summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2020-11-06Fix infinite loop when splicing to pipes/eventfds.Nicolas Lacasse
Writes to pipes of size < PIPE_BUF are guaranteed to be atomic, so writes larger than that will return EAGAIN if the pipe has capacity < PIPE_BUF. Writes to eventfds will return EAGAIN if the write would cause the eventfd value to go over the max. In both such cases, calling Ready() on the FD will return true (because it is possible to write), but specific kinds of writes will in fact return EAGAIN. This CL fixes an infinite loop in splice and sendfile (VFS1 and VFS2) by forcing skipping the readiness check for the outfile in send, splice, and tee. PiperOrigin-RevId: 341102260
2020-11-06Do not send to the zero portGhanan Gowripalan
Port 0 is not meant to identify any remote port so attempting to send a packet to it should return an error. PiperOrigin-RevId: 341009528
2020-11-05[runtime tests] Add partitions to runtime tests.Ayush Ranjan
This will allow us to run massive runtime tests live java to run in parallel across multiple jobs. PiperOrigin-RevId: 340956246
2020-11-05Fix failure setting OOM score adjustmentFabricio Voznika
When OOM score adjustment needs to be set, all the containers need to be loaded to find all containers that belong to the sandbox. However, each load signals the container to ensure it is still alive. OOM score adjustment is set during creation and deletion of every container, generating a flood of signals to all containers. The fix removes the signal check when it's not needed. There is also a race fetching OOM score adjustment value from the parent when the sandbox exits at the same time (the time it took to signal containers above made this window quite large). The fix is to store the original value in the sandbox state file and use it when the value needs to be restored. Also add more logging and made the existing ones more consistent to help with debugging. PiperOrigin-RevId: 340940799
2020-11-05[runtime tests] Exclude ext/pcre/tests/cache_limit.phpt.Ayush Ranjan
PiperOrigin-RevId: 340925131
2020-11-05Deflake semaphore_test.Jamie Liu
- Disable saving in tests that wait for EINTR. - Do not execute async-signal-unsafe code after fork() (see fork(2)'s manpage, "After a fork in a multithreaded program ...") - Check for errors returned by semctl(GETZCNT). PiperOrigin-RevId: 340901353
2020-11-04Make the regex for inet6Line in packetimpact/netdevs more accurateZeling Feng
PiperOrigin-RevId: 340763455
2020-11-02Implement command GETZCNT for semctl.Jing Chen
PiperOrigin-RevId: 340389884
2020-11-02Clean up the code of setupTimeWaitCloseAndrei Vagin
The active_closefd has to be shutdown only for write, otherwise the second poll will always return immediately. The second poll should not be called from a separate thread. PiperOrigin-RevId: 340319071
2020-11-02Block external network for testsAndrei Vagin
And in this case, tests will run in separate network namespaces and will not affect each other. PiperOrigin-RevId: 340267734
2020-11-01Fix returned error when deleting non-existant addressIan Lewis
PiperOrigin-RevId: 340149214
2020-10-31net/tcpip: connect to unset loopback address has to return EADDRNOTAVAILAndrei Vagin
In the docker container, the ipv6 loopback address is not set, and connect("::1") has to return ENEADDRNOTAVAIL in this case. Without this fix, it returns EHOSTUNREACH. PiperOrigin-RevId: 340002915
2020-10-30Separate kernel.Task.AsCopyContext() into CopyContext() and OwnCopyContext().Jamie Liu
kernel.copyContext{t} cannot be used outside of t's task goroutine, for three reasons: - t.CopyScratchBuffer() is task-goroutine-local. - Calling t.MemoryManager() without running on t's task goroutine or locking t.mu violates t.MemoryManager()'s preconditions. - kernel.copyContext passes t as context.Context to MM IO methods, which is illegal outside of t's task goroutine (cf. kernel.Task.Value()). Fix this by splitting AsCopyContext() into CopyContext() (which takes an explicit context.Context and is usable outside of the task goroutine) and OwnCopyContext() (which uses t as context.Context, but is only usable by t's task goroutine). PiperOrigin-RevId: 339933809
2020-10-29Add IPv4 reassembly packetimpact testArthur Sfez
The IPv6 reassembly test was also refactored to be easily extended with more cases. PiperOrigin-RevId: 339768605
2020-10-29Add support for bare IPv4 in packetimpact testsArthur Sfez
PiperOrigin-RevId: 339699771
2020-10-28Add the payload directly to the ICMPv4 typeArthur Sfez
