Add missing state transition to LastAck, which should happen when the
endpoint has already recieved a FIN from the remote side, and is
sending its own FIN.
PiperOrigin-RevId: 265568314
This exposes L1, L2, etc. cache sizes, cache line size, etc.
Across S/R, everything except cache line size can differ from the host. This is
because cache line size is critical for correct use of CLFLUSH / CLFLUSHOPT,
but as far as I know, the other cache parameters can only affect performance,
not correctness.
AMD uses different leafs for cache information, which are not yet supported.
fail. There are no known cases of cache line size other than 64 in the fleet.
PiperOrigin-RevId: 265544786
This addresses the problem where an endpoint has its address removed but still
has outstanding references held by routes used in connected TCP/UDP sockets
which prevent the removal of the endpoint.
The fix adds a new "expired" flag to the referenced network endpoint, which is
set when an endpoint has its address removed. Incoming packets are not
delivered to an expired endpoint (unless in promiscuous mode), while sending
outgoing packets triggers an error to the caller (unless in spoofing mode).
In addition, a few helper functions were added to stack_test.go to reduce
code duplications.
PiperOrigin-RevId: 265514326
The flake had the call to futex_unlock_pi() returning EINVAL with the
FUTEX_OWNER_DIED set. In this case, userspace has to clean up stale
state. So instead of calling FUTEX_UNLOCK_PI outright, we'll use the
advised atomic compare_exchange as advised in the man page.
PiperOrigin-RevId: 265163920
In cl/264434674 and cl/264498919, we stop running test cases
in parallel to not overload test hosts. But now tests requires
more time to run, so we need to increase a default number of
shards or a default test timeout. Let's start with increasing
the number of shards and see how it will works.
PiperOrigin-RevId: 264917055
For SOCK_STREAM type unix socket, we shall return ECONNRESET if peer is
closed with data not read.
We explictly set a flag when closing one end, to differentiate from
just shutdown (where zero shall be returned).
Fixes: #735
Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
Previously, recvmsg() on a unix stream socket with its peer closed will
never return, with goroutine call trace like this:
...
2 in gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).block
at pkg/sentry/kernel/task_block.go:124
3 in gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).BlockWithDeadline
at pkg/sentry/kernel/task_block.go:69
4 in gvisor.dev/gvisor/pkg/sentry/socket/unix.(*SocketOperations).RecvMsg
at pkg/sentry/socket/unix/unix.go:612
5 in gvisor.dev/gvisor/pkg/sentry/syscalls/linux.recvFrom
at pkg/sentry/syscalls/linux/sys_socket.go:885
6 in gvisor.dev/gvisor/pkg/sentry/syscalls/linux.RecvFrom
at pkg/sentry/syscalls/linux/sys_socket.go:910
...
The issue is caused by that ErrClosedForReceive returned by
unix/transport.queue is turned into nil in
unix.(*EndpointReader).ReadToBlocks():
err.ToError()
As a result, in unix.(*SocketOperations).RecvMsg():
n == 0 and err == nil
We shall differentiate it from another case - no data to read where
ErrWouldBlock shall be returned; and return 0 immediately.
Fixes: #734
Reported-by: chenglang.hy <chenglang.hy@antfin.com>
Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
This fixes the issue of not being able to bind to either a multicast or
broadcast address as well as to send and receive data from it. The way to solve
this is to treat these addresses similar to the ANY address and register their
transport endpoint ID with the global stack's demuxer rather than the NIC's.
That way there is no need to require an endpoint with that multicast or
broadcast address. The stack's demuxer is in fact the only correct one to use,
because neither broadcast- nor multicast-bound sockets care which NIC a
packet was received on (for multicast a join is still needed to receive packets
on a NIC).
I also took the liberty of refactoring udp_test.go to consolidate a lot of
duplicate code and make it easier to create repetitive tests that test the same
feature for a variety of packet and socket types. For this purpose I created a
"flowType" that represents two things: 1) the type of packet being sent or
received and 2) the type of socket used for the test. E.g., a "multicastV4in6"
flow represents a V4-mapped multicast packet run through a V6-dual socket.
This allows writing significantly simpler tests. A nice example is testTTL().
