- Only use MAXSYMLINKS/2+1 symlinks for each of the interpreter and script
paths in SymlinkLimitRefreshedForInterpreter to tolerate cases where the
original paths (/tmp, /bin, or /bin/echo) themselves contain symlinks.
- Ensure that UnshareFiles performs execve immediately after clone(CLONE_VFORK)
(no heap allocation for ExecveArray/RunfilesPath).
- Use lstat() rather than stat() for the existence check in fs_util's Exists;
the latter will fail if the symlink target does not exist, even if the
symlink does.
PiperOrigin-RevId: 320110156
RFC 6864 imposes various restrictions on the uniqueness of the IPv4
Identification field for non-atomic datagrams, defined as an IP datagram that
either can be fragmented (DF=0) or is already a fragment (MF=1 or positive
fragment offset). In order to be compliant, the ID field is assigned for all
non-atomic datagrams.
Add a TCP unit test that induces retransmissions and checks that the IPv4
ID field is unique every time. Add basic handling of the IP_MTU_DISCOVER
socket option so that the option can be used to disable PMTU discovery,
effectively setting DF=0. Attempting to set the sockopt to anything other
than disabled will fail because PMTU discovery is currently not implemented,
and the default behavior matches that of disabled.
PiperOrigin-RevId: 320081842
The current convention is when a header is set to pkt.XxxHeader field, it
gets removed from pkt.Data. ICMP does not currently follow this convention.
PiperOrigin-RevId: 320078606
This change fixes a few things:
- creating sockets using mknod(2) is supported via vfs2
- fsgofer can create regular files via mknod(2)
- mode = 0 for mknod(2) will be interpreted as regular file in vfs2 as well
Updates #2923
PiperOrigin-RevId: 320074267
The fdnotifier package provides an API to a thread that continually epolls
arbitrary host FDs. The set of events polled for each host FD is (intended to
be) all events for which a waiter.Entry has expressed interest, as returned by
waiter.Queue.Events() for the waiter.Queue registered to the given host FD.
When the set of events changes (due to a change in the set of registered
waiter.Entries), the mutator must call fdnotifier.UpdateFD() to recalculate the
new event set and propagate it to the epoll FD.
PiperOrigin-RevId: 319924719
Reserve the MSB from ino for synthetic dentries to prevent
conflict with regular dentries. Log warning in case MSB is
set for regular dentries.
Updates #1487
PiperOrigin-RevId: 319869858
Avoid a race where an arbitrary goroutine scheduling delay can cause the
processor to miss events and hang indefinitely.
Reduce allocations by storing processors by-value in the dispatcher, and
by using a single WaitGroup rather than one per processor.
PiperOrigin-RevId: 319665861
Currently this test produces an error resembling
tcp_zero_window_probe_retransmit_test.go:92: zero probe came sooner interval 3200179405 probe 4
which is approximately useless.
PiperOrigin-RevId: 319572263
Before this change, running packetimpact tests produces:
parameter 'direct' must contain a list of elements, and may no longer
accept a depset. The deprecated behavior may be temporarily re-enabled
by setting --incompatible_disable_depset_inputs=false
The positional parameter to depset has been changed to mean `direct`
rather than its previous meaning of `items`. The documentation[0]
explains:
A positional parameter distinct from other parameters for legacy
support.
If --incompatible_disable_depset_items is false, this parameter
serves as the value of items.
If --incompatible_disable_depset_items is true, this parameter
serves as the value of direct.
See the documentation for these parameters for more details.
[0] https://docs.bazel.build/versions/master/skylark/lib/globals.html
PiperOrigin-RevId: 319555138
We do not support RWF_SYNC/RWF_DSYNC and probably shouldn't silently accept
them, since the user may incorrectly believe that we are synchronizing I/O.
Remove the pwritev2 test verifying that we support these flags.
gvisor.dev/issue/2601 is the tracking bug for deciding which RWF_.* flags
we need and supporting them.
Updates #2923, #2601.
PiperOrigin-RevId: 319351286
We were not invalidating mappings when the file size changed in shared mode.
Enabled the syscall test for vfs2.
Updates #2923
PiperOrigin-RevId: 319346569
Some Open:TruncateXxx syscall tests were failing because the file size was
not being updated when the file was opened with O_TRUNC.
Fixes Truncate tests in test/syscalls:open_test_runsc_ptrace_vfs2.
Updates #2923
PiperOrigin-RevId: 319340127
Currently, we always perform a full-file sync which could be extremely
expensive for some applications. Although vfs1 did not fully support
sync_file_range, there were some optimizations that allowed us skip some
unnecessary write-outs.