This makes handling inbound fragmented packets easier, because a fragmented packet might not have an actual ICMP header but only a payload. After this change, the ICMPv4 is the last layer you can get because the payload is embedded in it. Note that this makes it consistent with the ICMPv6 implementation. While I'm here, I've also added the Ident and Sequence fields on the ICMPv4 type. Defaults are still zero. PiperOrigin-RevId: 339577094
2020-10-28Merge pull request #2849 from lubinszARM:pr_memory_barriergVisor bot
PiperOrigin-RevId: 339504677
2020-10-28Bump honnef.co/go/tools to v0.0.1-2020.1.6Ting-Yu Wang
PiperOrigin-RevId: 339476515
2020-10-28[runtime tests] Unexclude fixed test.Ayush Ranjan
#4641 fixed the PHP runtime test ext/standard/tests/network/bug20134.phpt. We should start testing it again. Also excluded another flaky test. Seems like a test bug. PiperOrigin-RevId: 339475716
2020-10-28Merge pull request #4543 from lubinszARM:pr_test_sigaltstackgVisor bot
PiperOrigin-RevId: 339459247
2020-10-27Wake up any waiters on an ICMP error on UDP socket.Bhasker Hariharan
This change wakes up any waiters when we receive an ICMP port unreachable control packet on an UDP socket as well as sets waiter.EventErr in the result returned by Readiness() when e.lastError is not nil. The latter is required where an epoll()/poll() is done after the error is already handled since we will never notify again in such cases. PiperOrigin-RevId: 339370469
2020-10-27Implement /proc/[pid]/memLennart
This PR implements /proc/[pid]/mem for `pkg/sentry/fs` (refer to #2716) and `pkg/sentry/fsimpl`. @majek COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/4060 from lnsp:proc-pid-mem 2caf9021254646f441be618a9bb5528610e44d43 PiperOrigin-RevId: 339369629
2020-10-27Add basic address deletion to netlinkIan Lewis
Updates #3921 PiperOrigin-RevId: 339195417
2020-10-26Implement command IPC_STAT for semctl.Jing Chen
PiperOrigin-RevId: 339166854
2020-10-26Fix SCM Rights S/R reference leak.Dean Deng
Control messages collected when peeking into a socket were being leaked. PiperOrigin-RevId: 339114961
2020-10-24Avoid excessive save/restore cycles in socket_ipv4_udp_unbound tests.Jamie Liu
PiperOrigin-RevId: 338805321
2020-10-23Support VFS2 save/restore.Jamie Liu
Inode number consistency checks are now skipped in save/restore tests for reasons described in greatest detail in StatTest.StateDoesntChangeAfterRename. They pass in VFS1 due to the bug described in new test case SimpleStatTest.DifferentFilesHaveDifferentDeviceInodeNumberPairs. Fixes #1663 PiperOrigin-RevId: 338776148
2020-10-23Fix socket_ipv4_udp_unbound_loopback_test_linuxZach Koopmans
Handle "Resource temporarily unavailable" EAGAIN errors with a select call before calling recvmsg. Also rename similar helper call from "RecvMsgTimeout" to "RecvTimeout", because it calls "recv". PiperOrigin-RevId: 338761695
2020-10-23iptables testing: handle EINTR on calls to accept().Kevin Krakauer
This caused test flakes. PiperOrigin-RevId: 338758723
2020-10-23[runtime tests] Exclude flaky tests.Ayush Ranjan
Also updated a test which only fails with VFS1. PiperOrigin-RevId: 338704940
2020-10-23Support getsockopt for SO_ACCEPTCONN.Nayana Bidari
The SO_ACCEPTCONN option is used only on getsockopt(). When this option is specified, getsockopt() indicates whether socket listening is enabled for the socket. A value of zero indicates that socket listening is disabled; non-zero that it is enabled. PiperOrigin-RevId: 338703206
2020-10-23Decrement e.synRcvdCount once handshake is complete.Bhasker Hariharan
Earlier the count was dropped only after calling e.deliverAccepted. This lead to an issue where there were no connections in SYN-RCVD state for the listening endpoint but e.synRcvdCount would not be zero because it was being reduced only when handleSynSegment returned after deliverAccepted returned. This issue is seen when the Nth SYN for a listen backlog of size N which would cause the listen backlog to be full gets dropped occasionally. This happens when the new SYN comes at when the previous completed endpoint has been delivered to the accept queue but the synRcvdCount hasn't yet been decremented because the goroutine running handleSynSegment has not yet completed. PiperOrigin-RevId: 338690646
2020-10-23Rewrite reference leak checker without finalizers.Dean Deng
