summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2021-02-24Kernfs should not try to rename a file to itself.Nicolas Lacasse
One precondition of VFS.PrepareRenameAt is that the `from` and `to` dentries are not the same. Kernfs was not checking this, which could lead to a deadlock. PiperOrigin-RevId: 359385974
2021-02-24Add YAMA security module restrictions on ptrace(2).Dean Deng
Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723
2021-02-22unix: sendmmsg and recvmsg have to cap a number of message to UIO_MAXIOVAndrei Vagin
Reported-by: syzbot+f2489ba0b999a45d1ad1@syzkaller.appspotmail.com PiperOrigin-RevId: 358866218
2021-02-19Correctly set and respect b.N in fio benchmark.Zach Koopmans
fio should scale by written/read bytes and not iterate runs of the fio container. PiperOrigin-RevId: 358511771
2021-02-18Make socketops reflect correct sndbuf value for host UDS.Bhasker Hariharan
Also skips a test if the setsockopt to increase send buffer did not result in an increase. This is possible when the underlying socket is a host backed unix domain socket as in such cases gVisor does not permit increasing SO_SNDBUF. PiperOrigin-RevId: 358285158
2021-02-18Make b.N increase by KB not bytes on iperf.Zach Koopmans
Currently, iperf runs a client that scales by bytes sent. In practice, this causes b.N to scale slowly and have several short lived containers. Instead, scale by KB to more quickly reach required time. PiperOrigin-RevId: 358244926
2021-02-18Use standard want/got syntax in test errorsTamir Duberstein
Remove unused argument while I'm here and avoid returning syscall.Errno(0) which should rather be a nil error. PiperOrigin-RevId: 358227396
2021-02-18Remove side effect from pty testsFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 358207468
2021-02-17Deflake tcp_network_unreachable testZeling Feng
Previously, we make two connect attempts. If the first attempt is still on going when the second attempt is made, the test will fail. This change deflakes the situation by not making the second attempt, instead, we poll for the first attempt's completion and read the errno from SO_ERROR. PiperOrigin-RevId: 358104769
2021-02-17[infra] Update JDK11 version for java runtime tests.Ayush Ranjan
PiperOrigin-RevId: 358085809
2021-02-17Use TCP_INFO to get RTO in tcp_retransmits_testNayana Bidari
- TCP_INFO is used to get the RTO instead of calculating it manually. PiperOrigin-RevId: 358032487
2021-02-17Clean up test styleTamir Duberstein
- Wrap comments at 80 columns - Avoid duplicating the number of retries (5) - Reduce indentation - Use (*testing.T).Fatal rather than (*testing.T).Fatalf PiperOrigin-RevId: 358017412
2021-02-17Deflake //test/iptables:iptables_testKevin Krakauer
We were opening dual-stack sockets, but tests only set iptables rules for a single network protocol. Thus, packets (probably sent by previous tests) could sneak in and break tests. Tested with: bazel test ///test/iptables:iptables_test --test_arg=--runtime=runsc --nocache_test_results --test_output=errors --runs_per_test=1000 --test_filter=TestFilterInputDropUDP PiperOrigin-RevId: 357972385
2021-02-12Remove packetimpact test tcp_reorderingNayana Bidari
Remove flaky tcp_reordering_test as it does not check reordering. We have added new reorder tests in tcp_rack_test.go PiperOrigin-RevId: 357278769
2021-02-12Rename params for iperf and tensorflow.Zach Koopmans
Rename operation params in iperf and tensorflow to match other similar benchmarks. PiperOrigin-RevId: 357250304
2021-02-12Fix bug with iperf and don't profile runc.Zach Koopmans
Fix issue with iperf where b.N wasn't changing across runs. Also, if the given runtime is runc/not given, don't run a profile against it. PiperOrigin-RevId: 357231450
2021-02-12tests: getsockname expects that addrlen will be initializedAndrei Vagin
PiperOrigin-RevId: 357224877
2021-02-11iptables test: Implement testCase interface on pointersToshi Kikuchi
Implementing interfaces on value types causes the interface to be implemented by both the value type and the pointer type of the implementer. This complicates type assertion as it requires the assertion to check for both the pointer type and the value type. PiperOrigin-RevId: 357061063
2021-02-11Implement semtimedop.Jing Chen
PiperOrigin-RevId: 357031904
2021-02-11Assign controlling terminal when tty is opened and support NOCTTYKevin Krakauer
PiperOrigin-RevId: 357015186
2021-02-10Support setgid directories in tmpfs and kernfsKevin Krakauer
PiperOrigin-RevId: 356868412
2021-02-10Update benchmarks README.mdZach Koopmans
PiperOrigin-RevId: 356843249
2021-02-10Retry RST expectation in tcp_synrcvd_reset_testMithun Iyer
Deflake this test by retransmitting the ACK and retrying RST expectation after the supposed state transition to CLOSED. This gives time for the state transition to complete. Without such a retransmit from the test, the ACK could get silently dropped by the listener when the passively connecting endpoint has not yet completely updated the state (in gVisor this would be endpoint state and decrement of synRcvdCount). PiperOrigin-RevId: 356825562
2021-02-09Add support for setting SO_SNDBUF for unix domain sockets.Bhasker Hariharan
