summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2019-04-18Keep symlink target open while in test that compares inode ids.Nicolas Lacasse
Inode ids are only guaranteed to be stable across save/restore if the file is held open. This CL fixes a simple stat test to allow it to compare symlink and target by inode id, as long as the link target is held open. PiperOrigin-RevId: 244238343 Change-Id: I74c5115915b1cc032a4c16515a056a480f218f00
2019-04-17Don't allow sigtimedwait to catch unblockable signalsMichael Pratt
The existing logic attempting to do this is incorrect. Unary ^ has higher precedence than &^, so mask always has UnblockableSignals cleared, allowing dequeueSignalLocked to dequeue unblockable signals (which allows userspace to ignore them). Switch the logic so that unblockable signals are always masked. PiperOrigin-RevId: 244058487 Change-Id: Ib19630ac04068a1fbfb9dc4a8eab1ccbdb21edc3
2019-04-17Use FD limit and file size limit from hostFabricio Voznika
FD limit and file size limit is read from the host, instead of using hard-coded defaults, given that they effect the sandbox process. Also limit the direct cache to use no more than half if the available FDs. PiperOrigin-RevId: 244050323 Change-Id: I787ad0fdf07c49d589e51aebfeae477324fe26e6
2019-04-11CONTRIBUTING: add style guide pointerAdin Scannell
Change-Id: I93a78a6b2bb2eaa69046c6cfecee2e4cfcf20e44 PiperOrigin-RevId: 243140359
2019-04-10Internal changeMichael Pratt
PiperOrigin-RevId: 242978508 Change-Id: I0ea59ac5ba1dd499e87c53f2e24709371048679b
2019-04-10rlimits test: don't exceed nr_open.Kevin Krakauer
Even superuser cannot raise RLIMIT_NOFILE above /proc/sys/fs/nr_open, so start the test by lowering the limits before raising. Change-Id: Ied6021c64178a6cb9098088a1a3384db523a226f PiperOrigin-RevId: 242965249
2019-04-10Allow threads with CAP_SYS_RESOURCE to raise hard rlimits.Kevin Krakauer
PiperOrigin-RevId: 242919489 Change-Id: Ie3267b3bcd8a54b54bc16a6556369a19e843376f
2019-04-10Fixed /proc/cpuinfo permissionsShiva Prasanth
This also applies these permissions to other static proc files. Change-Id: I4167e585fed49ad271aa4e1f1260babb3239a73d PiperOrigin-RevId: 242898575
2019-04-09Match multi-word StateMichael Pratt
From a recent test failure: "State:\tD (disk sleep)\n" "disk sleep" does not match \w+. We need to allow spaces. PiperOrigin-RevId: 242762469 Change-Id: Ic8d05a16669412a72c1e76b498373e5b22fe64c4
2019-04-08Internal changeMichael Pratt
PiperOrigin-RevId: 242573252 Change-Id: Ibb4c6bfae2c2e322bf1cec23181a0ab663d8530a
2019-04-08Export kernel.SignalInfoPriv.Jamie Liu
Also add kernel.SignalInfoNoInfo, and use it in RLIMIT_FSIZE checks. PiperOrigin-RevId: 242562428 Change-Id: I4887c0e1c8f5fddcabfe6d4281bf76d2f2eafe90
2019-04-08Add TODOMichael Pratt
PiperOrigin-RevId: 242531141 Change-Id: I2a3bd815bda09f392f511f47120d5d9e6e86a40d
2019-04-05Deflake PtraceTest.SeizeSetOptions.Jamie Liu
PiperOrigin-RevId: 242226319 Change-Id: Iefc78656841315f6b7d48bd85db451486850264d
2019-04-04gvisor: Add support for the MS_NOEXEC mount optionAndrei Vagin
https://github.com/google/gvisor/issues/145 PiperOrigin-RevId: 242044115 Change-Id: I8f140fe05e32ecd438b6be218e224e4b7fe05878
2019-04-03Fix index out of bounds in tty implementation.Kevin Krakauer
The previous implementation revolved around runes instead of bytes, which caused weird behavior when converting between the two. For example, peekRune would read the byte 0xff from a buffer, convert it to a rune, then return it. As rune is an alias of int32, 0xff was 0-padded to int32(255), which is the hex code point for ?. However, peekRune also returned the length of the byte (1). When calling utf8.EncodeRune, we only allocated 1 byte, but tried the write the 2-byte character ?. tl;dr: I apparently didn't understand runes when I wrote this. PiperOrigin-RevId: 241789081 Change-Id: I14c788af4d9754973137801500ef6af7ab8a8727
