This adds helpers to send both of these control messages via sendmsg,
and most of the initialization is moved into the SetUp body.
The parametrization is now more meaningful. The kDualStack is actually
impactful, which means DifferentTOSAndTClass test has been removed. The
IPv4-mapped IPv6 scenario is now tested in the SetAndReceiveTOSOrTClass.
PiperOrigin-RevId: 426313619
Remove the AddressConfigSlaacTemp address configuration type
and add a boolean representing temporality. This enables support
for statically-configured temporary addresses (such as an address
configured by an out-of-stack DHCPv6 client). Like temporary addresses
generated via SLAAC, such addresses are preferred over addresses that
are not temporary during IPv6 source address selection.
Added a test case to the IPv6 source address selection tests which
asserts that an address with the static temporary config type is
preferred over a non-temporary address.
PiperOrigin-RevId: 426301838
The variant kDualStack is never used by any test. It just duplicates
kIpv6 case. Because the parameters are now just kIpv4 and kIpv6, use
an int to encode the address family, instead of the enum.
PiperOrigin-RevId: 426224701
This prevents a racing clunk() call from destroying the file while the callback
is running, leading to potential data races.
PiperOrigin-RevId: 426180506
Without this fix, the qdisc dispatch loop writes at most one batch,
then waits for another wakeup before writing any more packets. All
packets in the queue should be written to the link endpoint after
a wakeup.
PiperOrigin-RevId: 426053587
I am not fully familiar with this code, but I added some `checklocks`
annotations wherever it seemed appropriate and obvious from existing comments.
PiperOrigin-RevId: 426042114
The dentry cache limit should only be set at filesystem creation.
Mqfs filesystems are created during IPC namespace creation and
mount(2)s return a reference to the shared filesystem
object. Modifying the cache limit once the filesystem is in use can
cause the cache to exceed the limit. Since this mount option is rarely
(never?) used, use a static cache size and remove the mount option.
Reported-by: syzbot+e89efb5faa374468b6bb@syzkaller.appspotmail.com
PiperOrigin-RevId: 425436253
lisafs.Inode is a heavy struct with linux.Statx in it. However the cost of
copying it on return is lower than that of an allocation.
Additionally unclutter the filesystem.doCreateAt function signature. It already
is quite complex. lisafs had added more complexity earlier. Revert that.
PiperOrigin-RevId: 424972317
Earlier lisafs let the client choose where the connection will be mounted.
Because the client can be compromised, we can not trust the Mount RPC to
dictate the mount path. Instead, decide the mount path on startup on the server
as per the sandbox configuration.
lisafs made the following two assumptions where were incorrect:
- runsc/fsgofer always chroot()s the gofer process. This is currently always
the case but in the future this might not be true.
- Non root mountpoints will not always correspond to the same directory inside
the root mount. For instance, if application sets bind mount
`-v host/dir:app/dir`, then it is not necessary that the app/dir endpoint is
placed at path "app/dir" inside the root endpoint. This is currently the case
for runsc/fsgofer, but it might not be in the future.
To support attach paths, make the client do a normal Walk RPC to the attach
point. The Mount RPC now mounts the connection to an endpoint that was
predetermined during startup according to sandbox configuration.
PiperOrigin-RevId: 424948561
The packetsocket link endpoint is used to enable a packet endpoint to
receive packets right before they are sent to the driver for outgoing
packets or right after they are recieved from the driver for incoming
packets.
Before this change, only packets that are sent/received by the
`stack.nic` were delivered to packet endpoints. However, the packet
endpoint should also receive packets that don't reach `stack.nic`.
Such an example can be when the interface is bridged and an incoming
packet is sent out through a sibling bridge port instead of being
delivered to a `stack.nic`.
The packetsocket link endpoint must wrap a link endpoint that
populates the link headers for ingress packets. It should ideally
be placed as low in the link endpoint heirarchy as possible so that
packets are probed as close to device drivers as possible.
2d9b33c0fd
removed the original packetsocket link endpoint which only allowed
low-level capturing of outbound packets but not inbound packets.
The CL mentioned above is cl/395761629.
PiperOrigin-RevId: 424947620
This is very similar to p9 in design and helps address all the discussed
security concerns around the old lisafs design.
In p9, the path tree grows unbounded. Once a path is walked, those path nodes
exist for the lifetime of the server. That hurts memory performance and usage.
Additionally, nodes are allocated separately from FidRefs which are allocated
separately from Files. Each path node also has 3 hashmaps tracking various
things. This leads to a LOT of allocations.
In lisafs, we cut down almost all the additional allocations. Nodes have a
bounded lifetime. Once all refs on node are dropped, the node is removed from
the filesystem tree. In the overwhelming common case, where the client is not
compromised and is behaving correctly (gofer client in sentry), the lifecycle
of the ControlFD and Node are equivalent. So lisafs allocates them together.
lisafs also only uses 1 hashmap in each node to track children. This too has
been optimized. Experimentation showed that majority of directories have at
most 3 children to track. So we only allocate the hashmap once we hit 4
children. Before that, we statically track 3 children using hardcoded pointers.
Tested: All 221 syscall tests pass with lisafs.
PiperOrigin-RevId: 424933787
Before this change the only reference on the packet after reassembly
processing was held by the reassembler in the holes array. This meant that
after the reassembly cleanup job, there were no references left on the
packet, leading to use after free bugs.
PiperOrigin-RevId: 424479461
Since there is very little wasted work for Buildkite, increasing the
parallelsim will decrease throw-away work on cancelation or failure.
This aims to achieve ~3 minutes per individiaul test instance.
PiperOrigin-RevId: 424469351
The arguments passed to LinkEndpoint.AddHeader are all available in
the packet buffer so just get the values from the packet buffer.
PiperOrigin-RevId: 424463821
This removes the need for the stack to add a link header out-of-line the
write path when delivering outbound packets to a packet socket.
PiperOrigin-RevId: 424444109
...as they are not used in all cases expect in the packet endpoint
which can get the link address directly from the link header.
PiperOrigin-RevId: 424427195
This adds a test to smoke-tests to ensure that the race build does not
break again. In debugging this issue, a race in the nogo tool itself
was discovered, and a related fix is included.
PiperOrigin-RevId: 424393624
This change should reduce the run time of the tcp_test target as well as allow
us to add leakchecking code to each test individually rather than create
standalone main_test.go file.
It also cleans up the BUILD file in the tcp directory so that the only tests in
the BUILD file are the whitebox tests and blackbox tests are now segregated to a
separate directory.
PiperOrigin-RevId: 424225303
The origin version converts KVM cpuid entries into cpuid.Static
to be able to modify it. But such conversion has side-effects
that we need to avoid and so it looks reasonable to modify KVM
cpuid entries directly.
PiperOrigin-RevId: 424221630