diff options
| author | Andrei Vagin <avagin@google.com> | 2024-07-04 00:55:08 +0000 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-07-08 06:39:50 +0000 |
| commit | 7ca8bbea5b1d25d89927d7b017d7f7da4ab226a7 (patch) | |
| tree | 4f36913f3a146462b82053e4a233fbce9069ffd9 | |
| parent | eb4d8036c1b6035539881d798dd7e557b4a7d78f (diff) | |
vm/gvisor: add gvisor presubmit test
Download the latest gvisor release and run the syz-manager smoke-test
suite.
Signed-off-by: Andrei Vagin <avagin@google.com>
| -rw-r--r-- | .github/workflows/ci.yml | 20 | ||||
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | pkg/vminfo/linux.go | 6 | ||||
| -rwxr-xr-x | tools/gvisor-smoke-test.sh | 41 |
4 files changed, 70 insertions, 0 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 48bd1078b..17b38a401 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -186,3 +186,23 @@ jobs: run: | cd gopath/src/github.com/google/syzkaller .github/workflows/run.sh make presubmit_old + gvisor: + runs-on: ubuntu-latest + container: + image: gcr.io/syzkaller/syzbot:latest + options: --privileged + env: + GOPATH: /__w/syzkaller/syzkaller/gopath + CI: true + TERM: dumb + GITHUB_ACTIONS: true + steps: + - name: checkout + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + path: gopath/src/github.com/google/syzkaller + - name: run + run: | + cd gopath/src/github.com/google/syzkaller + make + .github/workflows/run.sh bash -xe tools/gvisor-smoke-test.sh @@ -382,6 +382,9 @@ presubmit_old: descriptions TARGETARCH=mips64le TARGETVMARCH=mips64le $(MAKE) target TARGETARCH=s390x TARGETVMARCH=s390x $(MAKE) target +presubmit_gvisor: host target + ./tools/gvisor-smoke-test.sh + test: descriptions $(GO) test -short -coverprofile=.coverage.txt ./... diff --git a/pkg/vminfo/linux.go b/pkg/vminfo/linux.go index 030b9a038..d6b83ef2f 100644 --- a/pkg/vminfo/linux.go +++ b/pkg/vminfo/linux.go @@ -34,6 +34,7 @@ func (linux) checkFiles() []string { "/proc/version", "/proc/filesystems", "/sys/kernel/security/lsm", + "/proc/sentry-meminfo", } } @@ -45,6 +46,11 @@ func (linux) machineInfos() []machineInfoFunc { } func (linux) parseModules(files filesystem) ([]*cover.KernelModule, error) { + _, err := files.ReadFile("/proc/sentry-meminfo") + if err == nil { + // This is gVisor. + return nil, nil + } var modules []*cover.KernelModule re := regexp.MustCompile(`(\w+) ([0-9]+) .*(0[x|X][a-fA-F0-9]+)[^\n]*`) modulesText, _ := files.ReadFile("/proc/modules") diff --git a/tools/gvisor-smoke-test.sh b/tools/gvisor-smoke-test.sh new file mode 100755 index 000000000..fdc75f64a --- /dev/null +++ b/tools/gvisor-smoke-test.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash +# Copyright 2024 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +set -xe -o pipefail + +workdir="$(mktemp -d /tmp/syzkaller-gvisor-test.XXXXXX)" + +cleanup() { + sudo -E rm -rf "$workdir" +} + +trap cleanup EXIT + +syzdir="$(pwd)" +cat > "$workdir/config" <<EOF +{ + "name": "gvisor", + "target": "linux/amd64", + "http": ":54321", + "workdir": "/$workdir/workdir/", + "image": "$workdir/kernel/vmlinux", + "kernel_obj": "$workdir/kernel/", + "syzkaller": "$syzdir", + "cover": false, + "procs": 1, + "type": "gvisor", + "vm": { + "count": 1, + "runsc_args": "--ignore-cgroups --network none" + } +} +EOF + +arch="$(uname -m)" +url="https://storage.googleapis.com/gvisor/releases/release/latest/${arch}" +mkdir "$workdir/kernel" +curl --output "$workdir/kernel/vmlinux" "${url}/runsc" +chmod a+rx "$workdir/kernel/vmlinux" + +sudo -E ./bin/syz-manager -config "$workdir/config" --mode smoke-test |