Our current reference leak checker uses finalizers to verify whether an object has reached zero references before it is garbage collected. There are multiple problems with this mechanism, so a rewrite is in order. With finalizers, there is no way to guarantee that a finalizer will run before the program exits. When an unreachable object with a finalizer is garbage collected, its finalizer will be added to a queue and run asynchronously. The best we can do is run garbage collection upon sandbox exit to make sure that all finalizers are enqueued. Furthermore, if there is a chain of finalized objects, e.g. A points to B points to C, garbage collection needs to run multiple times before all of the finalizers are enqueued. The first GC run will register the finalizer for A but not free it. It takes another GC run to free A, at which point B's finalizer can be registered. As a result, we need to run GC as many times as the length of the longest such chain to have a somewhat reliable leak checker. Finally, a cyclical chain of structs pointing to one another will never be garbage collected if a finalizer is set. This is a well-known issue with Go finalizers (https://github.com/golang/go/issues/7358). Using leak checking on filesystem objects that produce cycles will not work and even result in memory leaks. The new leak checker stores reference counted objects in a global map when leak check is enabled and removes them once they are destroyed. At sandbox exit, any remaining objects in the map are considered as leaked. This provides a deterministic way of detecting leaks without relying on the complexities of finalizers and garbage collection. This approach has several benefits over the former, including: - Always detects leaks of objects that should be destroyed very close to sandbox exit. The old checker very rarely detected these leaks, because it relied on garbage collection to be run in a short window of time. - Panics if we forgot to enable leak check on a ref-counted object (we will try to remove it from the map when it is destroyed, but it will never have been added). - Can store extra logging information in the map values without adding to the size of the ref count struct itself. With the size of just an int64, the ref count object remains compact, meaning frequent operations like IncRef/DecRef are more cache-efficient. - Can aggregate leak results in a single report after the sandbox exits. Instead of having warnings littered in the log, which were non-deterministically triggered by garbage collection, we can print all warning messages at once. Note that this could also be a limitation--the sandbox must exit properly for leaks to be detected. Some basic benchmarking indicates that this change does not significantly affect performance when leak checking is enabled, which is understandable since registering/unregistering is only done once for each filesystem object. Updates #1486. PiperOrigin-RevId: 338685972
2020-10-22Pass NetworkInterface to LinkAddressRequestGhanan Gowripalan
Previously a link endpoint was passed to stack.LinkAddressResolver.LinkAddressRequest. With this change, implementations that want a route for the link address request may find one through the stack. Other implementations that want to send a packet without a route may continue to do so using the network interface directly. Test: - arp_test.TestLinkAddressRequest - ipv6.TestLinkAddressRequest PiperOrigin-RevId: 338577474
2020-10-22arm64 test: enabled Fault() functionBin Lu
Currently, this Fault() function does not work properly on the arm platform. After modification, sigaltstack_test_runsc_kvm can be passed on Arm64. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-10-20test/runtime: set the NOFILE soft rlimit to 32KAndrei Vagin
The python:test_subprocess enumerates all possible file descriptors and fails by timeout if the limit is too high. There is a know thing about docker that it sets this limit to 1M by default, but on native linux, this limit will be between 1K to 32K. PiperOrigin-RevId: 338197239
2020-10-20[runtime tests] Update exclude files.Ayush Ranjan
bhaskerh@ fixed a bunch of the EADDRINUSE flakes in #3662 so we should unexclude them. I have also tested other flaky tests on this list and removed those that do not flake anymore. PiperOrigin-RevId: 338158545
2020-10-19Merge pull request #4510 from btw616:fix/issue-4509gVisor bot
PiperOrigin-RevId: 337971497
2020-10-19Fix runsc tests on VFS2 overlay.Jamie Liu