2019-04-02Set options on the correct Task in PTRACE_SEIZE.Jamie Liu
$ docker run --rm --runtime=runsc -it --cap-add=SYS_PTRACE debian bash -c "apt-get update && apt-get install strace && strace ls" ... Setting up strace (4.15-2) ... execve("/bin/ls", ["ls"], [/* 6 vars */]) = 0 brk(NULL) = 0x5646d8c1e000 uname({sysname="Linux", nodename="114ef93d2db3", ...}) = 0 ... PiperOrigin-RevId: 241643321 Change-Id: Ie4bce27a7fb147eef07bbae5895c6ef3f529e177
2019-04-02Add build rule for raw socket tests so they are runnable via:Kevin Krakauer
bazel test test/syscalls:raw_socket_ipv4_test_{native,runsc_ptrace,runsc_kvm} PiperOrigin-RevId: 241640049 Change-Id: Iac4dbdd7fd1827399a472059ac7d85fb6b506577
2019-04-02Add test that symlinking over a directory returns EEXIST.Nicolas Lacasse
Also remove comments in InodeOperations that required that implementation of some Create* operations ensure that the name does not already exist, since these checks are all centralized in the Dirent. PiperOrigin-RevId: 241637335 Change-Id: Id098dc6063ff7c38347af29d1369075ad1e89a58
2019-04-02Add a raw socket transport endpoint and use it for raw ICMP sockets.Kevin Krakauer
Having raw socket code together will make it easier to add support for other raw network protocols. Currently, only ICMP uses the raw endpoint. However, adding support for other protocols such as UDP shouldn't be much more difficult than adding a few switch cases. PiperOrigin-RevId: 241564875 Change-Id: I77e03adafe4ce0fd29ba2d5dfdc547d2ae8f25bf
2019-04-01Save/restore simple devices.Rahat Mahmood
We weren't saving simple devices' last allocated inode numbers, which caused inode number reuse across S/R. PiperOrigin-RevId: 241414245 Change-Id: I964289978841ef0a57d2fa48daf8eab7633c1284
2019-04-01Trim trailing newline when reading /proc/[pid]/{uid,gid}_map in test.Jamie Liu
This reveals a bug in the tests that require CAP_SET{UID,GID}: After the child process enters the new user namespace, it ceases to have the relevant capability in the parent user namespace, so the privileged write must be done by the parent process. Change tests accordingly. PiperOrigin-RevId: 241412765 Change-Id: I587c1f24aa6f2180fb2e5e5c0162691ba5bac1bc
2019-04-01Fix MemfdTest_OtherProcessCanOpenFromProcfs.Jamie Liu
- Make the body of InForkedProcess async-signal-safe. - Pass the correct path to open(). PiperOrigin-RevId: 241348774 Change-Id: I753dfa36e4fb05521e659c173e3b7db0c7fc159b
2019-03-29Return srclen in proc.idMapFileOperations.Write.Jamie Liu
PiperOrigin-RevId: 241037926 Change-Id: I4b0381ac1c7575e8b861291b068d3da22bc03850
2019-03-28set task's name when forkchris.zn
When fork a child process, the name filed of TaskContext is not set. It results in that when we cat /proc/{pid}/status, the name filed is null. Like this: Name: State: S (sleeping) Tgid: 28 Pid: 28 PPid: 26 TracerPid: 0 FDSize: 8 VmSize: 89712 kB VmRSS: 6648 kB Threads: 1 CapInh: 00000000a93d35fb CapPrm: 0000000000000000 CapEff: 0000000000000000 CapBnd: 00000000a93d35fb Seccomp: 0 Change-Id: I5d469098c37cedd19da16b7ffab2e546a28a321e PiperOrigin-RevId: 240893304
2019-03-28Setting timestamps should trigger an inotify event.Nicolas Lacasse
PiperOrigin-RevId: 240850187 Change-Id: I1458581b771a1031e47bba439e480829794927b8
2019-03-28Clean up gofer handle caching.Jamie Liu
