Earlier we were docker exec-ing each test at a time. However invoking the test
framework has a fixed overhead which made it infeasible to make the runtime
tests run as presubmits. This change now executes tests in batches of 50 (can
be altered). This really speeds up testing process.
With this change, the following tests can be run in reasonable times:
- Go
- Nodejs
- Php
- Python
PiperOrigin-RevId: 320763916
Split the kvm ut test cases to pass unit-tests on Arm64.
I will add the tls and full-context test cases for Arm64 later.
Signed-off-by: Bin Lu <bin.lu@arm.com>
RFC-1122 (and others) specify that UDP should not receive
datagrams that have a source address that is a multicast address.
Packets should never be received FROM a multicast address.
See also, RFC 768: 'User Datagram Protocol'
J. Postel, ISI, 28 August 1980
A UDP datagram received with an invalid IP source address
(e.g., a broadcast or multicast address) must be discarded
by UDP or by the IP layer (see rfc 1122 Section 3.2.1.3).
This CL does not address TCP or broadcast which is more complicated.
Also adds a test for both ipv6 and ipv4 UDP.
Fixes#3154
PiperOrigin-RevId: 320547674
The go.mod dependency tree for the shim was somehow contradictory. After
resolving these issues (e.g. explicitly imported k8s 1.14, pulling a
specific dbus version), and adding all dependencies, the shim can now be
build as part of the regular bazel tree.
As part of this process, minor cleanup was done in all the source files:
headers were standardized (and include "The gVisor Authors" in addition
to the "The containerd Authors" if originally derived from containerd
sources), and comments were cleaned up to meet coding standards.
This change makes the containerd installation dynamic, so that multiple
versions can be tested, and drops the static installer for the VM image
itself.
This change also updates test/root/crictl_test.go and related utilities,
so that the containerd tests can be run on any version (and in cases
where it applies, they can be run on both v1 and v2 as parameterized
tests).
Adds a netns flag to runsc spec that allows users to specify a network
namespace path when creating a sample config.json file. Also, adds the ability
to specify the command arguments used when running the container.
This will make it easier for new users to create sample OCI bundles without
having to edit the config.json by hand.
PiperOrigin-RevId: 320486267
This change gates all FUSE commands (by gating /dev/fuse) behind a runsc
flag. In order to use FUSE commands, use the --fuse flag with the --vfs2
flag. Check if FUSE is enabled by running dmesg in the sandbox.
Fixed an issue with the runtime test runner which enables us to run tests in
shards. We had to touch the status file as indicated by an env var.
PiperOrigin-RevId: 320236205
- Only use MAXSYMLINKS/2+1 symlinks for each of the interpreter and script
paths in SymlinkLimitRefreshedForInterpreter to tolerate cases where the
original paths (/tmp, /bin, or /bin/echo) themselves contain symlinks.
- Ensure that UnshareFiles performs execve immediately after clone(CLONE_VFORK)
(no heap allocation for ExecveArray/RunfilesPath).
- Use lstat() rather than stat() for the existence check in fs_util's Exists;
the latter will fail if the symlink target does not exist, even if the
symlink does.
PiperOrigin-RevId: 320110156
RFC 6864 imposes various restrictions on the uniqueness of the IPv4
Identification field for non-atomic datagrams, defined as an IP datagram that
either can be fragmented (DF=0) or is already a fragment (MF=1 or positive
fragment offset). In order to be compliant, the ID field is assigned for all
non-atomic datagrams.
Add a TCP unit test that induces retransmissions and checks that the IPv4
ID field is unique every time. Add basic handling of the IP_MTU_DISCOVER
socket option so that the option can be used to disable PMTU discovery,
effectively setting DF=0. Attempting to set the sockopt to anything other
than disabled will fail because PMTU discovery is currently not implemented,
and the default behavior matches that of disabled.
PiperOrigin-RevId: 320081842
The current convention is when a header is set to pkt.XxxHeader field, it
gets removed from pkt.Data. ICMP does not currently follow this convention.
