executor: fix cgroups

1. Create per-proc cgroup in executor.
2. Setup cgroups after chdir into test dir
   (it assumes relative paths against test dir).
3. Add test.

5 files changed, 33 insertions, 18 deletions

diff --git a/executor/common.h b/executor/common.h
index 04358d1b1..6b8b43a33 100644
--- a/executor/common.h
+++ b/executor/common.h
@@ -514,13 +514,13 @@ static void loop()
 		if (pid < 0)
 			fail("clone failed");
 		if (pid == 0) {
-#if SYZ_HAVE_SETUP_TEST
-			setup_test();
-#endif
 #if SYZ_EXECUTOR || SYZ_USE_TMP_DIR
 			if (chdir(cwdbuf))
 				fail("failed to chdir");
 #endif
+#if SYZ_HAVE_SETUP_TEST
+			setup_test();
+#endif
 #if GOOS_akaros
 #if SYZ_EXECUTOR
 			dup2(child_pipe[0], kInPipeFd);
diff --git a/executor/common_linux.h b/executor/common_linux.h
index 9c1f5d776..e491c1f94 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -1969,8 +1969,7 @@ static void kill_and_wait(int pid, int* status)
 #define SYZ_HAVE_SETUP_LOOP 1
 static void setup_loop()
 {
-// TODO(dvyukov): this needs SYZ_EXECUTOR and a test.
-#if SYZ_ENABLE_CGROUPS
+#if SYZ_EXECUTOR || SYZ_ENABLE_CGROUPS
 	int pid = getpid();
 	char cgroupdir[64];
 	char procs_file[128];
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index cd59914e3..a5b25001f 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -3422,7 +3422,7 @@ static void kill_and_wait(int pid, int* status)
 #define SYZ_HAVE_SETUP_LOOP 1
 static void setup_loop()
 {
-#if SYZ_ENABLE_CGROUPS
+#if SYZ_EXECUTOR || SYZ_ENABLE_CGROUPS
 	int pid = getpid();
 	char cgroupdir[64];
 	char procs_file[128];
@@ -3871,13 +3871,13 @@ static void loop()
 		if (pid < 0)
 			fail("clone failed");
 		if (pid == 0) {
-#if SYZ_HAVE_SETUP_TEST
-			setup_test();
-#endif
 #if SYZ_EXECUTOR || SYZ_USE_TMP_DIR
 			if (chdir(cwdbuf))
 				fail("failed to chdir");
 #endif
+#if SYZ_HAVE_SETUP_TEST
+			setup_test();
+#endif
 #if GOOS_akaros
 #if SYZ_EXECUTOR
 			dup2(child_pipe[0], kInPipeFd);
diff --git a/pkg/runtest/run.go b/pkg/runtest/run.go
index 21724fb2c..aa090e371 100644
--- a/pkg/runtest/run.go
+++ b/pkg/runtest/run.go
@@ -337,15 +337,16 @@ func (ctx *Context) createSyzTest(p *prog.Prog, sandbox string, threaded, cov bo
 
 func (ctx *Context) createCTest(p *prog.Prog, sandbox string, threaded bool, times int) (*RunRequest, error) {
 	opts := csource.Options{
-		Threaded:    threaded,
-		Collide:     false,
-		Repeat:      times > 1,
-		RepeatTimes: times,
-		Procs:       1,
-		Sandbox:     sandbox,
-		UseTmpDir:   true,
-		HandleSegv:  true,
-		Trace:       true,
+		Threaded:      threaded,
+		Collide:       false,
+		Repeat:        times > 1,
+		RepeatTimes:   times,
+		Procs:         1,
+		Sandbox:       sandbox,
+		UseTmpDir:     true,
+		HandleSegv:    true,
+		EnableCgroups: p.Target.OS == "linux" && sandbox != "",
+		Trace:         true,
 	}
 	if sandbox != "" {
 		if ctx.Features[host.FeatureNetworkInjection].Enabled {
diff --git a/sys/linux/test/cgroup b/sys/linux/test/cgroup
new file mode 100644
index 000000000..db6fb7317
--- /dev/null
+++ b/sys/linux/test/cgroup
@@ -0,0 +1,15 @@
+# Basic test for cgroups and executor cgroup setup.
+# This inherently does not work with sandbox="" because sandbox does part of setup.
+# TODO(dvyukov): sandbox=setuid has some permissions setup problems.
+# requires: -sandbox= -sandbox=setuid -C,norepeat
+
+r0 = getpid()
+r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
+read(r1, &(0x7f0000000100)="00", 0x1)
+write$cgroup_pid(r1, &(0x7f0000000100)=r0, 0x12)
+close(r1)
+openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/pids.max\x00', 0x2, 0x0)
+openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
+openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0)
+openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/cgroup.procs\x00', 0x2, 0x0)
+openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x1, 0x0)