summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2020-06-05Merge pull request #2872 from kevinGC:ipt-skip-preroutinggVisor bot
PiperOrigin-RevId: 315041419
2020-06-05iptables: loopback traffic skips prerouting chainKevin Krakauer
Loopback traffic is not affected by rules in the PREROUTING chain. This change is also necessary for istio's envoy to talk to other components in the same pod.
2020-06-05Use top-down allocation for pgalloc.Adin Scannell
This change has multiple small components. First, the chunk size is bumped to 1GB in order to avoid creating excessive VMAs in the Sentry, which can lead to VMA exhaustion (and hitting limits). Second, gap-tracking is added to the usage set in order to efficiently scan for available regions. Third, reclaim is moved to a simple segment set. This is done to allow the order of reclaim to align with the Allocate order (which becomes much more complex when trying to track a "max page" as opposed to "min page", so we just track explicit segments instead, which should make reclaim scanning faster anyways). Finally, the findAvailable function attempts to scan from the top-down, in order to maximize opportunities for VMA merging in applications (hopefully preventing the same VMA exhaustion that can affect the Sentry). PiperOrigin-RevId: 315009249
2020-06-05Unshare files on execAndrei Vagin
The current task can share its fdtable with a few other tasks, but after exec, this should be a completely separate process. PiperOrigin-RevId: 314999565
2020-06-05Fix error code returned due to Port exhaustion.Bhasker Hariharan
For TCP sockets gVisor incorrectly returns EAGAIN when no ephemeral ports are available to bind during a connect. Linux returns EADDRNOTAVAIL. This change fixes gVisor to return the correct code and adds a test for the same. This change also fixes a minor bug for ping sockets where connect() would fail with EINVAL unless the socket was bound first. Also added tests for testing UDP Port exhaustion and Ping socket port exhaustion. PiperOrigin-RevId: 314988525
2020-06-05Merge pull request #2879 from avagin:test-hostinetgVisor bot
PiperOrigin-RevId: 314970516
2020-06-05Handle TCP segment split cases as per MSS.Mithun Iyer
- Always split segments larger than MSS. Currently, we base the segment split decision as a function of the send congestion window and MSS, which could be greater than the MSS advertised by remote. - While splitting segments, ensure the PSH flag is reset when there are segments that are queued to be sent. - With TCP_CORK, hold up segments up until MSS. Fix a bug in computing available send space before attempting to coalesce segments. Fixes #2832 PiperOrigin-RevId: 314802928
2020-06-04test/syscall: run hostnet tests in separate network namespacesAndrei Vagin
A few tests use hard coded port numbers, so we need to guruantee that these ports will not be used for somthing else.
2020-06-03Add test for O_TRUNCZach Koopmans
b/36576592 calls out an edge case previously not supported by HostFS. HostFS is currently being removed, meaning gVisor supports this feature. Simply add the test to open_test. PiperOrigin-RevId: 314610226
2020-06-03Avoid TCP segment split when out of sender window.Mithun Iyer
If the entire segment cannot be accommodated in the receiver advertised window and if there are still unacknowledged pending segments, skip splitting the segment. The segment transmit would get retried by the retransmit handler. PiperOrigin-RevId: 314538523
2020-06-02Check that two sockets with different types can't be connected to each otherAndrei Vagin
PiperOrigin-RevId: 314450191
2020-06-01Enable VFS2 to runsc syscall testsFabricio Voznika
Updates #1487 PiperOrigin-RevId: 314271995
2020-06-01Add inotify events for extended attributes and splice.Dean Deng
Splice, setxattr and removexattr should generate events. Note that VFS2 already generates events for extended attributes. Updates #1479. PiperOrigin-RevId: 314244261
2020-06-01Deflake pty_test_linux.Nicolas Lacasse
PiperOrigin-RevId: 314208973
2020-06-01Fix inotify test.Dean Deng
PiperOrigin-RevId: 314192441
2020-06-01Skip proc/pid/fd socket test for VFS1 only.Dean Deng
PiperOrigin-RevId: 314192359
2020-06-01Internal change.gVisor bot
PiperOrigin-RevId: 314157710
2020-05-29Test TCP should queue RECEIVE request in SYN-SENTZeling Feng
PiperOrigin-RevId: 313878910
2020-05-29Fix copied comment mistakes.Kevin Krakauer