- Document fsutil.CachedFileObject.FD() requirements on access permissions, and change gofer.inodeFileState.FD() to honor them. Fixes #147. - Combine gofer.inodeFileState.readonly and gofer.inodeFileState.readthrough, and simplify handle caching logic. - Inline gofer.cachePolicy.cacheHandles into gofer.inodeFileState.setSharedHandles, because users with access to gofer.inodeFileState don't necessarily have access to the fs.Inode (predictably, this is a save/restore problem). Before this CL: $ docker run --runtime=runsc-d -v $(pwd)/gvisor/repro:/root/repro -it ubuntu bash root@34d51017ed67:/# /root/repro/runsc-b147 mmap: 0x7f3c01e45000 Segmentation fault After this CL: $ docker run --runtime=runsc-d -v $(pwd)/gvisor/repro:/root/repro -it ubuntu bash root@d3c3cb56bbf9:/# /root/repro/runsc-b147 mmap: 0x7f78987ec000 o PiperOrigin-RevId: 240818413 Change-Id: I49e1d4a81a0cb9177832b0a9f31a10da722a896b
2019-03-27Add rsslim field in /proc/pid/stat.Nicolas Lacasse
PiperOrigin-RevId: 240681675 Change-Id: Ib214106e303669fca2d5c744ed5c18e835775161
2019-03-27Add start time to /proc/<pid>/stat.Nicolas Lacasse
The start time is the number of clock ticks between the boot time and application start time. PiperOrigin-RevId: 240619475 Change-Id: Ic8bd7a73e36627ed563988864b0c551c052492a5
2019-03-26Implement memfd_create.Rahat Mahmood
Memfds are simply anonymous tmpfs files with no associated mounts. Also implementing file seals, which Linux only implements for memfds at the moment. PiperOrigin-RevId: 240450031 Change-Id: I31de78b950101ae8d7a13d0e93fe52d98ea06f2f
2019-03-26Use toolchain configs from bazel_0.23.0Andrei Vagin
bazel 0.24.0 isn't compatible with bazel_0.20.0 configs: (10:32:27) ERROR: bazel_toolchains/configs/ubuntu16_04_clang/1.1/bazel_0.20.0/default/BUILD:57:1: no such attribute 'dynamic_runtime_libs' in 'cc_toolchain' rule PiperOrigin-RevId: 240436868 Change-Id: Iee68c9b79d907ca2bdd124386aaa77c786e089ce
2019-03-22lstat should resolve the final path component if it ends in a slash.Nicolas Lacasse
PiperOrigin-RevId: 239896221 Change-Id: I0949981fe50c57131c5631cdeb10b225648575c0
2019-03-22Implement PTRACE_SEIZE, PTRACE_INTERRUPT, and PTRACE_LISTEN.Jamie Liu
PiperOrigin-RevId: 239803092 Change-Id: I42d612ed6a889e011e8474538958c6de90c6fcab
2019-03-21Add test for short recvmsg iovec length.Ian Gudger
PiperOrigin-RevId: 239718991 Change-Id: Idc78557a8e9bfdd3cb7d8ec4db708364652640a4
2019-03-21Test TCP sockets with MSG_TRUNC|MSG_PEEK.Ian Gudger
PiperOrigin-RevId: 239714368 Change-Id: I35860b880a1d8885eb8c2d4ff267caaf72d91088
2019-03-21Clear msghdr flags on successful recvmsg.Ian Gudger
.net sets these flags to -1 and then uses their result, especting it to be zero. Does not set actual flags (e.g. MSG_TRUNC), but setting to zero is more correct than what we did before. PiperOrigin-RevId: 239657951 Change-Id: I89c5f84bc9b94a2cd8ff84e8ecfea09e01142030
2019-03-19netstack: reduce MSS from SYN to account tcp optionsAndrei Vagin
See: https://tools.ietf.org/html/rfc6691#section-2 PiperOrigin-RevId: 239305632 Change-Id: Ie8eb912a43332e6490045dc95570709c5b81855e
2019-03-18Remove references to replaced child in Rename in ramfs/agentfsMichael Pratt
In the case of a rename replacing an existing destination inode, ramfs Rename failed to first remove the replaced inode. This caused: 1. A leak of a reference to the inode (making it live indefinitely). 2. For directories, a leak of the replaced directory's .. link to the parent. This would cause the parent's link count to incorrectly increase. (2) is much simpler to test than (1), so that's what I've done. agentfs has a similar bug with link count only, so the Dirent layer informs the Inode if this is a replacing rename. Fixes #133 PiperOrigin-RevId: 239105698 Change-Id: I4450af2462d8ae3339def812287213d2cbeebde0
