summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2021-03-16Fix a race with synRcvdCount and acceptMithun Iyer
There is a race in handling new incoming connections on a listening endpoint that causes the endpoint to reply to more incoming SYNs than what is permitted by the listen backlog. The race occurs when there is a successful passive connection handshake and the synRcvdCount counter is decremented, followed by the endpoint delivered to the accept queue. In the window of time between synRcvdCount decrementing and the endpoint being enqueued for accept, new incoming SYNs can be handled without honoring the listen backlog value, as the backlog could be perceived not full. Fixes #5637 PiperOrigin-RevId: 363279372
2021-03-16setgid directory support in overlayfsKevin Krakauer
PiperOrigin-RevId: 363276495
2021-03-15Deflake proc_test_nativeFabricio Voznika
Terminating tasks from other tests can mess up with the task list of the current test. Tests were changed to look for added/removed tasks, ignoring other tasks that may exist while the test is running. PiperOrigin-RevId: 363084261
2021-03-15Packetimpact test for ACK to OTW Seq segments behavior in CLOSINGZeling Feng
TCP, in CLOSING state, MUST send an ACK with next expected SEQ number after receiving any segment with OTW SEQ number and remain in the same state. While I am here, I also changed shutdown to behave the same as other calls in posix_server. PiperOrigin-RevId: 362976955
2021-03-14Fix race in tcp_retransmits_testMithun Iyer
The test queries for RTO via TCP_INFO and applies that to the rest of the test. The RTO is estimated by processing incoming ACK. There is a race in the test where we may query for RTO before the incoming ACK was processed. Fix the race in the test by letting the DUT complete a payload receive, thus estimating RTO before proceeding to query the RTO. Bump up the time correction to reduce flakes. PiperOrigin-RevId: 362865904
2021-03-11Support ICMP echo sockets on Linux DUTZeling Feng
By default net.ipv4.ping_group_range is set to "1 0" and no one (even the root) can create an ICMP socket. Setting it to "0 0" allows root, which we are inside the container, to create ICMP sockets for packetimpact tests. PiperOrigin-RevId: 362454201
2021-03-11Remove special casing of socket stress testKevin Krakauer
With /proc/sys/net/ipv4/ip_local_port_range implemented, the socket stress test runs in a more normal time and doesn't need to sacrifice coverage to prevent timeouts. PiperOrigin-RevId: 362443366
2021-03-11fusefs: Implement default_permissions and allow_other mount options.Rahat Mahmood
By default, fusefs defers node permission checks to the server. The default_permissions mount option enables the usual unix permission checks based on the node owner and mode bits. Previously fusefs was incorrectly checking permissions unconditionally. Additionally, fusefs should restrict filesystem access to processes started by the mount owner to prevent the fuse daemon from gaining priviledge over other processes. The allow_other mount option overrides this behaviour. Previously fusefs was incorrectly skipping this check. Updates #3229 PiperOrigin-RevId: 362419092
2021-03-10Add a rootfs filesystem to fs benchmarks. Also, fix fio benchmark.Zach Koopmans
The previous "bind" filesystem, already included in go/runsc-benchmarks is a remote re-validate mount. However, the non-re-validate mount was not present, and it has been added in the form of rootfs. Also, fix the fio runs to reads/writes of 10GB as running with --test.benchtime=Xs may scale beyond the memory available to tmpfs mounts on buildkite VMs. Currently, our buildkite pipelines are run on e2-standard-8 machines with 32GB of memory, allowing tmpfs mounts to safely be at least 10GB. PiperOrigin-RevId: 362143620
2021-03-09Fix invalid interface conversion in runnerFabricio Voznika
panic: interface conversion: interface {} is syscall.WaitStatus, not unix.WaitStatus goroutine 1 [running]: main.runTestCaseNative(0xc0001fc000, 0xe3, 0xc000119b60, 0x1, 0x1, 0x0, 0x0) test/runner/runner.go:185 +0xa94 main.main() test/runner/runner.go:118 +0x745 PiperOrigin-RevId: 361957796
2021-03-09Give TCP flags a dedicated typeZeling Feng
- Implement Stringer for it so that we can improve error messages. - Use TCPFlags through the code base. There used to be a mixed usage of byte, uint8 and int as TCP flags. PiperOrigin-RevId: 361940150
2021-03-09Allow reading from PTY into bad buffer to return EAGAIN.Nicolas Lacasse
Kernels after 3b830a9c return EAGAIN in this case. PiperOrigin-RevId: 361936327
2021-03-08Implement /proc/sys/net/ipv4/ip_local_port_rangeKevin Krakauer
Speeds up the socket stress tests by a couple orders of magnitude. PiperOrigin-RevId: 361721050
2021-03-08Fix proc test flakinessFabricio Voznika
