From 3a2fe60529aff48ba86c979157df9c1a7eefd658 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 9 Aug 2018 14:48:06 +0200 Subject: executor: fix cgroups 1. Create per-proc cgroup in executor. 2. Setup cgroups after chdir into test dir (it assumes relative paths against test dir). 3. Add test. --- executor/common.h | 6 +++--- executor/common_linux.h | 3 +-- pkg/csource/generated.go | 8 ++++---- pkg/runtest/run.go | 19 ++++++++++--------- sys/linux/test/cgroup | 15 +++++++++++++++ 5 files changed, 33 insertions(+), 18 deletions(-) create mode 100644 sys/linux/test/cgroup diff --git a/executor/common.h b/executor/common.h index 04358d1b1..6b8b43a33 100644 --- a/executor/common.h +++ b/executor/common.h @@ -514,13 +514,13 @@ static void loop() if (pid < 0) fail("clone failed"); if (pid == 0) { -#if SYZ_HAVE_SETUP_TEST - setup_test(); -#endif #if SYZ_EXECUTOR || SYZ_USE_TMP_DIR if (chdir(cwdbuf)) fail("failed to chdir"); #endif +#if SYZ_HAVE_SETUP_TEST + setup_test(); +#endif #if GOOS_akaros #if SYZ_EXECUTOR dup2(child_pipe[0], kInPipeFd); diff --git a/executor/common_linux.h b/executor/common_linux.h index 9c1f5d776..e491c1f94 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -1969,8 +1969,7 @@ static void kill_and_wait(int pid, int* status) #define SYZ_HAVE_SETUP_LOOP 1 static void setup_loop() { -// TODO(dvyukov): this needs SYZ_EXECUTOR and a test. -#if SYZ_ENABLE_CGROUPS +#if SYZ_EXECUTOR || SYZ_ENABLE_CGROUPS int pid = getpid(); char cgroupdir[64]; char procs_file[128]; diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index cd59914e3..a5b25001f 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -3422,7 +3422,7 @@ static void kill_and_wait(int pid, int* status) #define SYZ_HAVE_SETUP_LOOP 1 static void setup_loop() { -#if SYZ_ENABLE_CGROUPS +#if SYZ_EXECUTOR || SYZ_ENABLE_CGROUPS int pid = getpid(); char cgroupdir[64]; char procs_file[128]; @@ -3871,13 +3871,13 @@ static void loop() if (pid < 0) fail("clone failed"); if (pid == 0) { -#if SYZ_HAVE_SETUP_TEST - setup_test(); -#endif #if SYZ_EXECUTOR || SYZ_USE_TMP_DIR if (chdir(cwdbuf)) fail("failed to chdir"); #endif +#if SYZ_HAVE_SETUP_TEST + setup_test(); +#endif #if GOOS_akaros #if SYZ_EXECUTOR dup2(child_pipe[0], kInPipeFd); diff --git a/pkg/runtest/run.go b/pkg/runtest/run.go index 21724fb2c..aa090e371 100644 --- a/pkg/runtest/run.go +++ b/pkg/runtest/run.go @@ -337,15 +337,16 @@ func (ctx *Context) createSyzTest(p *prog.Prog, sandbox string, threaded, cov bo func (ctx *Context) createCTest(p *prog.Prog, sandbox string, threaded bool, times int) (*RunRequest, error) { opts := csource.Options{ - Threaded: threaded, - Collide: false, - Repeat: times > 1, - RepeatTimes: times, - Procs: 1, - Sandbox: sandbox, - UseTmpDir: true, - HandleSegv: true, - Trace: true, + Threaded: threaded, + Collide: false, + Repeat: times > 1, + RepeatTimes: times, + Procs: 1, + Sandbox: sandbox, + UseTmpDir: true, + HandleSegv: true, + EnableCgroups: p.Target.OS == "linux" && sandbox != "", + Trace: true, } if sandbox != "" { if ctx.Features[host.FeatureNetworkInjection].Enabled { diff --git a/sys/linux/test/cgroup b/sys/linux/test/cgroup new file mode 100644 index 000000000..db6fb7317 --- /dev/null +++ b/sys/linux/test/cgroup @@ -0,0 +1,15 @@ +# Basic test for cgroups and executor cgroup setup. +# This inherently does not work with sandbox="" because sandbox does part of setup. +# TODO(dvyukov): sandbox=setuid has some permissions setup problems. +# requires: -sandbox= -sandbox=setuid -C,norepeat + +r0 = getpid() +r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x2, 0x0) +read(r1, &(0x7f0000000100)="00", 0x1) +write$cgroup_pid(r1, &(0x7f0000000100)=r0, 0x12) +close(r1) +openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/pids.max\x00', 0x2, 0x0) +openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) +openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0) +openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/cgroup.procs\x00', 0x2, 0x0) +openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x1, 0x0) -- cgit mrf-deployment