2019-03-18Internal changeFabricio Voznika
PiperOrigin-RevId: 239031539 Change-Id: I783127d0287a647d21de40c301c5a5c2e62b7640
2019-03-18Replace use of ucontext with ucontext_t.Kevin Krakauer
PiperOrigin-RevId: 239026571 Change-Id: Ifd01674855094f3abad497776f418023452033a1
2019-03-15Fix flaky RawPingAndSockets (and MultipleSocketsRecieve just in case).Kevin Krakauer
PiperOrigin-RevId: 238474202 Change-Id: Ib8c431e973e8cf1e1c8ee2f8c1978ddb8e88b0b8
2019-03-09Fix getsockopt(IP_MULTICAST_IF).Ian Gudger
getsockopt(IP_MULTICAST_IF) only supports struct in_addr. Also adds support for setsockopt(IP_MULTICAST_IF) with struct in_addr. PiperOrigin-RevId: 237620230 Change-Id: I75e7b5b3e08972164eb1906f43ddd67aedffc27c
2019-03-08Make IP_MULTICAST_LOOP and IP_MULTICAST_TTL allow setting int or char.Ian Gudger
This is the correct Linux behavior, and at least PHP depends on it. PiperOrigin-RevId: 237565639 Change-Id: I931af09c8ed99a842cf70d22bfe0b65e330c4137
2019-03-08Validate multicast addresses in multicast group operations.Ian Gudger
PiperOrigin-RevId: 237559843 Change-Id: I93a9d83a08cd3d49d5fc7fcad5b0710d0aa04aaa
2019-03-08Implement IP_MULTICAST_LOOP.Ian Gudger
IP_MULTICAST_LOOP controls whether or not multicast packets sent on the default route are looped back. In order to implement this switch, support for sending and looping back multicast packets on the default route had to be implemented. For now we only support IPv4 multicast. PiperOrigin-RevId: 237534603 Change-Id: I490ac7ff8e8ebef417c7eb049a919c29d156ac1c
2019-03-08Fix tests which fail in kokoroAndrei Vagin
* open_create_test_runsc_ptrace_shared doesn't expect the write access to / * exec_test_runsc_ptrace_shared could not find /usr/share/zoneinfo/ * clock_gettime_test_runsc_ptrace_shared didn't expect that a thread cpu time can be zero. * affinity_test_runsc_ptrace_shared expected minimum 3 cpus PiperOrigin-RevId: 237509429 Change-Id: I477937e5d2cdf3f8720836bfa972abd35d8220a3
2019-03-06Increase ipv4_udp_unbound_loopback size to mediumMichael Pratt
Now that tests aren't running in parallel, this test occassionally takes too long and times out. PiperOrigin-RevId: 237106971 Change-Id: I195a4b77315c9f5511c9e8ffadddb7aaa78beafd
2019-03-06Remove unsafe ScopedSigactionMichael Pratt
ScopedSigaction is not async-signal-safe, so it cannot be used after fork. Replace it with plain sigaction, which is safe. This is in a unique child anyways, so it doesn't need any cleanup. PiperOrigin-RevId: 237102411 Change-Id: I5c6ea373bbac67b9c4db204ceb1db62d338d9178
2019-03-05Priority-inheritance futex implementationFabricio Voznika
It is Implemented without the priority inheritance part given that gVisor defers scheduling decisions to Go runtime and doesn't have control over it. PiperOrigin-RevId: 236989545 Change-Id: I714c8ca0798743ecf3167b14ffeb5cd834302560
2019-03-05Add NoRandomSave to tests with correctness DisableSaveMichael Pratt
Tests using DisableSave because a portion of the test is *incompatible* with S/R clearly cannot use random S/R, as the saves may occur in the DisableSave critical section. Most such tests already have NoRandomSave. Add it to the rest. PiperOrigin-RevId: 236914708 Change-Id: Iee1cf044cfa7cb8d5aba21ddc130926218210c48
2019-03-04Make tmpfs respect MountNoATime now that fs.Handle is gone.Nicolas Lacasse
PiperOrigin-RevId: 236752802 Change-Id: I9e50600b2ae25d5f2ac632c4405a7a185bdc3c92