From 2f7fc0ff65b73cf2a6bfc1878aae75a7f5bae870 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 16 Nov 2017 13:16:30 +0100 Subject: pkg/kernel: sandbox make invocation --- pkg/git/git.go | 69 +++++++++++++++++++++++++----------------- pkg/kernel/kernel.go | 27 +++++++++++------ pkg/osutil/osutil_akaros.go | 8 +++++ pkg/osutil/osutil_appengine.go | 8 +++++ pkg/osutil/osutil_bsd.go | 8 +++++ pkg/osutil/osutil_darwin.go | 8 +++++ pkg/osutil/osutil_fuchsia.go | 8 +++++ pkg/osutil/osutil_linux.go | 64 +++++++++++++++++++++++++++++++++++++-- pkg/osutil/osutil_windows.go | 8 +++++ 9 files changed, 170 insertions(+), 38 deletions(-) (limited to 'pkg') diff --git a/pkg/git/git.go b/pkg/git/git.go index e4a54f71d..f67db363a 100644 --- a/pkg/git/git.go +++ b/pkg/git/git.go @@ -21,8 +21,8 @@ const timeout = time.Hour // timeout for all git invocations // This involves fetching/resetting/cloning as necessary to recover from all possible problems. // Returns hash of the HEAD commit in the specified branch. func Poll(dir, repo, branch string) (string, error) { - osutil.RunCmd(timeout, dir, "git", "reset", "--hard") - origin, err := osutil.RunCmd(timeout, dir, "git", "remote", "get-url", "origin") + runSandboxed(dir, "git", "reset", "--hard") + origin, err := runSandboxed(dir, "git", "remote", "get-url", "origin") if err != nil || strings.TrimSpace(string(origin)) != repo { // The repo is here, but it has wrong origin (e.g. repo in config has changed), re-clone. if err := clone(dir, repo, branch); err != nil { @@ -32,19 +32,19 @@ func Poll(dir, repo, branch string) (string, error) { // Use origin/branch for the case the branch was force-pushed, // in such case branch is not the same is origin/branch and we will // stuck with the local version forever (git checkout won't fail). - if _, err := osutil.RunCmd(timeout, dir, "git", "checkout", "origin/"+branch); err != nil { + if _, err := runSandboxed(dir, "git", "checkout", "origin/"+branch); err != nil { // No such branch (e.g. branch in config has changed), re-clone. if err := clone(dir, repo, branch); err != nil { return "", err } } - if _, err := osutil.RunCmd(timeout, dir, "git", "fetch", "--no-tags"); err != nil { + if _, err := runSandboxed(dir, "git", "fetch", "--no-tags"); err != nil { // Something else is wrong, re-clone. if err := clone(dir, repo, branch); err != nil { return "", err } } - if _, err := osutil.RunCmd(timeout, dir, "git", "checkout", "origin/"+branch); err != nil { + if _, err := runSandboxed(dir, "git", "checkout", "origin/"+branch); err != nil { return "", err } return HeadCommit(dir) @@ -53,37 +53,32 @@ func Poll(dir, repo, branch string) (string, error) { // Checkout checkouts the specified repository/branch in dir. // It does not fetch history and efficiently supports checkouts of different repos in the same dir. func Checkout(dir, repo, branch string) (string, error) { - if _, err := osutil.RunCmd(timeout, dir, "git", "reset", "--hard"); err != nil { + if _, err := runSandboxed(dir, "git", "reset", "--hard"); err != nil { if err := initRepo(dir); err != nil { return "", err } } - output, err := osutil.RunCmd(timeout, dir, "git", "fetch", "--no-tags", "--depth=1", repo, branch) + _, err := runSandboxed(dir, "git", "fetch", "--no-tags", "--depth=1", repo, branch) if err != nil { - return "", fmt.Errorf("git fetch %v %v failed: %v\n%s", repo, branch, err, output) + return "", err } - if output, err := osutil.RunCmd(timeout, dir, "git", "checkout", "FETCH_HEAD"); err != nil { - return "", fmt.Errorf("git checkout FETCH_HEAD failed: %v\n%s", err, output) + if _, err := runSandboxed(dir, "git", "checkout", "FETCH_HEAD"); err != nil { + return "", err } return HeadCommit(dir) } func clone(dir, repo, branch string) error { - if err := os.RemoveAll(dir); err != nil { - return fmt.Errorf("failed to remove repo dir: %v", err) + if err := initRepo(dir); err != nil { + return err } - if err := osutil.MkdirAll(dir); err != nil { - return fmt.Errorf("failed to create repo dir: %v", err) + if _, err := runSandboxed(dir, "git", "remote", "add", "origin", repo); err != nil { + return err } - args := []string{ - "clone", - repo, - "--single-branch", - "--branch", branch, - dir, + if _, err := runSandboxed(dir, "git", "fetch", "origin", "master"); err != nil { + return err } - _, err := osutil.RunCmd(timeout, "", "git", args...) - return err + return nil } func initRepo(dir string) error { @@ -93,16 +88,18 @@ func initRepo(dir string) error { if err := osutil.MkdirAll(dir); err != nil { return fmt.Errorf("failed to create repo dir: %v", err) } - output, err := osutil.RunCmd(timeout, dir, "git", "init") - if err != nil { - return fmt.Errorf("failed to init git repo: %v\n%s", err, output) + if err := osutil.SandboxChown(dir); err != nil { + return err + } + if _, err := runSandboxed(dir, "git", "init"); err != nil { + return err } return nil } // HeadCommit returns hash of the HEAD commit of the current branch of git repository in dir. func HeadCommit(dir string) (string, error) { - output, err := osutil.RunCmd(timeout, dir, "git", "log", "--pretty=format:%H", "-n", "1") + output, err := runSandboxed(dir, "git", "log", "--pretty=format:%H", "-n", "1") if err != nil { return "", err } @@ -120,7 +117,7 @@ func ListRecentCommits(dir, baseCommit string) ([]string, error) { // On upstream kernel this produces ~11MB of output. // Somewhat inefficient to collect whole output in a slice // and then convert to string, but should be bearable. - output, err := osutil.RunCmd(timeout, dir, "git", "log", + output, err := runSandboxed(dir, "git", "log", "--pretty=format:%s", "--no-merges", "-n", "200000", baseCommit) if err != nil { return nil, err @@ -154,12 +151,18 @@ var commitPrefixes = []string{ func Patch(dir string, patch []byte) error { // Do --dry-run first to not mess with partially consistent state. cmd := osutil.Command("patch", "-p1", "--force", "--ignore-whitespace", "--dry-run") + if err := osutil.Sandbox(cmd, true, true); err != nil { + return err + } cmd.Stdin = bytes.NewReader(patch) cmd.Dir = dir if output, err := cmd.CombinedOutput(); err != nil { // If it reverses clean, then it's already applied // (seems to be the easiest way to detect it). cmd = osutil.Command("patch", "-p1", "--force", "--ignore-whitespace", "--reverse", "--dry-run") + if err := osutil.Sandbox(cmd, true, true); err != nil { + return err + } cmd.Stdin = bytes.NewReader(patch) cmd.Dir = dir if _, err := cmd.CombinedOutput(); err == nil { @@ -169,6 +172,9 @@ func Patch(dir string, patch []byte) error { } // Now apply for real. cmd = osutil.Command("patch", "-p1", "--force", "--ignore-whitespace") + if