called prior to checking if the error is valid,
otherwise it may not account for possible errors that can be returned
from different packages, e.g. safecopy.BusError => syserror.EFAULT.
Second attempt, it passes tests now :-)
PiperOrigin-RevId: 363714508
|
|
Also, drop fio total reads/writes to 1GB as 10GB is
prohibitively slow.
PiperOrigin-RevId: 363714060
|
|
Netstack does not check ACK number for FIN-ACK packets and goes into TIMEWAIT
unconditionally. Fixing the state machine will give us back the retransmission
of FIN.
PiperOrigin-RevId: 363301883
|
|
There is a race in handling new incoming connections on a listening
endpoint that causes the endpoint to reply to more incoming SYNs than
what is permitted by the listen backlog.
The race occurs when there is a successful passive connection handshake
and the synRcvdCount counter is decremented, followed by the endpoint
delivered to the accept queue. In the window of time between
synRcvdCount decrementing and the endpoint being enqueued for accept,
new incoming SYNs can be handled without honoring the listen backlog
value, as the backlog could be perceived not full.
Fixes #5637
PiperOrigin-RevId: 363279372
|
|
PiperOrigin-RevId: 363276495
|