[CRIU] [PATCH] zdtm: remove busy loops from seccomp_strict

Tycho Andersen tycho.andersen at canonical.com
Wed Jul 22 08:19:08 PDT 2015 

On Wed, Jul 22, 2015 at 05:48:14PM +0300, Andrey Vagin wrote:
> Don't heat a planet! :)

:)

Acked-by: Tycho Andersen <tycho.andersen at canonical.com>

> Cc: Tycho Andersen <tycho.andersen at canonical.com>
> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> ---
>  test/zdtm/lib/msg.c                    |  6 +++
>  test/zdtm/lib/zdtmtst.h                |  1 +
>  test/zdtm/live/static/seccomp_strict.c | 73 ++++++++++++++++++++++++++--------
>  3 files changed, 63 insertions(+), 17 deletions(-)
> 
> diff --git a/test/zdtm/lib/msg.c b/test/zdtm/lib/msg.c
> index c88ceac..b366e4f 100644
> --- a/test/zdtm/lib/msg.c
> +++ b/test/zdtm/lib/msg.c
> @@ -34,6 +34,7 @@ int test_log_init(const char *fname, const char *suffix)
>  	return 0;
>  }
>  
> +int zdtm_seccomp;
>  void test_msg(const char *format, ...)
>  {
>  	va_list arg;
> @@ -43,6 +44,9 @@ void test_msg(const char *format, ...)
>  	struct timeval tv;
>  	struct tm *tm;
>  
> +	if (zdtm_seccomp) /* seccomp allows restricted set of syscall-s */
> +		goto skip;
> +
>  	gettimeofday(&tv, NULL);
>  	tm = localtime(&tv.tv_sec);
>  	if (tm == NULL) {
> @@ -53,6 +57,8 @@ void test_msg(const char *format, ...)
>  
>  	off += sprintf(buf + off, ".%.3ld: ", tv.tv_usec / 1000);
>  	off += sprintf(buf + off, "%5d: ", getpid());
> +
> +skip:
>  	va_start(arg, format);
>  	off += vsnprintf(buf + off, sizeof(buf) - off, format, arg);
>  	va_end(arg);
> diff --git a/test/zdtm/lib/zdtmtst.h b/test/zdtm/lib/zdtmtst.h
> index 23802d0..db00cad 100644
> --- a/test/zdtm/lib/zdtmtst.h
> +++ b/test/zdtm/lib/zdtmtst.h
> @@ -101,6 +101,7 @@ extern int parse_opt_string(char *param, void *arg);
>  /* message helpers */
>  extern void setup_outfile(void);
>  extern int test_log_init(const char *outfile, const char *suffix);
> +extern int zdtm_seccomp;
>  #define err(format, arg...)	\
>  	test_msg("ERR: %s:%d: " format " (errno = %d (%s))\n", \
>  		__FILE__, __LINE__, ## arg, errno, strerror(errno))
> diff --git a/test/zdtm/live/static/seccomp_strict.c b/test/zdtm/live/static/seccomp_strict.c
> index 97db19b..833e5c6 100644
> --- a/test/zdtm/live/static/seccomp_strict.c
> +++ b/test/zdtm/live/static/seccomp_strict.c
> @@ -4,12 +4,17 @@
>  #include <sys/prctl.h>
>  #include <linux/seccomp.h>
>  #include <linux/limits.h>
> +#include <stdlib.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +#include <sys/wait.h>
> +#include <sys/syscall.h>
>  #include "zdtmtst.h"
>  
>  const char *test_doc	= "Check that SECCOMP_MODE_STRICT is restored";
>  const char *test_author	= "Tycho Andersen <tycho.andersen at canonical.com>";
>  
> -int get_seccomp_mode(pid_t pid, bool after_checkpoint)
> +int get_seccomp_mode(pid_t pid)
>  {
>  	FILE *f;
>  	char buf[PATH_MAX];
> @@ -23,12 +28,6 @@ int get_seccomp_mode(pid_t pid, bool after_checkpoint)
>  
>  	while (NULL != fgets(buf, sizeof(buf), f)) {
>  		int mode;
> -		char state;
> -
> -		if (after_checkpoint && sscanf(buf, "State: %c %*s", &state) == 1 && state != 'R') {
> -			fail("resumed but state is not R (%c), seccomp killed the process during resume\n", state);
> -			break;
> -		}
>  
>  		if (sscanf(buf, "Seccomp:\t%d", &mode) != 1)
>  			continue;
> @@ -44,10 +43,17 @@ int get_seccomp_mode(pid_t pid, bool after_checkpoint)
>  int main(int argc, char ** argv)
>  {
>  	pid_t pid;
> -	int ret = 1, mode;
> +	int mode, status;
> +	int sk_pair[2], sk;
> +	char c = 'K';
>  
>  	test_init(argc, argv);
>  
> +	if (socketpair(PF_LOCAL, SOCK_SEQPACKET, 0, sk_pair)) {
> +		err("socketpair");
> +		return -1;
> +	}
> +
>  	pid = fork();
>  	if (pid < 0) {
>  		err("fork");
> @@ -55,29 +61,62 @@ int main(int argc, char ** argv)
>  	}
>  
>  	if (pid == 0) {
> +		sk = sk_pair[1];
> +		close(sk_pair[0]);
> +		zdtm_seccomp = 1;
> +
>  		if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT) < 0) {
>  			err("prctl failed");
>  			return -1;
>  		}
> +		test_msg("SECCOMP_MODE_STRICT is enabled\n");
>  
> -		while(1)
> -			/* can't sleep() here, seccomp kills us */;
> +		if (write(sk, &c, 1) != 1) {
> +			err("write");
> +			return -1;
> +		}
> +		if (read(sk, &c, 1) != 1) {
> +			_exit(1);
> +			err("read");
> +			return -1;
> +		}
> +
> +		syscall(__NR_exit, 0);
>  	}
>  
> -	while(get_seccomp_mode(pid, false) != SECCOMP_MODE_STRICT)
> -		sleep(1);
> +	sk = sk_pair[0];
> +	close(sk_pair[1]);
> +
> +	if (read(sk, &c, 1) != 1) {
> +		err("read");
> +		goto err;
> +	}
>  
>  	test_daemon();
>  	test_waitsig();
>  
> -	mode = get_seccomp_mode(pid, true);
> +	mode = get_seccomp_mode(pid);
> +	if (write(sk, &c, 1) != 1) {
> +		err("write");
> +		goto err;
> +	}
> +	if (waitpid(pid, &status, 0) != pid) {
> +		err("waitpid");
> +		exit(1);
> +	}
> +	if (status != 0) {
> +		err("The child exited with an unexpected code %d", status);
> +		exit(1);
> +	}
>  	if (mode != SECCOMP_MODE_STRICT) {
>  		fail("seccomp mode mismatch %d\n", mode);
> -	} else {
> -		pass();
> -		ret = 0;
> +		return 1;
>  	}
>  
> +	pass();
> +
> +	return 0;
> +err:
>  	kill(pid, SIGKILL);
> -	return ret;
> +	return 1;
>  }
> -- 
> 2.1.0
>

More information about the CRIU mailing list