PiperOrigin-RevId: 313862843
2020-05-29Merge pull request #2807 from kevinGC:iptables-sourcegVisor bot
PiperOrigin-RevId: 313842690
2020-05-29Move TCP to CLOSED from SYN-RCVD on RST.Mithun Iyer
RST handling is broken when the TCP state transitions from SYN-SENT to SYN-RCVD in case of simultaneous open. An incoming RST should trigger cleanup of the endpoint. RFC793, section 3.9, page 70. Fixes #2814 PiperOrigin-RevId: 313828777
2020-05-29Implement IN_EXCL_UNLINK inotify option in vfs2.Dean Deng
Limited to tmpfs. Inotify support in other filesystem implementations to follow. Updates #1479 PiperOrigin-RevId: 313828648
2020-05-29Internal change.gVisor bot
PiperOrigin-RevId: 313821986
2020-05-29runner: fix goroutine leakGaurav Singh
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
2020-05-29Port inotify to vfs2, with support in tmpfs.Dean Deng
Support in other filesystem impls is still needed. Unlike in Linux and vfs1, we need to plumb inotify down to each filesystem implementation in order to keep track of links/inode structures properly. IN_EXCL_UNLINK still needs to be implemented, as well as a few inotify hooks that are not present in either vfs1 or vfs2. Those will be addressed in subsequent changes. Updates #1479. PiperOrigin-RevId: 313781995
2020-05-28Enable iptables source filtering (-s/--source)Kevin Krakauer
2020-05-28Move Cleanup to its own packageFabricio Voznika
PiperOrigin-RevId: 313663382
2020-05-28Add pcap logging to pcaketimpact.Ian Gudger
This makes debugging packetimpact tests much easier. PiperOrigin-RevId: 313662654
2020-05-26Implement splice(2) and tee(2) for VFS2.Jamie Liu
Updates #138 PiperOrigin-RevId: 313326354
2020-05-26Automated rollback of changelist 311424257gVisor bot
PiperOrigin-RevId: 313300554
2020-05-21Skip socket tests only if running on vfs1.Dean Deng
PiperOrigin-RevId: 312763249
2020-05-21Fix IsRunningWithVFS1() on the runsc-based test runner.Jamie Liu
Updates #1035 PiperOrigin-RevId: 312736450
2020-05-21Fix TestTmpFileFabricio Voznika
Split check for file in /tmp from working directory test. Fix readonly case which should not fail to create working dir. PiperOrigin-RevId: 312702930
2020-05-21Add IsRunningWithVFS1 to test utilFabricio Voznika
VFS2 is adding more functionality than VFS1. In order to test new functionality, it's required to skip some tests with VFS1. To skip tests, use: SKIP_IF(IsRunningWithVFS1()); The test will run in Linux and gVisor with VFS2 enabled. Updates #1035 PiperOrigin-RevId: 312698616
2020-05-20Avoid all caps FIONREAD as test name.Jay Zhuang
PiperOrigin-RevId: 312596169
2020-05-20Test that we have PAWS mechanismZeling Feng
If there is a Timestamps option in the arriving segment and SEG.TSval < TS.Recent and if TS.Recent is valid, then treat the arriving segment as not acceptable: Send an acknowledgement in reply as specified in RFC-793 page 69 and drop the segment. https://tools.ietf.org/html/rfc1323#page-19 PiperOrigin-RevId: 312590678
2020-05-20Internal change.gVisor bot
PiperOrigin-RevId: 312559963
2020-05-19Skip itimer "fairness" tests on ptrace.Jamie Liu
With additional logging, the issue described by the new comment looks like: D0518 21:28:08.416810 6777 task_signals.go:459] [ 8] Notified of signal 27 D0518 21:28:08.416852 6777 task_block.go:223] [ 8] Interrupt queued D0518 21:28:08.417013 6777 task_run.go:250] [ 8] Switching to sentry D0518 21:28:08.417033 6777 task_signals.go:220] [ 8] Signal 27: delivering to handler D0518 21:28:08.417127 6777 task_run.go:248] [ 8] Switching to app D0518 21:28:08.443765 6777 task_signals.go:519] [ 8] Refusing masked signal 27 // ED: note the ~26ms elapsed since TID 8 "switched to app" D0518 21:28:08.443814 6777 task_signals.go:465] [ 6] Notified of group signal 27 D0518 21:28:08.443832 6777 task_block.go:223] [ 6] Interrupt queued D0518 21:28:08.443914 6777 task_block.go:223] [ 6] Interrupt queued D0518 21:28:08.443859 6777 task_run.go:250] [ 8] Switching to sentry I0518 21:28:08.443936 6777 strace.go:576] [ 8] exe E rt_sigreturn() Slow context switches on ptrace are probably due to kernel scheduling delays. Slow context switches on KVM are less clear, so leave that bug and TODO open. PiperOrigin-RevId: 312322782
2020-05-19Fix flaky udp tests by polling before reading.Dean Deng
