[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200117202441.GA11957@tower.DHCP.thefacebook.com>
Date: Fri, 17 Jan 2020 20:24:51 +0000
From: Roman Gushchin <guro@...com>
To: Christian Brauner <christian.brauner@...ntu.com>
CC: "linux-api@...r.kernel.org" <linux-api@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Tejun Heo <tj@...nel.org>, Oleg Nesterov <oleg@...hat.com>,
Shuah Khan <shuah@...nel.org>,
"cgroups@...r.kernel.org" <cgroups@...r.kernel.org>,
"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH v4 6/6] selftests/cgroup: add tests for cloning into
cgroups
On Fri, Jan 17, 2020 at 07:12:19PM +0100, Christian Brauner wrote:
> Expand the cgroup test-suite to include tests for CLONE_INTO_CGROUP.
> This adds the following tests:
> - CLONE_INTO_CGROUP manages to clone a process directly into a correctly
> delegated cgroup
> - CLONE_INTO_CGROUP fails to clone a process into a cgroup that has been
> removed after we've opened an fd to it
> - CLONE_INTO_CGROUP fails to clone a process into an invalid domain
> cgroup
> - CLONE_INTO_CGROUP adheres to the no internal process constraint
> - CLONE_INTO_CGROUP works with the freezer feature
>
> Cc: Roman Gushchin <guro@...com>
> Cc: Tejun Heo <tj@...nel.org>
> Cc: Shuah Khan <shuah@...nel.org>
> Cc: cgroups@...r.kernel.org
> Cc: linux-kselftest@...r.kernel.org
> Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>
Acked-by: Roman Gushchin <guro@...com>
Thank you for adding tests!
> ---
> /* v1 */
> Link: https://lore.kernel.org/r/20191218173516.7875-4-christian.brauner@ubuntu.com
>
> /* v2 */
> Link: https://lore.kernel.org/r/20191223061504.28716-4-christian.brauner@ubuntu.com
> unchanged
>
> /* v3 */
> Link: https://lore.kernel.org/r/20200117002143.15559-6-christian.brauner@ubuntu.com
> unchanged
>
> /* v3 */
v4?
> unchanged
> ---
> tools/testing/selftests/cgroup/Makefile | 6 +-
> tools/testing/selftests/cgroup/cgroup_util.c | 126 ++++++++++++++++++
> tools/testing/selftests/cgroup/cgroup_util.h | 4 +
> tools/testing/selftests/cgroup/test_core.c | 64 +++++++++
> .../selftests/clone3/clone3_selftests.h | 19 ++-
> 5 files changed, 214 insertions(+), 5 deletions(-)
>
> diff --git a/tools/testing/selftests/cgroup/Makefile b/tools/testing/selftests/cgroup/Makefile
> index 66aafe1f5746..967f268fde74 100644
> --- a/tools/testing/selftests/cgroup/Makefile
> +++ b/tools/testing/selftests/cgroup/Makefile
> @@ -11,6 +11,6 @@ TEST_GEN_PROGS += test_freezer
>
> include ../lib.mk
>
> -$(OUTPUT)/test_memcontrol: cgroup_util.c
> -$(OUTPUT)/test_core: cgroup_util.c
> -$(OUTPUT)/test_freezer: cgroup_util.c
> +$(OUTPUT)/test_memcontrol: cgroup_util.c ../clone3/clone3_selftests.h
> +$(OUTPUT)/test_core: cgroup_util.c ../clone3/clone3_selftests.h
> +$(OUTPUT)/test_freezer: cgroup_util.c ../clone3/clone3_selftests.h
> diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c
> index 8f7131dcf1ff..8a637ca7d73a 100644
> --- a/tools/testing/selftests/cgroup/cgroup_util.c
> +++ b/tools/testing/selftests/cgroup/cgroup_util.c
> @@ -15,6 +15,7 @@
> #include <unistd.h>
>
> #include "cgroup_util.h"
> +#include "../clone3/clone3_selftests.h"
>
> static ssize_t read_text(const char *path, char *buf, size_t max_len)
> {
> @@ -331,12 +332,112 @@ int cg_run(const char *cgroup,
> }
> }
>
> +pid_t clone_into_cgroup(int cgroup_fd)
> +{
> +#ifdef CLONE_ARGS_SIZE_VER2
> + pid_t pid;
> +
> + struct clone_args args = {
> + .flags = CLONE_INTO_CGROUP,
> + .exit_signal = SIGCHLD,
> + .cgroup = cgroup_fd,
> + };
> +
> + pid = sys_clone3(&args, sizeof(struct clone_args));
> + /*
> + * Verify that this is a genuine test failure:
> + * ENOSYS -> clone3() not available
> + * E2BIG -> CLONE_INTO_CGROUP not available
> + */
> + if (pid < 0 && (errno == ENOSYS || errno == E2BIG))
> + goto pretend_enosys;
> +
> + return pid;
> +
> +pretend_enosys:
> +#endif
> + errno = ENOSYS;
> + return -ENOSYS;
> +}
> +
> +int clone_reap(pid_t pid, int options)
> +{
> + int ret;
> + siginfo_t info = {
> + .si_signo = 0,
> + };
> +
> +again:
> + ret = waitid(P_PID, pid, &info, options | __WALL | __WNOTHREAD);
> + if (ret < 0) {
> + if (errno == EINTR)
> + goto again;
> + return -1;
> + }
> +
> + if (options & WEXITED) {
> + if (WIFEXITED(info.si_status))
> + return WEXITSTATUS(info.si_status);
> + }
> +
> + if (options & WSTOPPED) {
> + if (WIFSTOPPED(info.si_status))
> + return WSTOPSIG(info.si_status);
> + }
> +
> + if (options & WCONTINUED) {
> + if (WIFCONTINUED(info.si_status))
> + return 0;
> + }
> +
> + return -1;
> +}
> +
> +int dirfd_open_opath(const char *dir)
> +{
> + return open(dir, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW | O_PATH);
> +}
> +
> +#define close_prot_errno(fd) \
> + if (fd >= 0) { \
> + int _e_ = errno; \
> + close(fd); \
> + errno = _e_; \
> + }
> +
> +static int clone_into_cgroup_run_nowait(const char *cgroup,
> + int (*fn)(const char *cgroup, void *arg),
> + void *arg)
> +{
> + int cgroup_fd;
> + pid_t pid;
> +
> + cgroup_fd = dirfd_open_opath(cgroup);
> + if (cgroup_fd < 0)
> + return -1;
> +
> + pid = clone_into_cgroup(cgroup_fd);
> + close_prot_errno(cgroup_fd);
> + if (pid == 0)
> + exit(fn(cgroup, arg));
> +
> + return pid;
> +}
> +
> int cg_run_nowait(const char *cgroup,
> int (*fn)(const char *cgroup, void *arg),
> void *arg)
> {
> int pid;
>
> + pid = clone_into_cgroup_run_nowait(cgroup, fn, arg);
> + if (pid > 0)
> + return pid;
> +
> + /* Genuine test failure. */
> + if (pid < 0 && errno != ENOSYS)
> + return -1;
> +
> pid = fork();
> if (pid == 0) {
> char buf[64];
> @@ -450,3 +551,28 @@ int proc_read_strstr(int pid, bool thread, const char *item, const char *needle)
>
> return strstr(buf, needle) ? 0 : -1;
> }
> +
> +int clone_into_cgroup_run_wait(const char *cgroup)
> +{
> + int cgroup_fd;
> + pid_t pid;
> +
> + cgroup_fd = dirfd_open_opath(cgroup);
> + if (cgroup_fd < 0)
> + return -1;
> +
> + pid = clone_into_cgroup(cgroup_fd);
> + close_prot_errno(cgroup_fd);
> + if (pid < 0)
> + return -1;
> +
> + if (pid == 0)
> + exit(EXIT_SUCCESS);
> +
> + /*
> + * We don't care whether this fails. We only care whether the initial
> + * clone succeeded.
> + */
> + (void)clone_reap(pid, WEXITED);
> + return 0;
> +}
> diff --git a/tools/testing/selftests/cgroup/cgroup_util.h b/tools/testing/selftests/cgroup/cgroup_util.h
> index 49c54fbdb229..5a1305dd1f0b 100644
> --- a/tools/testing/selftests/cgroup/cgroup_util.h
> +++ b/tools/testing/selftests/cgroup/cgroup_util.h
> @@ -50,3 +50,7 @@ extern int cg_wait_for_proc_count(const char *cgroup, int count);
> extern int cg_killall(const char *cgroup);
> extern ssize_t proc_read_text(int pid, bool thread, const char *item, char *buf, size_t size);
> extern int proc_read_strstr(int pid, bool thread, const char *item, const char *needle);
> +extern pid_t clone_into_cgroup(int cgroup_fd);
> +extern int clone_reap(pid_t pid, int options);
> +extern int clone_into_cgroup_run_wait(const char *cgroup);
> +extern int dirfd_open_opath(const char *dir);
> diff --git a/tools/testing/selftests/cgroup/test_core.c b/tools/testing/selftests/cgroup/test_core.c
> index c5ca669feb2b..96e016ccafe0 100644
> --- a/tools/testing/selftests/cgroup/test_core.c
> +++ b/tools/testing/selftests/cgroup/test_core.c
> @@ -25,8 +25,11 @@