Thread from earlier test can show up in `/proc/self/tasks` while the thread tears down. Account for that when searching for procs for the first time in the test. PiperOrigin-RevId: 361689673
2021-03-08Run shards in a single sandboxFabricio Voznika
Run all tests (or a given test partition) in a single sandbox. Previously, each individual unit test executed in a new sandbox, which takes much longer to execute. Before After Syscall tests: 37m22.768s 14m5.272s PiperOrigin-RevId: 361661726
2021-03-08Avoid a race with test peer advert and DUT sendMithun Iyer
Fix a race where the DUT could send out test data before it received the peer window advertisement. Such a race results in the DUT taking longer time to retransmit zero window probe, thus causing the test to fail receiving the last expected probe. To ensure this ordering, piggyback a non-zero payload with the zero window advertisement and let the DUT receive that, before continuing with the test. PiperOrigin-RevId: 361640241
2021-03-08Fix SocketInetLoopbackTest flakinessFabricio Voznika
Remove part of test that was making it flaky. It runs for native only, so not really important since it's not testing gVisor. Before: http://sponge2/37557c41-298e-408d-9b54-50ba3d41e22f After: http://sponge2/7bca72be-cb9b-42f8-8c54-af4956c39455 PiperOrigin-RevId: 361611512
2021-03-06[op] Replace syscall package usage with golang.org/x/sys/unix in test/.Ayush Ranjan
The syscall package has been deprecated in favor of golang.org/x/sys. Note that syscall is still used in some places because the following don't seem to have an equivalent in unix package: - syscall.SysProcIDMap - syscall.Credential Updates #214 PiperOrigin-RevId: 361332034
2021-03-05Gather uname information from DUTZeling Feng
Some OSs behave slightly differently, but still within the RFC. It can be useful to have access to uname information from the testbench. PiperOrigin-RevId: 361193766
2021-03-03Make dedicated methods for data operations in PacketBufferTing-Yu Wang
One of the preparation to decouple underlying buffer implementation. There are still some methods that tie to VectorisedView, and they will be changed gradually in later CLs. This CL also introduce a new ICMPv6ChecksumParams to replace long list of parameters when calling ICMPv6Checksum, aiming to be more descriptive. PiperOrigin-RevId: 360778149
2021-03-03Use struct embedding to avoid casts and reuse methodsZeling Feng
- Removed (*testbench.Connection)(&conn) like casts - Removed redundant definition of Drain, Close and ExpectFrame PiperOrigin-RevId: 360727788
2021-03-02[rack] Support running tcp_benchmarks with RACK.Ayush Ranjan
PiperOrigin-RevId: 360491700
2021-03-01tcp: endpoint.Write has to send all data that has been read from payloadAndrei Vagin
io.Reader.ReadFull returns the number of bytes copied and an error if fewer bytes were read. PiperOrigin-RevId: 360247614
2021-02-26Emit the errorTamir Duberstein
Without this change, the error produced is quite useless: --- FAIL: TestZeroWindowProbeRetransmit (11.44s) tcp_zero_window_probe_retransmit_test.go:81: expected a probe with sequence number 824638527212: loop 5 FAIL PiperOrigin-RevId: 359796370
2021-02-25Move SetNonblocking into posix_serverZeling Feng
- open flags can be different on different OSs, by putting SetNonblocking into the posix_server rather than the testbench, we can always get the right value for O_NONBLOCK - merged the tcp_queue_{send,receive}_in_syn_sent into a single file PiperOrigin-RevId: 359620630
2021-02-25Implement SEM_STAT_ANY cmd of semctl.Jing Chen
PiperOrigin-RevId: 359591577
2021-02-24Kernfs should not try to rename a file to itself.Nicolas Lacasse
One precondition of VFS.PrepareRenameAt is that the `from` and `to` dentries are not the same. Kernfs was not checking this, which could lead to a deadlock. PiperOrigin-RevId: 359385974
2021-02-24Add YAMA security module restrictions on ptrace(2).Dean Deng
Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723
2021-02-22unix: sendmmsg and recvmsg have to cap a number of message to UIO_MAXIOVAndrei Vagin
Reported-by: syzbot+f2489ba0b999a45d1ad1@syzkaller.appspotmail.com PiperOrigin-RevId: 358866218
2021-02-19Correctly set and respect b.N in fio benchmark.Zach Koopmans
fio should scale by written/read bytes and not iterate runs of the fio container. PiperOrigin-RevId: 358511771
2021-02-18Make socketops reflect correct sndbuf value for host UDS.Bhasker Hariharan
Also skips a test if the setsockopt to increase send buffer did not result in an increase. This is possible when the underlying socket is a host backed unix domain socket as in such cases gVisor does not permit increasing SO_SNDBUF. PiperOrigin-RevId: 358285158
2021-02-18Make b.N increase by KB not bytes on iperf.Zach Koopmans
