summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2020-07-09Update shim to build using bazel.Adin Scannell
The go.mod dependency tree for the shim was somehow contradictory. After resolving these issues (e.g. explicitly imported k8s 1.14, pulling a specific dbus version), and adding all dependencies, the shim can now be build as part of the regular bazel tree. As part of this process, minor cleanup was done in all the source files: headers were standardized (and include "The gVisor Authors" in addition to the "The containerd Authors" if originally derived from containerd sources), and comments were cleaned up to meet coding standards. This change makes the containerd installation dynamic, so that multiple versions can be tested, and drops the static installer for the VM image itself. This change also updates test/root/crictl_test.go and related utilities, so that the containerd tests can be run on any version (and in cases where it applies, they can be run on both v1 and v2 as parameterized tests).
2020-07-09Merge gvisor-containerd-shimAdin Scannell
2020-07-09Add support for IP_HDRINCL IP option for raw sockets.Bhasker Hariharan
Updates #2746 Fixes #3158 PiperOrigin-RevId: 320497190
2020-07-08Merge pull request #3171 from kevinGC:ipv6-kokorogVisor bot
PiperOrigin-RevId: 320290162
2020-07-08ip6tables: handle both IPv4 and v6 addressesKevin Krakauer
Enabling IPv6 in Docker caused IPv4 tests to fail because localAddrs didn't distinguish between address types. Example failure: https://source.cloud.google.com/results/invocations/203b2401-3333-4bec-9a56-72cc53d68ddd/log
2020-07-08Move all tests to new docker API.Zach Koopmans
Moves following to new dockerutil API: - //test/e2e:integration_test - //test/image:image_test - //test/iptables:iptables_test - //test/root:root_test - //test/packetimpact:packetimpact_test PiperOrigin-RevId: 320253118
2020-07-08Enable shards in runtime test runner.Ayush Ranjan
Fixed an issue with the runtime test runner which enables us to run tests in shards. We had to touch the status file as indicated by an env var. PiperOrigin-RevId: 320236205
2020-07-07Deflake exec test.Jamie Liu
- Only use MAXSYMLINKS/2+1 symlinks for each of the interpreter and script paths in SymlinkLimitRefreshedForInterpreter to tolerate cases where the original paths (/tmp, /bin, or /bin/echo) themselves contain symlinks. - Ensure that UnshareFiles performs execve immediately after clone(CLONE_VFORK) (no heap allocation for ExecveArray/RunfilesPath). - Use lstat() rather than stat() for the existence check in fs_util's Exists; the latter will fail if the symlink target does not exist, even if the symlink does. PiperOrigin-RevId: 320110156
2020-07-07Set IPv4 ID on all non-atomic datagramsTony Gong
RFC 6864 imposes various restrictions on the uniqueness of the IPv4 Identification field for non-atomic datagrams, defined as an IP datagram that either can be fragmented (DF=0) or is already a fragment (MF=1 or positive fragment offset). In order to be compliant, the ID field is assigned for all non-atomic datagrams. Add a TCP unit test that induces retransmissions and checks that the IPv4 ID field is unique every time. Add basic handling of the IP_MTU_DISCOVER socket option so that the option can be used to disable PMTU discovery, effectively setting DF=0. Attempting to set the sockopt to anything other than disabled will fail because PMTU discovery is currently not implemented, and the default behavior matches that of disabled. PiperOrigin-RevId: 320081842
2020-07-07Fix mknod and inotify syscall testAyush Ranjan
This change fixes a few things: - creating sockets using mknod(2) is supported via vfs2 - fsgofer can create regular files via mknod(2) - mode = 0 for mknod(2) will be interpreted as regular file in vfs2 as well Updates #2923 PiperOrigin-RevId: 320074267
2020-07-06Add support for SO_RCVBUF/SO_SNDBUF for AF_PACKET sockets.Bhasker Hariharan
Updates #2746 PiperOrigin-RevId: 319887810
2020-07-06Merge pull request #3110 from craig08:add-missing-ICRNLgVisor bot
PiperOrigin-RevId: 319827554
2020-07-03Improve failure messageTamir Duberstein
