From 76decb8275c764d309b8daf5ab9dc573b2411ddf Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Wed, 14 Jun 2023 15:37:49 +0200 Subject: executor: use v1 memory cgroup controller Given that we must chose only one version, fuzzing v1 of itseems to be of higher value at the moment. Later we might make it a configurable option and do both version. --- executor/common_linux.h | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) (limited to 'executor') diff --git a/executor/common_linux.h b/executor/common_linux.h index f9de21c0a..c5fc7f6ab 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -3687,9 +3687,9 @@ static void setup_cgroups() // Note: we need to enable controllers one-by-one for both cgroup and cgroup2. // If we enable all at the same time and one of them fails (b/c of older kernel // or not enabled configs), then all will fail. - const char* unified_controllers[] = {"+cpu", "+memory", "+io", "+pids"}; + const char* unified_controllers[] = {"+cpu", "+io", "+pids"}; const char* net_controllers[] = {"net", "net_prio", "devices", "blkio", "freezer"}; - const char* cpu_controllers[] = {"cpuset", "cpuacct", "hugetlb", "rlimit"}; + const char* cpu_controllers[] = {"cpuset", "cpuacct", "hugetlb", "rlimit", "memory"}; if (mkdir("/syzcgroup", 0777)) { // Can happen due to e.g. read-only file system (EROFS). debug("mkdir(/syzcgroup) failed: %d\n", errno); @@ -3721,32 +3721,30 @@ static void setup_cgroups_loop() // 32 pids should be enough for everyone. snprintf(file, sizeof(file), "%s/pids.max", cgroupdir); write_file(file, "32"); + // Setup some v1 groups to make things more interesting. + snprintf(file, sizeof(file), "%s/cgroup.procs", cgroupdir); + write_file(file, "%d", pid); + snprintf(cgroupdir, sizeof(cgroupdir), "/syzcgroup/cpu/syz%llu", procid); + if (mkdir(cgroupdir, 0777)) { + debug("mkdir(%s) failed: %d\n", cgroupdir, errno); + } + snprintf(file, sizeof(file), "%s/cgroup.procs", cgroupdir); + write_file(file, "%d", pid); // Restrict memory consumption. // We have some syscalls that inherently consume lots of memory, // e.g. mounting some filesystem images requires at least 128MB // image in memory. We restrict RLIMIT_AS to 200MB. Here we gradually - // increase low/high/max limits to make things more interesting. + // increase memory limits to make things more interesting. // Also this takes into account KASAN quarantine size. // If the limit is lower than KASAN quarantine size, then it can happen // so that we kill the process, but all of its memory is in quarantine // and is still accounted against memcg. As the result memcg won't // allow to allocate any memory in the parent and in the new test process. // The current limit of 300MB supports up to 9.6GB RAM (quarantine is 1/32). - snprintf(file, sizeof(file), "%s/memory.low", cgroupdir); - write_file(file, "%d", 298 << 20); - snprintf(file, sizeof(file), "%s/memory.high", cgroupdir); + snprintf(file, sizeof(file), "%s/memory.soft_limit_in_bytes", cgroupdir); write_file(file, "%d", 299 << 20); - snprintf(file, sizeof(file), "%s/memory.max", cgroupdir); + snprintf(file, sizeof(file), "%s/memory.limit_in_bytes", cgroupdir); write_file(file, "%d", 300 << 20); - // Setup some v1 groups to make things more interesting. - snprintf(file, sizeof(file), "%s/cgroup.procs", cgroupdir); - write_file(file, "%d", pid); - snprintf(cgroupdir, sizeof(cgroupdir), "/syzcgroup/cpu/syz%llu", procid); - if (mkdir(cgroupdir, 0777)) { - debug("mkdir(%s) failed: %d\n", cgroupdir, errno); - } - snprintf(file, sizeof(file), "%s/cgroup.procs", cgroupdir); - write_file(file, "%d", pid); snprintf(cgroupdir, sizeof(cgroupdir), "/syzcgroup/net/syz%llu", procid); if (mkdir(cgroupdir, 0777)) { debug("mkdir(%s) failed: %d\n", cgroupdir, errno); -- cgit mrf-deployment