err := osutil.Sandbox(cmd, true, true); err != nil { + return err + } cmd.Stdin = bytes.NewReader(patch) cmd.Dir = dir if output, err := cmd.CombinedOutput(); err != nil { @@ -177,6 +183,15 @@ func Patch(dir string, patch []byte) error { return nil } +func runSandboxed(dir, command string, args ...string) ([]byte, error) { + cmd := osutil.Command(command, args...) + cmd.Dir = dir + if err := osutil.Sandbox(cmd, true, false); err != nil { + return nil, err + } + return osutil.Run(timeout, cmd) +} + // CheckRepoAddress does a best-effort approximate check of a git repo address. func CheckRepoAddress(repo string) bool { return gitRepoRe.MatchString(repo) diff --git a/pkg/kernel/kernel.go b/pkg/kernel/kernel.go index 2ec573540..2c35bcc40 100644 --- a/pkg/kernel/kernel.go +++ b/pkg/kernel/kernel.go @@ -25,21 +25,30 @@ import ( ) func Build(dir, compiler, config string) error { - if err := osutil.CopyFile(config, filepath.Join(dir, ".config")); err != nil { + configFile := filepath.Join(dir, ".config") + if err := osutil.CopyFile(config, configFile); err != nil { return fmt.Errorf("failed to write config file: %v", err) } - return build(dir, compiler) -} - -func build(dir, compiler string) error { - const timeout = 10 * time.Minute // default timeout for command invocations - if _, err := osutil.RunCmd(timeout, dir, "make", "olddefconfig"); err != nil { + if err := osutil.SandboxChown(configFile); err != nil { + return err + } + cmd := osutil.Command("make", "olddefconfig") + if err := osutil.Sandbox(cmd, true, true); err != nil { + return err + } + cmd.Dir = dir + if _, err := osutil.Run(10*time.Minute, cmd); err != nil { return err } // We build only bzImage as we currently don't use modules. - // Build of a large kernel can take a while on a 1 CPU VM. cpu := strconv.Itoa(runtime.NumCPU()) - if _, err := osutil.RunCmd(3*time.Hour, dir, "make", "bzImage", "-j", cpu, "CC="+compiler); err != nil { + cmd = osutil.Command("make", "bzImage", "-j", cpu, "CC="+compiler) + if err := osutil.Sandbox(cmd, true, true); err != nil { + return err + } + cmd.Dir = dir + // Build of a large kernel can take a while on a 1 CPU VM. + if _, err := osutil.Run(3*time.Hour, cmd); err != nil { return err } return nil diff --git a/pkg/osutil/osutil_akaros.go b/pkg/osutil/osutil_akaros.go index 6a69cc033..74061e23d 100644 --- a/pkg/osutil/osutil_akaros.go +++ b/pkg/osutil/osutil_akaros.go @@ -19,5 +19,13 @@ func UmountAll(dir string) { func prolongPipe(r, w *os.File) { } +func Sandbox(cmd *exec.Cmd, user, net bool) error { + return nil +} + +func SandboxChown(file string) error { + return nil +} + func setPdeathsig(cmd *exec.Cmd) { } diff --git a/pkg/osutil/osutil_appengine.go b/pkg/osutil/osutil_appengine.go index 2fc10761c..ce2938a24 100644 --- a/pkg/osutil/osutil_appengine.go +++ b/pkg/osutil/osutil_appengine.go @@ -9,5 +9,13 @@ import ( "os/exec" ) +func Sandbox(cmd *exec.Cmd, user, net bool) error { + return nil +} + +func SandboxChown(file string) error { + return nil +} + func setPdeathsig(cmd *exec.Cmd) { } diff --git a/pkg/osutil/osutil_bsd.go b/pkg/osutil/osutil_bsd.go index c955fdd72..569e78618 100644 --- a/pkg/osutil/osutil_bsd.go +++ b/pkg/osutil/osutil_bsd.go @@ -16,5 +16,13 @@ func UmountAll(dir string) { func prolongPipe(r, w *os.File) { } +func