Currently this test produces an error resembling tcp_zero_window_probe_retransmit_test.go:92: zero probe came sooner interval 3200179405 probe 4 which is approximately useless. PiperOrigin-RevId: 319572263
2020-07-03Update build rule to appease deprecationTamir Duberstein
Before this change, running packetimpact tests produces: parameter 'direct' must contain a list of elements, and may no longer accept a depset. The deprecated behavior may be temporarily re-enabled by setting --incompatible_disable_depset_inputs=false The positional parameter to depset has been changed to mean `direct` rather than its previous meaning of `items`. The documentation[0] explains: A positional parameter distinct from other parameters for legacy support. If --incompatible_disable_depset_items is false, this parameter serves as the value of items. If --incompatible_disable_depset_items is true, this parameter serves as the value of direct. See the documentation for these parameters for more details. [0] https://docs.bazel.build/versions/master/skylark/lib/globals.html PiperOrigin-RevId: 319555138
2020-07-01Update preadv2/pwritev2 flag handling in vfs2.Dean Deng
We do not support RWF_SYNC/RWF_DSYNC and probably shouldn't silently accept them, since the user may incorrectly believe that we are synchronizing I/O. Remove the pwritev2 test verifying that we support these flags. gvisor.dev/issue/2601 is the tracking bug for deciding which RWF_.* flags we need and supporting them. Updates #2923, #2601. PiperOrigin-RevId: 319351286
2020-07-01[vfs2][gofer] Fix mmap syscall test.Ayush Ranjan
We were not invalidating mappings when the file size changed in shared mode. Enabled the syscall test for vfs2. Updates #2923 PiperOrigin-RevId: 319346569
2020-07-01Port vfs1 implementation of sync_file_range to vfs2.Dean Deng
Currently, we always perform a full-file sync which could be extremely expensive for some applications. Although vfs1 did not fully support sync_file_range, there were some optimizations that allowed us skip some unnecessary write-outs. Updates #2923, #1897. PiperOrigin-RevId: 319324213
2020-07-01TCP receive should block when in SYN-SENT state.Mithun Iyer
The application can choose to initiate a non-blocking connect and later block on a read, when the endpoint is still in SYN-SENT state. PiperOrigin-RevId: 319311016
2020-07-01Use directory fds in sticky test to avoid permission issues.Dean Deng
After we change credentials, it is possible that we no longer have access to the sticky directory where we are trying to delete files. Use an open fd so this is not an issue. PiperOrigin-RevId: 319306255
2020-07-01Port fallocate to VFS2.Zach Koopmans
PiperOrigin-RevId: 319283715
2020-07-01Add test env variable "fuchsia"Jay Zhuang
... so that Fuchsia gets the same special cases applied to gVisor in tests when this envrionment variable is set. PiperOrigin-RevId: 319239064
2020-07-01Complete async signal delivery support in vfs2.Dean Deng
- Support FIOASYNC, FIO{SET,GET}OWN, SIOC{G,S}PGRP (refactor getting/setting owner in the process). - Unset signal recipient when setting owner with pid == 0 and valid owner type. Updates #2923. PiperOrigin-RevId: 319231420
2020-06-30Fix two bugs in TCP sender.Bhasker Hariharan
a) When GSO is in use we should not cap the segment to maxPayloadSize in sender.maybeSendSegment as the GSO logic will cap the segment to the correct size. Without this the host GSO is not used as we end up breaking up large segments into small MSS sized segments before writing the packets to the host. b) The check to not split a segment due to it not fitting in the receiver window when there are pending segments is incorrect as segments in writeList can be really large as we just take the write call's buffer size and create a single large segment. So a write of say 128KB will just be 1 segment in the writeList. The linux code checks if 1 MSS sized segments fits in the receiver's window and if not then does not split the current segment. gVisor's check was incorrect that it was checking if the whole segment which could be >>> 1 MSS would fit in the receiver's window. This was causing us to prematurely stop sending and falling back to retransmit timer/probe