[LTP] [RFC PATCH] LTP Wrapper for Syzkaller reproducers
Cyril Hrubis
chrubis@suse.cz
Thu Oct 10 15:22:49 CEST 2019
Hi!
> > > > > > Indeed, it's removed recursively by the test library.
> > > > >
> > > > > :popcorn:
> > > > >
> > > > > It took me several years to figure out how to more or less reliably
> > > > > remove dirs after the fuzzer ;)
> > > > > (no, unlink won't do ;))
> > > >
> > > > I guess that there are things such as immutable file attributes that has
> > > > to be cleared and many more. Do you have piece of code somewhere that we
> > > > can look into to spare us from reinventing the wheel?
> > >
> > > Here is what we have:
> > > https://github.com/google/syzkaller/blob/c4b9981b5f5b70dc03eb3f76c618398510101a1d/executor/common_linux.h#L2358-L2461
> > > Maybe it can be simplified, but that's what we ended up with after
> > > some organic evolution. At least the comments may give some hints as
> > > to what may go wrong.
> >
> > Thanks a lot!
> >
> > Also I see that you are using namespaces, and much more, to sandbox the
> > fuzzer, I was wondering if we should do that, at least separate user and
> > pid namespace sounds like a good idea to me.
>
> I don't know how far you want to go. This sandboxing definitely helps
> us to isolate processes and make tests more repeatable by avoiding
> interference (I don't know if LTP, say, runs tests in parallel).
Not yet, but we are slowly getting to a point where LTP tests could be
run in parallel. It's a bit more complicated for functional tests, since
there are number of constraints, for which tests should not be run in
parallel. And for number of these sandboxing wouldn't help either, since
it's more of a matter of available resources than isolation.
I'm close to solving first half of the problem, i.e. propagating the
test constraints from tests to the testrunner. I also wrote a blog post
about this, you can read it at:
https://people.kernel.org/metan/towards-parallel-kernel-test-runs
But even without running tests in parallel there are resources that have
kernel persistence and will outlive the process, such as SysV IPC. So I
guess that at least some sandboxing has to be done even for non-parallel
runs.
> mount namespaces are useful to later drop all of test mounts at once,
> this would solve a significant part of the remote_dir logic. If the
> temp dir is on tmpfs in the mount namespace as well, then it will be
> automatically dropped altogether with all contents.
Again, thanks for the hint!
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list