- Check the sticky bit in overlay.filesystem.UnlinkAt(). Fixes StickyTest.StickyBitPermDenied. - When configuring a VFS2 overlay in runsc, copy the lower layer's root owner/group/mode to the upper layer's root (as in the VFS1 equivalent, boot.addOverlay()). This makes the overlay root owned by UID/GID 65534 with mode 0755 rather than owned by UID/GID 0 with mode 01777. Fixes CreateTest.CreateFailsOnUnpermittedDir, which assumes that the test cannot create files in /. - MknodTest.UnimplementedTypesReturnError assumes that the creation of device special files is not supported. However, while the VFS2 gofer client still doesn't support device special files, VFS2 tmpfs does, and in the overlay test dimension mknod() targets a tmpfs upper layer. The test initially has all capabilities, including CAP_MKNOD, so its creation of these files succeeds. Constrain these tests to VFS1. - Rename overlay.nonDirectoryFD to overlay.regularFileFD and only use it for regular files, using the original FD for pipes and device special files. This is more consistent with Linux (which gets the original inode_operations, and therefore file_operations, for these file types from ovl_fill_inode() => init_special_inode()) and fixes remaining mknod and pipe tests. - Read/write 1KB at a time in PipeTest.Streaming, rather than 4 bytes. This isn't strictly necessary, but it makes the test less obnoxiously slow on ptrace. Fixes #4407 PiperOrigin-RevId: 337971042
2020-10-16Use POSIX interval timers in flock test.Dean Deng
ualarm(2) is obsolete. Move IntervalTimer into a test util, where it can be used by flock tests. These tests were flaky with TSAN, probably because it slowed the tests down enough that the alarm was expiring before flock() was called. Use an interval timer so that even if we miss the first alarm (or more), flock() is still guaranteed to be interrupted. PiperOrigin-RevId: 337578751
2020-10-15sockets: ignore io.EOF from view.ReadAtAndrei Vagin
Reported-by: syzbot+5466463b7604c2902875@syzkaller.appspotmail.com PiperOrigin-RevId: 337451896
2020-10-15Syncing packetimpact tests in different directoriesZeling Feng
By exposing an ALL_TESTS list in defs.bzl we can make sure all packetimpact users get to agree on the list of all tests. A defect in this approach is that we have to keep a list of packetimpact_testbench rules in the BUILD file. An helper validate_all_tests has been added to help keep BUILD and .bzl files in sync. PiperOrigin-RevId: 337411839
2020-10-14Disable strace+debug when explicitly requestedTiwei Bie
Currently strace+debug is always enabled as the setting from the upper layer isn't passed to _syscall_test(). And it will negatively affect the performance tests. This patch fixes this issue. The "debug" argument of _syscall_test() is also made mandatory to prevent this happening again. //test/perf:getpid_benchmark_runsc_kvm ----------------------------------------------------- Benchmark Time CPU Iterations ----------------------------------------------------- Before: BM_Getpid 28119 ns 28157 ns 25926 After: BM_Getpid 947 ns 939 ns 777778 Fixes #4509 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2020-10-12gvisor/test: Set nogotsan for native testsAndrei Vagin
Tests are written in C++ and there is no reason to run them with gotsan without gVisor. PiperOrigin-RevId: 336783276
2020-10-09TCP Receive window advertisement fixes.Bhasker Hariharan
The fix in commit 028e045da93b7c1c26417e80e4b4e388b86a713d was incorrect as it can cause the right edge of the window to shrink when we announce a zero window due to receive buffer being full as its done before the check for seeing if the window is being shrunk because of the selected window. Further the window was calculated purely on available space but in cases where we are getting full sized segments it makes more sense to use the actual bytes being held. This CL changes to use the lower of the total available space vs the available space in the maximal window we could advertise minus the actual payload bytes being held. This change also cleans up the code so that the window selection logic is not duplicated between getSendParams() and windowCrossedACKThresholdLocked. PiperOrigin-RevId: 336404827
2020-10-09Add gvisor webhook configurationKevin Krakauer
PiperOrigin-RevId: 336393190
2020-10-09Add parsers golang benchmarks.Zach Koopmans
Add parser and formatting for golang benchmarks for docker benchmarks. Change adds a library for printing and parsing Test parameters and metrics. Benchmarks use the library to print parameters in the Benchmark title (e.g. the name field in b.Run()), and to report CustomMetrics. Parser uses the library to parse printed data from benchmark output and put it into BigQuery structs. PiperOrigin-RevId: 336365628
2020-10-09Set expect_failure flags on tests that currently fails on fuchsiaZeling Feng
PiperOrigin-RevId: 336350318
2020-10-09test/syscall/iptables: don't use designated initializersAndrei Vagin
test/syscalls/linux/iptables.cc:130:3: error: C99 designator 'name' outside aggregate initializer 130 | }; | PiperOrigin-RevId: 336331738
2020-10-07Add staticcheck and staticstyle analyzers.Adin Scannell
This change also adds support to go_stateify for detecting an appropriate receiver name, avoiding a large number of false positives. PiperOrigin-RevId: 335994587