> static int test_cgcore_populated(const char *root)
> {
> int ret = KSFT_FAIL;
> + int err;
> char *cg_test_a = NULL, *cg_test_b = NULL;
> char *cg_test_c = NULL, *cg_test_d = NULL;
> + int cgroup_fd = -EBADF;
> + pid_t pid;
>
> cg_test_a = cg_name(root, "cg_test_a");
> cg_test_b = cg_name(root, "cg_test_a/cg_test_b");
> @@ -78,6 +81,52 @@ static int test_cgcore_populated(const char *root)
> if (cg_read_strcmp(cg_test_d, "cgroup.events", "populated 0\n"))
> goto cleanup;
>
> + /* Test that we can directly clone into a new cgroup. */
> + cgroup_fd = dirfd_open_opath(cg_test_d);
> + if (cgroup_fd < 0)
> + goto cleanup;
> +
> + pid = clone_into_cgroup(cgroup_fd);
> + if (pid < 0) {
> + if (errno == ENOSYS)
> + goto cleanup_pass;
> + goto cleanup;
> + }
> +
> + if (pid == 0) {
> + if (raise(SIGSTOP))
> + exit(EXIT_FAILURE);
> + exit(EXIT_SUCCESS);
> + }
> +
> + err = cg_read_strcmp(cg_test_d, "cgroup.events", "populated 1\n");
> +
> + (void)clone_reap(pid, WSTOPPED);
> + (void)kill(pid, SIGCONT);
> + (void)clone_reap(pid, WEXITED);
> +
> + if (err)
> + goto cleanup;
> +
> + if (cg_read_strcmp(cg_test_d, "cgroup.events", "populated 0\n"))
> + goto cleanup;
> +
> + /* Remove cgroup. */
> + if (cg_test_d) {
> + cg_destroy(cg_test_d);
> + free(cg_test_d);
> + cg_test_d = NULL;
> + }
> +
> + pid = clone_into_cgroup(cgroup_fd);
> + if (pid < 0)
> + goto cleanup_pass;
> + if (pid == 0)
> + exit(EXIT_SUCCESS);
> + (void)clone_reap(pid, WEXITED);
> + goto cleanup;
> +
> +cleanup_pass:
> ret = KSFT_PASS;
>
> cleanup:
> @@ -93,6 +142,8 @@ static int test_cgcore_populated(const char *root)
> free(cg_test_c);
> free(cg_test_b);
> free(cg_test_a);
> + if (cgroup_fd >= 0)
> + close(cgroup_fd);
> return ret;
> }
>
> @@ -136,6 +187,16 @@ static int test_cgcore_invalid_domain(const char *root)
> if (errno != EOPNOTSUPP)
> goto cleanup;
>
> + if (!clone_into_cgroup_run_wait(child))
> + goto cleanup;
> +
> + if (errno == ENOSYS)
> + goto cleanup_pass;
> +
> + if (errno != EOPNOTSUPP)
> + goto cleanup;
> +
> +cleanup_pass:
> ret = KSFT_PASS;
>
> cleanup:
> @@ -345,6 +406,9 @@ static int test_cgcore_internal_process_constraint(const char *root)
> if (!cg_enter_current(parent))
> goto cleanup;
>
> + if (!clone_into_cgroup_run_wait(parent))
> + goto cleanup;
> +
> ret = KSFT_PASS;
>
> cleanup:
> diff --git a/tools/testing/selftests/clone3/clone3_selftests.h b/tools/testing/selftests/clone3/clone3_selftests.h
> index a3f2c8ad8bcc..91c1a78ddb39 100644
> --- a/tools/testing/selftests/clone3/clone3_selftests.h
> +++ b/tools/testing/selftests/clone3/clone3_selftests.h
> @@ -5,12 +5,24 @@
>
> #define _GNU_SOURCE
> #include <sched.h>
> +#include <linux/sched.h>
> +#include <linux/types.h>
> #include <stdint.h>
> #include <syscall.h>
> -#include <linux/types.h>
> +#include <sys/wait.h>
> +
> +#include "../kselftest.h"
>
> #define ptr_to_u64(ptr) ((__u64)((uintptr_t)(ptr)))
>
> +#ifndef CLONE_INTO_CGROUP
> +#define CLONE_INTO_CGROUP 0x200000000ULL /* Clone into a specific cgroup given the right permissions. */
> +#endif
> +
> +#ifndef CLONE_ARGS_SIZE_VER0
> +#define CLONE_ARGS_SIZE_VER0 64
> +#endif
> +
> #ifndef __NR_clone3
> #define __NR_clone3 -1
> struct clone_args {
> @@ -22,10 +34,13 @@ struct clone_args {
> __aligned_u64 stack;
> __aligned_u64 stack_size;
> __aligned_u64 tls;
> +#define CLONE_ARGS_SIZE_VER1 80
> __aligned_u64 set_tid;
> __aligned_u64 set_tid_size;
> +#define CLONE_ARGS_SIZE_VER2 88
> + __aligned_u64 cgroup;
> };
> -#endif
> +#endif /* __NR_clone3 */
>
> static pid_t sys_clone3(struct clone_args *args, size_t size)
> {
> --
> 2.25.0
>
Powered by blists - more mailing lists