from the other end to send data. This was seen when running HTTPD benchmarks where @ HEAD when sending large files the benchmark was taking forever to run. The tcp_splitseg_mss_test.go is being deleted as the test as written doesn't test what is intended correctly. This is because GSO is enabled by default and the reason the MSS+1 sized segment is sent is because GSO is in use. A proper test will require disabling GSO on linux and netstack which is going to take a bit of work in packetimpact to do it correctly. Separately a new test probably should be written that verifies that a segment > availableWindow is not split if the availableWindow is < 1 MSS. Fixes #3107 PiperOrigin-RevId: 319172089
2020-06-30Remove struct packing to fix compiler warning.Dean Deng
-Waddress-of-packed-member warns on inet_aton() being used with a packed struct member. This was added in cl/291990716. PiperOrigin-RevId: 319111253
2020-06-30Add build target for the provisional style guide.Dean Deng
This includes the provisional style guide in the website and fixes the broken link from CONTRIBUTING.md. The style guide will be located under the "Community" category as it's related to contributing to the project. Also, add missing includes that were causing some presubmits to fail. PiperOrigin-RevId: 319061410
2020-06-30Add missing ICRNL flag in master termios testCraig Chi
Closes #2768
2020-06-29Refactor udp_socket_testZach Koopmans
Bring udp_socket_test into complianc by: - Eliminating IsRunningOnGvisor() invocations. - Wrapping sockets in RAII FileDescriptor objects. - Creating a Bind() method so that the first bind happens on port 0. PiperOrigin-RevId: 318909396
2020-06-27Port GETOWN, SETOWN fcntls to vfs2.Dean Deng
Also make some fixes to vfs1's F_SETOWN. The fcntl test now entirely passes on vfs2. Fixes #2920. PiperOrigin-RevId: 318669529
2020-06-27Support sticky bit in vfs2.Dean Deng
Updates #2923. PiperOrigin-RevId: 318648128
2020-06-26Add tests for eventfd/timerfd/inotify operations that should return ESPIPE.Dean Deng
PiperOrigin-RevId: 318585377
2020-06-26IPv6 raw sockets. Needed for ip6tables.Kevin Krakauer
IPv6 raw sockets never include the IPv6 header. PiperOrigin-RevId: 318582989
2020-06-26Implement SO_NO_CHECK socket option.gVisor bot
SO_NO_CHECK is used to skip the UDP checksum generation on a TX socket (UDP checksum is optional on IPv4). Test: - TestNoChecksum - SoNoCheckOffByDefault (UdpSocketTest) - SoNoCheck (UdpSocketTest) Fixes #3055 PiperOrigin-RevId: 318575215
2020-06-26Packetimpact test for IPv6 unknown options actionZeling Feng
The Option Type identifiers are internally encoded such that their highest-order two bits specify the action that must be taken if the processing IPv6 node does not recognize the Option Type: 00 - skip over this option and continue processing the header. 01 - discard the packet. 10 - discard the packet and, regardless of whether or not the packet's Destination Address was a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. 11 - discard the packet and, only if the packet's Destination Address was not a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. PiperOrigin-RevId: 318566613
2020-06-26Require CAP_SYS_ADMIN in the root user namespace for TTY theftKevin Krakauer
PiperOrigin-RevId: 318563543
2020-06-26Support IPv6 extension headers in packetimpact tests.Zeling Feng
- IPv6 HopByHop Options Extension Header - IPv6 Destination Options Extension Header PiperOrigin-RevId: 318551425
2020-06-26Support inotify IN_ONESHOT.Dean Deng
Also, while we're here, make sure that gofer inotify events are generated when files are created in remote revalidating mode. Updates #1479. PiperOrigin-RevId: 318536354
2020-06-25Test that the fuse device can be openedRidwan Sharif
2020-06-25Moved FUSE device under the fuse directoryRidwan Sharif
2020-06-25Add FUSE character deviceRidwan Sharif
This change adds a FUSE character device backed by devtmpfs. This device will be used to establish a connection between the FUSE server daemon and fusefs. The FileDescriptionImpl methods will be implemented as we flesh out fusefs some more. The tests assert that the device can be opened and used.