PiperOrigin-RevId: 264766909
test/syscalls/linux/proc_net_tcp.cc:252: Failure
Value of: connect(client->get(), &addr, addrlen)
Expected: not -1 (success)
Actual: -1 (of type int), with errno PosixError(errno=4 Interrupted system call)
PiperOrigin-RevId: 264743815
We need real sharding, and will let Bazel handle the
parallelization. That is coming soon. Until then, remove
this call to t.Parallel() so that we can run the tests without
eating all CPU.
PiperOrigin-RevId: 264498919
The test is long running (175128 ms or so) which causes timeouts.
The test simply makes sure that private futexes can acquire
locks concurrently. Dropping current threads and increasing the
number of locks each thread tests the same concurrency concerns
but drops execution time to ~1411 ms.
PiperOrigin-RevId: 264476144
bazel runs a few instances of syscall_test_runner in parallel
and then syscall_test_runner runs test cases in parallel. It might
be a reason why we see that test hosts are overloaded and sandboxes
start slowly. It should be better to control how many tests are
running in parallel from one place, so let's try to disable this
feature in syscall_test_runner.
PiperOrigin-RevId: 264434674
Document limitation of no reasonable implementation for RWF_HIPRI
flag (High Priority Read/Write for block-based file systems).
PiperOrigin-RevId: 264237589
We wrongly parses output interface as gateway address.
The fix is straightforward.
Fixes#638
Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com>
Change-Id: Ia4bab31f3c238b0278ea57ab22590fad00eaf061
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/684 from tanjianfeng:fix-638 b940e810367ad1273519bfa594f4371bdd293e83
PiperOrigin-RevId: 264211336
Migrates all (except 3) seqfile implementations to the vfs.DynamicBytesSource
interface. There should not be any change in functionality due to this migration
itself.
Please note that the following seqfile implementations have not been migrated:
- /proc/filesystems in proc/filesystems.go
- /proc/[pid]/mountinfo in proc/mounts.go
- /proc/[pid]/mounts in proc/mounts.go
This is because these depend on pending changes in /pkg/senty/vfs.
PiperOrigin-RevId: 263880719
This adds the same logic to NIC.findEndpoint that is already done in
NIC.getRef. Since this makes the two functions very similar they were combined
into one with the originals being wrappers.
PiperOrigin-RevId: 263864708
This fixes the implementation ambiguity issues when a filesystem
implementation embeds vfs.DefaultDirectoryFD to its directory FD along
with an internal common fileDescription utility.
For similar reasons also removes FileDescriptionDefaultImpl from
DynamicBytesFileDescriptionImpl.
PiperOrigin-RevId: 263795513
These errors are always pointers; there's no sense in dereferencing them
in the panic call. Changed one false positive for clarity.
PiperOrigin-RevId: 263611579
13a98df rearranged some of this code in a way that broke compilation of
the netstack-only export at github.com/google/netstack because
*_state.go files are not included in that export.
This commit moves resumption logic back into *_state.go, fixing the
compilation breakage.
PiperOrigin-RevId: 263601629
SendMsg before this change would copy all the data over into a
new slice even if the underlying socket could only accept a
small amount of data. This is really inefficient with non-blocking
sockets and under high throughput where large writes could get
ErrWouldBlock or if there was say a timeout associated with the sendmsg()
syscall.
With this change we delay copying bytes in till they are needed and only
copy what can be potentially sent/held in the socket buffer. Reducing
the need to repeatedly copy data over.
Also a minor fix to change state FIN-WAIT-1 when shutdown(..., SHUT_WR) is called
instead of when we transmit the actual FIN. Otherwise the socket could remain in
CONNECTED state even though the user has called shutdown() on the socket.
Updates #627
PiperOrigin-RevId: 263430505
Adin Scannell
Rahat Mahmood
Michael Pratt
gVisor bot
Chris Kuiper
Andrei Vagin
Zach Koopmans
Tamir Duberstein
Fabricio Voznika
Jianfeng Tan
praveensastry
Nicolas Lacasse
Kevin Krakauer
Jianfeng Tan
Ayush Ranjan
Haibo Xu
Bhasker Hariharan
Jamie Liu
Ian Gudger