From b17b4f5d0ddc4b052d56ddce25188723812d93cc Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Sun, 25 Oct 2020 11:48:15 +0100 Subject: executor: setup sysctl's in setup_machine Currently we assume that sysctl's are setup as part of machine boot. This introduces a non-trivial dependency on image creation and sysctl's are not captured by as part of C reproducers and are not captured by syzbot dashboard. This can make some reproducers fail on developer machines or on syzbot later when sysctl's change. Setup sysctl's in executor as part of machine setup. It makes it much more controllable and hermetic. --- executor/executor_linux.h | 43 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/executor/executor_linux.h b/executor/executor_linux.h index e4e3ab56b..48269fe83 100644 --- a/executor/executor_linux.h +++ b/executor/executor_linux.h @@ -248,14 +248,41 @@ static feature_t features[] = { {"usb", setup_usb}, }; +// Note: this is not executed in C reproducers. static void setup_machine() { - // nmi_check_duration() prints "INFO: NMI handler took too long" on slow debug kernels. - // It happens a lot in qemu, and the messages are frequently corrupted - // (intermixed with other kernel output as they are printed from NMI) - // and are not matched against the suppression in pkg/report. - // This write prevents these messages from being printed. - // Note: this is not executed in C reproducers. - if (!write_file("/sys/kernel/debug/x86/nmi_longest_ns", "10000000000")) - printf("write to /sys/kernel/debug/x86/nmi_longest_ns failed: %s\n", strerror(errno)); + static struct { + const char* name; + const char* data; + } files[] = { + // nmi_check_duration() prints "INFO: NMI handler took too long" on slow debug kernels. + // It happens a lot in qemu, and the messages are frequently corrupted + // (intermixed with other kernel output as they are printed from NMI) + // and are not matched against the suppression in pkg/report. + // This write prevents these messages from being printed. + {"/sys/kernel/debug/x86/nmi_longest_ns", "10000000000"}, + // This is part of deterministic hang/stall detection. + // Don't change this without considering workqueue.watchdog_thresh, + // CONFIG_RCU_CPU_STALL_TIMEOUT and CONFIG_DEFAULT_HUNG_TASK_TIMEOUT. + {"/proc/sys/kernel/watchdog_thresh", "55"}, + {"/proc/sys/kernel/hung_task_check_interval_secs", "20"}, + // This gives more interesting coverage. + {"/proc/sys/net/core/bpf_jit_enable", "1"}, + // bpf_jit_kallsyms and disabling bpf_jit_harden are required + // for unwinding through bpf functions. + {"/proc/sys/net/core/bpf_jit_kallsyms", "1"}, + {"/proc/sys/net/core/bpf_jit_harden", "0"}, + // This is to provide more useful info in crash reports. + {"/proc/sys/kernel/kptr_restrict", "0"}, + {"/proc/sys/kernel/softlockup_all_cpu_backtrace", "1"}, + // This is to restrict effects of recursive exponential mounts, for details see + // "mnt: Add a per mount namespace limit on the number of mounts" commit. + {"/proc/sys/fs/mount-max", "100"}, + // Dumping all tasks to console can take too long. + {"/proc/sys/vm/oom_dump_tasks", "0"}, + }; + for (size_t i = 0; i < ARRAY_SIZE(files); i++) { + if (!write_file(files[i].name, files[i].data)) + printf("write to %s failed: %s\n", files[i].name, strerror(errno)); + } } -- cgit mrf-deployment