From: Evgeny Vereshchagin Date: Sun, 11 Apr 2021 00:38:56 +0000 (+0000) Subject: ci: an attempt to run the tests under ASan/UBsan X-Git-Tag: lxc-5.0.0~200^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a0720a91e2097bc7dd239347ec5e09f8cbfc862;p=thirdparty%2Flxc.git ci: an attempt to run the tests under ASan/UBsan Signed-off-by: Evgeny Vereshchagin --- diff --git a/.github/workflows/lxc-exercise b/.github/workflows/lxc-exercise new file mode 100755 index 000000000..b7da20764 --- /dev/null +++ b/.github/workflows/lxc-exercise @@ -0,0 +1,174 @@ +#!/bin/bash +# Environment +set -eu +set -x +set -o pipefail + +unset TMPDIR + +TEST_PASS=0 +TEST_FAIL=0 +TEST_IGNORED=0 + +IGNORE_LIST="" + +export ASAN_OPTIONS=detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1 + +# https://github.com/lxc/lxc/issues/3757 +ASAN_OPTIONS="$ASAN_OPTIONS:detect_odr_violation=0" + +export UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 + +# Helper functions +pass() { + TEST_PASS=$((${TEST_PASS}+1)) + + CURRENT_TIME=$(date +%s) + DURATION=$((CURRENT_TIME-START_TIME)) + + echo "PASS: $1 (${DURATION}s)" +} + +fail() { + for entry in $IGNORE_LIST; do + if [ "$entry" = "$2" ]; then + ignore $1 + return + fi + done + + TEST_FAIL=$((${TEST_FAIL}+1)) + + CURRENT_TIME=$(date +%s) + DURATION=$((CURRENT_TIME-START_TIME)) + + echo "FAIL: $1 (${DURATION}s)" + + if [ -f "$3" ]; then + echo "---" + cat $3 + echo "---" + fi +} + +ignore() { + TEST_IGNORED=$((${TEST_IGNORED}+1)) + echo "IGNORED: $*" +} + +summary() { + echo "" + echo "SUMMARY: pass=$TEST_PASS, fail=$TEST_FAIL, ignored=$TEST_IGNORED" +} + +apt-get install --yes --no-install-recommends \ + apparmor automake autoconf bash-completion bridge-utils build-essential \ + busybox-static clang cloud-image-utils curl dbus debhelper debootstrap \ + devscripts dh-apparmor dh-autoreconf dh-systemd dnsmasq-base \ + docbook2x doxygen ed fakeroot file gcc gnupg graphviz git iptables \ + net-tools libapparmor-dev libcap-dev libgnutls28-dev liblua5.2-dev \ + libpam0g-dev libseccomp-dev libselinux1-dev libtool linux-libc-dev \ + llvm lsb-release make openssl pkg-config python3-all-dev \ + python3-setuptools rsync squashfs-tools uidmap unzip uuid-runtime \ + wget xz-utils + +./autogen.sh +CFLAGS=-fsanitize=address,undefined ./configure --enable-tests --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-no-undefined +make +make install + +sed -i 's/USE_LXC_BRIDGE="false"/USE_LXC_BRIDGE="true"/' /etc/default/lxc +systemctl daemon-reload +systemctl restart apparmor +systemctl restart lxc-net + +# Source distro information +[ -e /etc/lsb-release ] && . /etc/lsb-release + +# Workaround for broken gpg2 +if [ -n "${http_proxy:-}" ] && [ -e /usr/bin/dirmngr ]; then + dpkg-divert --divert /usr/bin/dirmngr.orig --rename --add /usr/bin/dirmngr + ( + cat << EOF +#!/bin/sh +exec /usr/bin/dirmngr.orig --honor-http-proxy \$@ +EOF + ) > /usr/bin/dirmngr + chmod +x /usr/bin/dirmngr +fi + +# Override the GPG server +sed -i "s/^DOWNLOAD_VALIDATE.*/DOWNLOAD_VALIDATE=\"false\"/" /usr/share/lxc/templates/lxc-download +export DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80" + +# The actual tests +## Default testsuite +for testbin in /usr/bin/lxc-test-*; do + STRING="lxc-tests: $testbin" + [ ! -x "$testbin" ] && continue + + # Some tests can't be run standalone + [ "$testbin" = "/usr/bin/lxc-test-may-control" ] && continue + + # Skip some tests when running in a container + if [ -f /run/container_type ] || (type systemd-detect-virt >/dev/null 2>&1 && systemd-detect-virt --container >/dev/null 2>&1); then + [ "$testbin" = "/usr/bin/lxc-test-reboot" ] && \ + ignore "$STRING" && continue + fi + + # Skip userns tests in unprivileged containers + if [ -f /proc/self/uid_map ] && \ + ! grep -q "4294967295$" /proc/self/uid_map; then + + [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \ + ignore "$STRING" && continue + + [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \ + ignore "$STRING" && continue + fi + + # Skip some tests on old kernels + if [ ! -f /proc/self/uid_map ] || [ ! -f /etc/subuid ] || \ + [ ! -f /etc/subgid ]; then + [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \ + ignore "$STRING" && continue + + [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \ + ignore "$STRING" && continue + fi + + OUT=$(mktemp) + START_TIME=$(date +%s) + echo "$testbin" + (timeout 10m $testbin |& tee $OUT) && pass "$STRING" || fail "$STRING" "$testbin" "$OUT" + rm $OUT +done + +## Python3 testsuite +STRING="python3: API" +if [ ! -f /usr/share/doc/python3-lxc/examples/api_test.py.gz ]; then + ignore "$STRING" +else + OUT=$(mktemp) + + PYTEST=$(mktemp) + cat /usr/share/doc/python3-lxc/examples/api_test.py.gz | gzip -d > $PYTEST + python3 $PYTEST >$OUT 2>&1 && pass "$STRING" || \ + fail "$STRING" "python3" "$OUT" + rm $PYTEST + + rm $OUT +fi + +# Workaround for broken gpg2 +if [ -n "${http_proxy:-}" ] && [ -e /usr/bin/dirmngr ]; then + rm /usr/bin/dirmngr + dpkg-divert --divert /usr/bin/dirmngr.orig --rename --remove /usr/bin/dirmngr +fi + +# Test summary +summary + +[ "$TEST_FAIL" != "0" ] && exit 1 + +exit 0 diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml new file mode 100644 index 000000000..ae78f18a9 --- /dev/null +++ b/.github/workflows/sanitizers.yml @@ -0,0 +1,22 @@ +name: Sanitizers build +on: + - push + - pull_request +jobs: + test: + strategy: + fail-fast: false + matrix: + compiler: + - gcc + - clang + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Build + env: + CC: ${{ matrix.compiler }} + run: | + sudo CC=${{ matrix.compiler }} .github/workflows/lxc-exercise