Sandbox(cmd *exec.Cmd, user, net bool) error { + return nil +} + +func SandboxChown(file string) error { + return nil +} + func setPdeathsig(cmd *exec.Cmd) { } diff --git a/pkg/osutil/osutil_darwin.go b/pkg/osutil/osutil_darwin.go index 1ade9c12a..da468300b 100644 --- a/pkg/osutil/osutil_darwin.go +++ b/pkg/osutil/osutil_darwin.go @@ -13,5 +13,13 @@ import ( func prolongPipe(r, w *os.File) { } +func Sandbox(cmd *exec.Cmd, user, net bool) error { + return nil +} + +func SandboxChown(file string) error { + return nil +} + func setPdeathsig(cmd *exec.Cmd) { } diff --git a/pkg/osutil/osutil_fuchsia.go b/pkg/osutil/osutil_fuchsia.go index de3827b13..e1cbe6046 100644 --- a/pkg/osutil/osutil_fuchsia.go +++ b/pkg/osutil/osutil_fuchsia.go @@ -37,5 +37,13 @@ func ProcessSignal(p *os.Process, sig int) bool { func prolongPipe(r, w *os.File) { } +func Sandbox(cmd *exec.Cmd, user, net bool) error { + return nil +} + +func SandboxChown(file string) error { + return nil +} + func setPdeathsig(cmd *exec.Cmd) { } diff --git a/pkg/osutil/osutil_linux.go b/pkg/osutil/osutil_linux.go index 0a84f3f14..d2aa34f1f 100644 --- a/pkg/osutil/osutil_linux.go +++ b/pkg/osutil/osutil_linux.go @@ -6,11 +6,16 @@ package osutil import ( + "fmt" "io/ioutil" "os" "os/exec" "path/filepath" + "strconv" + "strings" + "sync" "syscall" + "time" "unsafe" ) @@ -27,10 +32,65 @@ func UmountAll(dir string) { } } +func Sandbox(cmd *exec.Cmd, user, net bool) error { + if cmd.SysProcAttr == nil { + cmd.SysProcAttr = new(syscall.SysProcAttr) + } + if user { + uid, err := initSandbox() + if err != nil { + return err + } + cmd.SysProcAttr.Credential = &syscall.Credential{ + Uid: uid, + Gid: uid, + } + } + if net { + cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNET | syscall.CLONE_NEWIPC | + syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID + } + return nil +} + +func SandboxChown(file string) error { + uid, err := initSandbox() + if err != nil { + return err + } + return os.Chown(file, int(uid), int(uid)) +} + +var ( + sandboxOnce sync.Once + sandboxUsername = "syzkaller" + sandboxUID = ^uint32(0) +) + +func initSandbox() (uint32, error) { + sandboxOnce.Do(func() { + out, err := RunCmd(time.Minute, "", "id", "-u", sandboxUsername) + if err != nil || len(out) == 0 { + return + } + str := strings.Trim(string(out), " \t\n") + uid, err := strconv.ParseUint(str, 10, 32) + if err != nil { + return + } + sandboxUID = uint32(uid) + }) + if sandboxUID == ^uint32(0) { + return 0, fmt.Errorf("user %q is not found, can't sandbox command", sandboxUsername) + } + return sandboxUID, nil +} + func setPdeathsig(cmd *exec.Cmd) { - cmd.SysProcAttr = &syscall.SysProcAttr{ - Pdeathsig: syscall.SIGKILL, + if cmd.SysProcAttr == nil { + cmd.SysProcAttr = new(syscall.SysProcAttr) } + cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL } func prolongPipe(r, w *os.File) { diff --git a/pkg/osutil/osutil_windows.go b/pkg/osutil/osutil_windows.go index 4a00fe0c2..2d8569921 100644 --- a/pkg/osutil/osutil_windows.go +++ b/pkg/osutil/osutil_windows.go @@ -37,5 +37,13 @@ func ProcessSignal(p *os.Process, sig int) bool { return false } +func Sandbox(cmd *exec.Cmd, user, net bool) error { + return nil +} + +func SandboxChown(file string) error { + return nil +} + func setPdeathsig(cmd *exec.Cmd) { } -- cgit mrf-deployment