2020-06-24Fix procfs bugs in vfs2.Dean Deng
- Support writing on proc/[pid]/{uid,gid}map - Return EIO for writing to static files. Updates #2923. PiperOrigin-RevId: 318188503
2020-06-24Internal change.gVisor bot
PiperOrigin-RevId: 318180382
2020-06-24Port /dev/net/tun device to VFS2.Nicolas Lacasse
Updates #2912 #1035 PiperOrigin-RevId: 318162565
2020-06-23Add support for SO_REUSEADDR to TCP sockets/endpoints.Ian Gudger
For TCP sockets, SO_REUSEADDR relaxes the rules for binding addresses. gVisor/netstack already supported a behavior similar to SO_REUSEADDR, but did not allow disabling it. This change brings the SO_REUSEADDR behavior closer to the behavior implemented by Linux and adds a new SO_REUSEADDR disabled behavior. Like Linux, SO_REUSEADDR is now disabled by default. PiperOrigin-RevId: 317984380
2020-06-23Port /dev/tty device to VFS2.Nicolas Lacasse
Support is limited to the functionality that exists in VFS1. Updates #2923 #1035 PiperOrigin-RevId: 317981417
2020-06-23Complete inotify IN_EXCL_UNLINK implementation in VFS2.Dean Deng
Events were only skipped on parent directories after their children were unlinked; events on the unlinked file itself need to be skipped as well. As a result, all Watches.Notify() calls need to know whether the dentry where the call came from was unlinked. Updates #1479. PiperOrigin-RevId: 317979476
2020-06-23Nit fix: Create and use a std::string object for `const char*`.Ting-Yu Wang
PiperOrigin-RevId: 317973144
2020-06-23Support inotify in vfs2 gofer fs.Dean Deng
Because there is no inode structure stored in the sandbox, inotify watches must be held on the dentry. This would be an issue in the presence of hard links, where multiple dentries would need to share the same set of watches, but in VFS2, we do not support the internal creation of hard links on gofer fs. As a result, we make the assumption that every dentry corresponds to a unique inode. Furthermore, dentries can be cached and then evicted, even if the underlying file has not be deleted. We must prevent this from occurring if there are any watches that would be lost. Note that if the dentry was deleted or invalidated (d.vfsd.IsDead()), we should still destroy it along with its watches. Additionally, when a dentry’s last watch is removed, we cache it if it also has zero references. This way, the dentry can eventually be evicted from memory if it is no longer needed. This is accomplished with a new dentry method, OnZeroWatches(), which is called by Inotify.RmWatch and Inotify.Release. Note that it must be called after all inotify locks are released to avoid violating lock order. Stress tests are added to make sure that inotify operations don't deadlock with gofer.OnZeroWatches. Updates #1479. PiperOrigin-RevId: 317958034
2020-06-23Deflake proc test: Don't fail on DT_UNKNOWN.Ting-Yu Wang
Per manual page: "All applications must properly handle a return of DT_UNKNOWN." PiperOrigin-RevId: 317957013
2020-06-23Port readahead to VFS2.Nicolas Lacasse
It preserves the same functionality (almost none) as in VFS1. Updates #2923 #1035 PiperOrigin-RevId: 317943522
2020-06-23Internal change.gVisor bot
PiperOrigin-RevId: 317941748