Updates #2923, #1897.
PiperOrigin-RevId: 319324213
The application can choose to initiate a non-blocking connect and
later block on a read, when the endpoint is still in SYN-SENT state.
PiperOrigin-RevId: 319311016
After we change credentials, it is possible that we no longer have access to
the sticky directory where we are trying to delete files. Use an open fd so
this is not an issue.
PiperOrigin-RevId: 319306255
- Support FIOASYNC, FIO{SET,GET}OWN, SIOC{G,S}PGRP (refactor getting/setting
owner in the process).
- Unset signal recipient when setting owner with pid == 0 and
valid owner type.
Updates #2923.
PiperOrigin-RevId: 319231420
a) When GSO is in use we should not cap the segment to maxPayloadSize in
sender.maybeSendSegment as the GSO logic will cap the segment to the correct
size. Without this the host GSO is not used as we end up breaking up large
segments into small MSS sized segments before writing the packets to the
host.
b) The check to not split a segment due to it not fitting in the receiver window
when there are pending segments is incorrect as segments in writeList can be
really large as we just take the write call's buffer size and create a single
large segment. So a write of say 128KB will just be 1 segment in the
writeList.
The linux code checks if 1 MSS sized segments fits in the receiver's window
and if not then does not split the current segment. gVisor's check was
incorrect that it was checking if the whole segment which could be >>> 1 MSS
would fit in the receiver's window. This was causing us to prematurely stop
sending and falling back to retransmit timer/probe from the other end to send
data.
This was seen when running HTTPD benchmarks where @ HEAD when sending large
files the benchmark was taking forever to run.
The tcp_splitseg_mss_test.go is being deleted as the test as written doesn't
test what is intended correctly. This is because GSO is enabled by default and
the reason the MSS+1 sized segment is sent is because GSO is in use. A proper
test will require disabling GSO on linux and netstack which is going to take a
bit of work in packetimpact to do it correctly.
Separately a new test probably should be written that verifies that a segment >
availableWindow is not split if the availableWindow is < 1 MSS.
Fixes#3107
PiperOrigin-RevId: 319172089
We were truncating buf using a index relative to the middle of the slice (i.e.
where envv begins), but we need to calculate the index relative to the entire
slice.
Updates #2923.
PiperOrigin-RevId: 319154950
...by calling (*tcp.endpoint).EndpointState only once when possible.
Avoid wrapping (*sleep.Waker).Assert in a useless func while I'm here.
PiperOrigin-RevId: 319074149
This includes the provisional style guide in the website and fixes the broken
link from CONTRIBUTING.md. The style guide will be located under the "Community"
category as it's related to contributing to the project.
Also, add missing includes that were causing some presubmits to fail.
PiperOrigin-RevId: 319061410
Bring udp_socket_test into complianc by:
- Eliminating IsRunningOnGvisor() invocations.
- Wrapping sockets in RAII FileDescriptor objects.
- Creating a Bind() method so that the first bind happens on port 0.
PiperOrigin-RevId: 318909396
SO_NO_CHECK is used to skip the UDP checksum generation on a TX socket
(UDP checksum is optional on IPv4).
Test:
- TestNoChecksum
- SoNoCheckOffByDefault (UdpSocketTest)
- SoNoCheck (UdpSocketTest)
Fixes#3055
PiperOrigin-RevId: 318575215
The Option Type identifiers are internally encoded such that their
highest-order two bits specify the action that must be taken if the
processing IPv6 node does not recognize the Option Type:
00 - skip over this option and continue processing the header.
01 - discard the packet.
10 - discard the packet and, regardless of whether or not the
packet's Destination Address was a multicast address, send an
ICMP Parameter Problem, Code 2, message to the packet's
Source Address, pointing to the unrecognized Option Type.
11 - discard the packet and, only if the packet's Destination
Address was not a multicast address, send an ICMP Parameter
Problem, Code 2, message to the packet's Source Address,
pointing to the unrecognized Option Type.
PiperOrigin-RevId: 318566613
Also, while we're here, make sure that gofer inotify events are generated when
files are created in remote revalidating mode.
Updates #1479.
PiperOrigin-RevId: 318536354
Jamie Liu
Tony Gong
Ting-Yu Wang
Ayush Ranjan
gVisor bot
Wietse Venema
Fabricio Voznika
Bhasker Hariharan
Tamir Duberstein
Dean Deng
Mithun Iyer
Zach Koopmans
Jay Zhuang
Michael Pratt
Craig Chi
Ian Gudger
Kevin Krakauer
Zeling Feng