PiperOrigin-RevId: 320078606
This change fixes a few things:
- creating sockets using mknod(2) is supported via vfs2
- fsgofer can create regular files via mknod(2)
- mode = 0 for mknod(2) will be interpreted as regular file in vfs2 as well
Updates #2923
PiperOrigin-RevId: 320074267
The fdnotifier package provides an API to a thread that continually epolls
arbitrary host FDs. The set of events polled for each host FD is (intended to
be) all events for which a waiter.Entry has expressed interest, as returned by
waiter.Queue.Events() for the waiter.Queue registered to the given host FD.
When the set of events changes (due to a change in the set of registered
waiter.Entries), the mutator must call fdnotifier.UpdateFD() to recalculate the
new event set and propagate it to the epoll FD.
PiperOrigin-RevId: 319924719
Reserve the MSB from ino for synthetic dentries to prevent
conflict with regular dentries. Log warning in case MSB is
set for regular dentries.
Updates #1487
PiperOrigin-RevId: 319869858
Avoid a race where an arbitrary goroutine scheduling delay can cause the
processor to miss events and hang indefinitely.
Reduce allocations by storing processors by-value in the dispatcher, and
by using a single WaitGroup rather than one per processor.
PiperOrigin-RevId: 319665861
Currently this test produces an error resembling
tcp_zero_window_probe_retransmit_test.go:92: zero probe came sooner interval 3200179405 probe 4
which is approximately useless.
PiperOrigin-RevId: 319572263
Before this change, running packetimpact tests produces:
parameter 'direct' must contain a list of elements, and may no longer
accept a depset. The deprecated behavior may be temporarily re-enabled
by setting --incompatible_disable_depset_inputs=false
The positional parameter to depset has been changed to mean `direct`
rather than its previous meaning of `items`. The documentation[0]
explains:
A positional parameter distinct from other parameters for legacy
support.
If --incompatible_disable_depset_items is false, this parameter
serves as the value of items.
If --incompatible_disable_depset_items is true, this parameter
serves as the value of direct.
See the documentation for these parameters for more details.
[0] https://docs.bazel.build/versions/master/skylark/lib/globals.html
PiperOrigin-RevId: 319555138
At present, when doing syscall_kvm test, we need to
enable the function of ESR_ELx_SYS64_ISS_SYS_CTR_READ to
successfully pass the test.
I set SCTLR_EL1.UCT==1, so that the related cases can passed.
Signed-off-by: Bin Lu <bin.lu@arm.com>
We do not support RWF_SYNC/RWF_DSYNC and probably shouldn't silently accept
them, since the user may incorrectly believe that we are synchronizing I/O.
Remove the pwritev2 test verifying that we support these flags.
gvisor.dev/issue/2601 is the tracking bug for deciding which RWF_.* flags
we need and supporting them.
Updates #2923, #2601.
PiperOrigin-RevId: 319351286
We were not invalidating mappings when the file size changed in shared mode.
Enabled the syscall test for vfs2.
Updates #2923
PiperOrigin-RevId: 319346569
Some Open:TruncateXxx syscall tests were failing because the file size was
not being updated when the file was opened with O_TRUNC.
Fixes Truncate tests in test/syscalls:open_test_runsc_ptrace_vfs2.
Updates #2923
PiperOrigin-RevId: 319340127
Currently, we always perform a full-file sync which could be extremely
expensive for some applications. Although vfs1 did not fully support
sync_file_range, there were some optimizations that allowed us skip some
unnecessary write-outs.
Updates #2923, #1897.
PiperOrigin-RevId: 319324213
The application can choose to initiate a non-blocking connect and
later block on a read, when the endpoint is still in SYN-SENT state.
PiperOrigin-RevId: 319311016
Kevin Krakauer
Jay Zhuang
Adin Scannell
Ghanan Gowripalan
Ayush Ranjan
Bhasker Hariharan
Bin Lu
gVisor bot
Ian Lewis
Michael Pratt
Ridwan Sharif
Fabricio Voznika
Zach Koopmans
Tamir Duberstein
Jamie Liu
Tony Gong
Ting-Yu Wang
Wietse Venema
Dean Deng
Mithun Iyer