The limits for snd/rcv buffers for unix domain socket is controlled by the following sysctls on linux - net.core.rmem_default - net.core.rmem_max - net.core.wmem_default - net.core.wmem_max Today in gVisor we do not expose these sysctls but we do support setting the equivalent in netstack via stack.Options() method. But AF_UNIX sockets in gVisor can be used without netstack, with hostinet or even without any networking stack at all. Which means ideally these sysctls need to live as globals in gVisor. But rather than make this a big change for now we hardcode the limits in the AF_UNIX implementation itself (which in itself is better than where we were before) where it SO_SNDBUF was hardcoded to 16KiB. Further we bump the initial limit to a default value of 208 KiB to match linux from the paltry 16 KiB we use today. Updates #5132 PiperOrigin-RevId: 356665498
2021-02-09Make RPCTimeout for udp_send_recv_dgram to be 500 milliseconds.Zeling Feng
The test will sometimes fail on Bind calls using the old RPCTimeout. PiperOrigin-RevId: 356646668
2021-02-09Fix fd leak from testFabricio Voznika
PiperOrigin-RevId: 356587965
2021-02-09kernel: reparentLocked has to update children maps of old and new parentsAndrei Vagin
Reported-by: syzbot+9ffc71246fe72c73fc25@syzkaller.appspotmail.com PiperOrigin-RevId: 356536113
2021-02-09pipe: writeLocked has to return ErrWouldBlock if the pipe is fullAndrei Vagin
PiperOrigin-RevId: 356450303
2021-02-08Allow UDP sockets connect()ing to port 0Zeling Feng
We previously return EINVAL when connecting to port 0, however this is not the observed behavior on Linux. One of the observable effects after connecting to port 0 on Linux is that getpeername() will fail with ENOTCONN. PiperOrigin-RevId: 356413451
2021-02-08exec: don't panic if an elf file is malformedAndrei Vagin
Reported-by: syzbot+d54bc27a15aefe52c330@syzkaller.appspotmail.com PiperOrigin-RevId: 356406975
2021-02-05[vfs] Handle `.` and `..` as last path component names in kernfs Rename.Ayush Ranjan
According to vfs.FilesystemImpl.RenameAt documentation: - If the last path component in rp is "." or "..", and opts.Flags contains RENAME_NOREPLACE, RenameAt returns EEXIST. - If the last path component in rp is "." or "..", and opts.Flags does not contain RENAME_NOREPLACE, RenameAt returns EBUSY. Reported-by: syzbot+6189786e64fe13fe43f8@syzkaller.appspotmail.com PiperOrigin-RevId: 355959266
2021-02-04Call kernfs.syntheticDir.InitRefs() on creation.Nicolas Lacasse
PiperOrigin-RevId: 355675900
2021-02-04Fix flaky packetimpact testNayana Bidari
PiperOrigin-RevId: 355645297
2021-02-04[infra] Do not recompile integration test executables each time.Ayush Ranjan
Instead build the executable into the image. PiperOrigin-RevId: 355631672
2021-02-03[vfs] Make sticky bit check consistent with Linux.Ayush Ranjan
Our implementation of vfs.CheckDeleteSticky was not consistent with Linux, specifically not consistent with fs/linux.h:check_sticky(). One of the biggest differences was that the vfs implementation did not allow the owner of the sticky directory to delete files inside it that belonged to other users. This change makes our implementation consistent with Linux. Also adds an integration test to check for this. This bug is also present in VFS1. Updates #3027 PiperOrigin-RevId: 355557425
2021-02-03Compile-time constants are constexprTamir Duberstein
PiperOrigin-RevId: 355506299
2021-02-02Add support for rate limiting out of window ACKs.Bhasker Hariharan
Netstack today will send dupACK's with no rate limit for incoming out of window segments. This can result in ACK loops for example if a TCP socket connects to itself (actually permitted by TCP). Where the ACK sent in response to packets being out of order itself gets considered as an out of window segment resulting in another ACK being generated. PiperOrigin-RevId: 355206877
2021-02-02Assert TCP_INFO size before checking contentTamir Duberstein
Also sync syscall test expectations on Fuchisa. PiperOrigin-RevId: 355163492
2021-02-01Add RACK reorder tests.Nayana Bidari
PiperOrigin-RevId: 355067082
2021-02-01[infra] Consolidate all ubuntu tests into one image.Ayush Ranjan
This makes it easier to add more tests that run on Ubuntu. We can now just add a bash script and call that from integration_test without having to set up another image. PiperOrigin-RevId: 355000410
2021-02-01Assert expected size before unmarshallingTamir Duberstein
...to prevent panicking in case of failure. PiperOrigin-RevId: 354970257
2021-01-30Remove side effect from open testsFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 354730126
2021-01-29setgid directory syscall testsKevin Krakauer
PiperOrigin-RevId: 354615220
2021-01-29Remove side effect from test casesFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 354604389
2021-01-29- Add more comments for the TCP_INFO struct fields.Nayana Bidari
PiperOrigin-RevId: 354595623
2021-01-28Change EXPECT/ASSERT to TEST_CHECK inside InForkedProcessFabricio Voznika
PiperOrigin-RevId: 354441239
2021-01-28Re-enable ipv4 reassembly packetimpact testsArthur Sfez
When these specific tests were first added, they would fail when ran by kokoro during the presubmit tests (but they always passed locally). These tests are now passing, so they can be re-enabled. Unclear what changed, one hypothesis is the move from kokoro to buildkite. Fixes #4971 PiperOrigin-RevId: 354425395
2021-01-28Make tcp_noaccept_close_rst more robustZeling Feng
There used to be a race condition where we may call Close before the connection is established. Adding poll support so that we can eliminate this kind of race. Startblock: has LGTM from iyerm and then add reviewer tamird PiperOrigin-RevId: 354369130
2021-01-28Add O_PATH support in vfs2gVisor bot
PiperOrigin-RevId: 354367665
2021-01-28Correctly check permissions in ping socket testTamir Duberstein
The previous check was using SOCK_RAW, despite the fact that the test only uses SOCK_DGRAM. Simplify the test machinery while I'm here. PiperOrigin-RevId: 354359842