Currently, iperf runs a client that scales by bytes sent. In practice, this causes b.N to scale slowly and have several short lived containers. Instead, scale by KB to more quickly reach required time. PiperOrigin-RevId: 358244926
2021-02-18Use standard want/got syntax in test errorsTamir Duberstein
Remove unused argument while I'm here and avoid returning syscall.Errno(0) which should rather be a nil error. PiperOrigin-RevId: 358227396
2021-02-18Remove side effect from pty testsFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 358207468
2021-02-17Deflake tcp_network_unreachable testZeling Feng
Previously, we make two connect attempts. If the first attempt is still on going when the second attempt is made, the test will fail. This change deflakes the situation by not making the second attempt, instead, we poll for the first attempt's completion and read the errno from SO_ERROR. PiperOrigin-RevId: 358104769
2021-02-17[infra] Update JDK11 version for java runtime tests.Ayush Ranjan
PiperOrigin-RevId: 358085809
2021-02-17Use TCP_INFO to get RTO in tcp_retransmits_testNayana Bidari
- TCP_INFO is used to get the RTO instead of calculating it manually. PiperOrigin-RevId: 358032487
2021-02-17Clean up test styleTamir Duberstein
- Wrap comments at 80 columns - Avoid duplicating the number of retries (5) - Reduce indentation - Use (*testing.T).Fatal rather than (*testing.T).Fatalf PiperOrigin-RevId: 358017412
2021-02-17Deflake //test/iptables:iptables_testKevin Krakauer
We were opening dual-stack sockets, but tests only set iptables rules for a single network protocol. Thus, packets (probably sent by previous tests) could sneak in and break tests. Tested with: bazel test ///test/iptables:iptables_test --test_arg=--runtime=runsc --nocache_test_results --test_output=errors --runs_per_test=1000 --test_filter=TestFilterInputDropUDP PiperOrigin-RevId: 357972385
2021-02-12Remove packetimpact test tcp_reorderingNayana Bidari
Remove flaky tcp_reordering_test as it does not check reordering. We have added new reorder tests in tcp_rack_test.go PiperOrigin-RevId: 357278769
2021-02-12Rename params for iperf and tensorflow.Zach Koopmans
Rename operation params in iperf and tensorflow to match other similar benchmarks. PiperOrigin-RevId: 357250304
2021-02-12Fix bug with iperf and don't profile runc.Zach Koopmans
Fix issue with iperf where b.N wasn't changing across runs. Also, if the given runtime is runc/not given, don't run a profile against it. PiperOrigin-RevId: 357231450
2021-02-12tests: getsockname expects that addrlen will be initializedAndrei Vagin
PiperOrigin-RevId: 357224877
2021-02-11iptables test: Implement testCase interface on pointersToshi Kikuchi
Implementing interfaces on value types causes the interface to be implemented by both the value type and the pointer type of the implementer. This complicates type assertion as it requires the assertion to check for both the pointer type and the value type. PiperOrigin-RevId: 357061063
2021-02-11Implement semtimedop.Jing Chen
PiperOrigin-RevId: 357031904
2021-02-11Assign controlling terminal when tty is opened and support NOCTTYKevin Krakauer
PiperOrigin-RevId: 357015186
2021-02-10Support setgid directories in tmpfs and kernfsKevin Krakauer
PiperOrigin-RevId: 356868412
2021-02-10Update benchmarks README.mdZach Koopmans
PiperOrigin-RevId: 356843249
2021-02-10Retry RST expectation in tcp_synrcvd_reset_testMithun Iyer
Deflake this test by retransmitting the ACK and retrying RST expectation after the supposed state transition to CLOSED. This gives time for the state transition to complete. Without such a retransmit from the test, the ACK could get silently dropped by the listener when the passively connecting endpoint has not yet completely updated the state (in gVisor this would be endpoint state and decrement of synRcvdCount). PiperOrigin-RevId: 356825562
2021-02-09Add support for setting SO_SNDBUF for unix domain sockets.Bhasker Hariharan
The limits for snd/rcv buffers for unix domain socket is controlled by the following sysctls on linux - net.core.rmem_default - net.core.rmem_max - net.core.wmem_default - net.core.wmem_max Today in gVisor we do not expose these sysctls but we do support setting the equivalent in netstack via stack.Options() method. But AF_UNIX sockets in gVisor can be used without netstack, with hostinet or even without any networking stack at all. Which means ideally these sysctls need to live as globals in gVisor. But rather than make this a big change for now we hardcode the limits in the AF_UNIX implementation itself (which in itself is better than where we were before) where it SO_SNDBUF was hardcoded to 16KiB. Further we bump the initial limit to a default value of 208 KiB to match linux from the paltry 16 KiB we use today. Updates #5132 PiperOrigin-RevId: 356665498