On native Linux, calling recv/read right after send/write sometimes returns EWOULDBLOCK, if the data has not made it to the receiving socket (even though the endpoints are on the same host). Poll before reading to avoid this. Making this change also uncovered a hostinet bug (gvisor.dev/issue/2726), which is noted in this CL. PiperOrigin-RevId: 312320587
2020-05-18Support TCP options for packetimpactZeling Feng
PiperOrigin-RevId: 312119730
2020-05-14Make utimes_test pass on VFS2.Jamie Liu
PiperOrigin-RevId: 311657502
2020-05-14Internal change.gVisor bot
PiperOrigin-RevId: 311645222
2020-05-14Merge pull request #2663 from lubinszARM:pr_sigfp_forkgVisor bot
PiperOrigin-RevId: 311573552
2020-05-13Fix TCP segment retransmit timeout handling.Mithun Iyer
As per RFC 1122 and Linux retransmit timeout handling: - The segment retransmit timeout needs to exponentially increase and cap at a predefined value. - TCP connection needs to timeout after a predefined number of segment retransmissions. - TCP connection should not timeout when the retranmission timeout exceeds MaxRTO, predefined upper bound. Fixes #2673 PiperOrigin-RevId: 311463961
2020-05-13Stub support for TCP_SYNCNT and TCP_WINDOW_CLAMP.Bhasker Hariharan
This change adds support for TCP_SYNCNT and TCP_WINDOW_CLAMP options in GetSockOpt/SetSockOpt. This change does not really change any behaviour in Netstack and only stores/returns the stored value. Actual honoring of these options will be added as required. Fixes #2626, #2625 PiperOrigin-RevId: 311453777
2020-05-13Resolve remaining TODOs for tmpfs.Nicolas Lacasse
Closes #1197 PiperOrigin-RevId: 311438223
2020-05-13Automated rollback of changelist 311285868Bhasker Hariharan
PiperOrigin-RevId: 311424257
2020-05-13Enable overlayfs_stale_read by default for runsc.Jamie Liu
Linux 4.18 and later make reads and writes coherent between pre-copy-up and post-copy-up FDs representing the same file on an overlay filesystem. However, memory mappings remain incoherent: - Documentation/filesystems/overlayfs.rst, "Non-standard behavior": "If a file residing on a lower layer is opened for read-only and then memory mapped with MAP_SHARED, then subsequent changes to the file are not reflected in the memory mapping." - fs/overlay/file.c:ovl_mmap() passes through to the underlying FD without any management of coherence in the overlay. - Experimentally on Linux 5.2: ``` $ cat mmap_cat_page.c #include <err.h> #include <fcntl.h> #include <stdio.h> #include <string.h> #include <sys/mman.h> #include <unistd.h> int main(int argc, char **argv) { if (argc < 2) { errx(1, "syntax: %s [FILE]", argv[0]); } const int fd = open(argv[1], O_RDONLY); if (fd < 0) { err(1, "open(%s)", argv[1]); } const size_t page_size = sysconf(_SC_PAGE_SIZE); void* page = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, 0); if (page == MAP_FAILED) { err(1, "mmap"); } for (;;) { write(1, page, strnlen(page, page_size)); if (getc(stdin) == EOF) { break; } } return 0; } $ gcc -O2 -o mmap_cat_page mmap_cat_page.c $ mkdir lowerdir upperdir workdir overlaydir $ echo old > lowerdir/file $ sudo mount -t overlay -o "lowerdir=lowerdir,upperdir=upperdir,workdir=workdir" none overlaydir $ ./mmap_cat_page overlaydir/file old ^Z [1]+ Stopped ./mmap_cat_page overlaydir/file $ echo new > overlaydir/file $ cat overlaydir/file new $ fg ./mmap_cat_page overlaydir/file old ``` Therefore, while the VFS1 gofer client's behavior of reopening read FDs is only necessary pre-4.18, replacing existing memory mappings (in both sentry and application address spaces) with mappings of the new FD is required regardless of kernel version, and this latter behavior is common to both VFS1 and VFS2. Re-document accordingly, and change the runsc flag to enabled by default. New test: - Before this CL: https://source.cloud.google.com/results/invocations/5b222d2c-e918-4bae-afc4-407f5bac509b - After this CL: https://source.cloud.google.com/results/invocations/f28c747e-d89c-4d8c-a461-602b33e71aab PiperOrigin-RevId: 311361267
2020-05-13Replace test_runner.sh bash script with Go.Ian Gudger
PiperOrigin-RevId: 311285868
2020-05-12iptables: support gid match for owner matching.Nayana Bidari
- Added support for matching gid owner and invert flag for uid and gid. $ iptables -A OUTPUT -p tcp -m owner --gid-owner root -j ACCEPT $ iptables -A OUTPUT -p tcp -m owner ! --uid-owner root -j ACCEPT $ iptables -A OUTPUT -p tcp -m owner ! --gid-owner root -j DROP - Added tests for uid, gid and invert flags.