export cgroup_setup_mode(), the function will be helpful for the
developers to take decisions/actions based on the cgroup setup mode the
system is booted with.
Suggested-by: Tom Hromatka <tom.hromatka@oracle.com> Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
CID 313909 (#1 of 1): Uninitialized scalar variable (UNINIT)8.
uninit_use_in_call: Using uninitialized value *info.name as argument to
%s when calling fprintf.
In cgroup_add_all_controllers(), fix the wrong variable name in the
error message, while parsing the controller name.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Mon, 17 Apr 2023 14:58:15 +0000 (14:58 +0000)]
ftests: Add a domain invalid test
-----------------------------------------------------------------
Test Results:
Run Date: Apr 13 19:23:11
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
-------------------------------------------
setup 0.00
080-kernel-domain_invalid.py 4.22
teardown 0.00
-------------------------------------------
Total Run Time 4.22
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Mon, 17 Apr 2023 14:57:15 +0000 (14:57 +0000)]
ftests: Add a test to create a default systemd scope via cgcreate
Add a test to create a systemd scope via the cgcreate command
line tool. The scope is set as the default and used to create
a child cgroup.
-----------------------------------------------------------------
Test Results:
Run Date: Apr 10 21:39:10
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Test Time (sec)
--------------------------------------------------------
setup 0.00
079-sudo-cgcreate_default_systemd_scope.py 5.06
teardown 0.00
--------------------------------------------------------
Total Run Time 5.06
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Tue, 4 Apr 2023 22:32:12 +0000 (22:32 +0000)]
ftests: Add a test to create a systemd scope via cgcreate
Add a test to create a systemd scope via the cgcreate command
line tool.
-----------------------------------------------------------------
Test Results:
Run Date: Apr 05 01:35:43
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
------------------------------------------------
setup 0.00
078-sudo-cgcreate_systemd_scope.py 5.03
teardown 0.00
------------------------------------------------
Total Run Time 5.03
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Thu, 6 Apr 2023 19:36:57 +0000 (13:36 -0600)]
man: document cgcreate's -c and -S options
Add documentation about the -c (create scope) option and the -S
(set as default) option in the cgcreate man page. -c instructs
cgcreate to invoke cgroup_create_scope2() and create a systemd
scope. -S (used in conjunction with -c) will set the provided
scope as the default for subsequent libcgroup operations.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Wed, 5 Apr 2023 15:38:55 +0000 (15:38 +0000)]
src: ftests: Better management of libcgroup idle thread
Add the libcgroup_systemd_idle_thread to the EXTRA_DIST list. This
makes it available during `make distcheck`.
Modifying the PATH environment variable when running sudo is not
allowed on some systems. Copy the libcgroup_systemd_idle_thread
to /bin to overcome this.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Tue, 4 Apr 2023 22:31:51 +0000 (22:31 +0000)]
ftests: Add cgcreate systemd scope support
Add support for creating systemd scopes via the cgcreate command
line tool.
Python's subprocess.Popen.communicate() will not return until the
spawned process and all of its children finish running. This will
cause a cgcreate of a scope to hang because libcgroup creates an
idle process in the newly-created scope. Add a timeout to the run()
method so that it can complete even when a child process remains.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Mon, 3 Apr 2023 15:39:31 +0000 (09:39 -0600)]
cgcreate: Add support to create a systemd scope
Add support to create a systemd scope. A user can create a delegated
systemd scope using the following format:
$ cgcreate -c -g <controllers>:<slicename>/<scopename>
e.g.
$ cgcreate -c -g cpu,memory:libcgroup.slice/database.scope
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Tue, 4 Apr 2023 21:31:12 +0000 (21:31 +0000)]
systemd: Cleanup return codes in cgroup_create_scope()
cgroup_create_scope() used a single variable, ret, to handle return
codes from systemd/dbus, system calls, and internal libcgroup functions.
Use a separate return variable for each of these three cases to clearly
delineate errors.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Add '-c' option to cgget, that prints the controllers and their
versions,
this is useful for the user, who wants to list the available controllers
and/or their version too.
cgxget tool crashes, when passing basic operations such as multiple
cgroups as arguments or invalid parameters, it turns out the address of
struct cgroup passed for cgroup_free() has been invalid.
$ sudo ./src/tools/cgxget -1 -r cpu.shares a b
Segmentation fault (core dumped)
$ sudo ./src/tools/cgxget -1 cpu.shares a b
Segmentation fault (core dumped)
this patch fixes it by passing the right address of the struct cgroup[]
to cgroup_free().
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
'-m' is logically an independent option and should not be mixed and
matched with other options and also when used with '-h', help always
takes precedence over other options. Fix both cases of usage with
a bool flag, that gets set when parsing the command line option but
executes only it meets the rules of not mixing with other options.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Fri, 17 Mar 2023 15:25:49 +0000 (09:25 -0600)]
ftests: Add test for cgroup_get_procs()
Add a functional test for cgroup_get_procs()
-----------------------------------------------------------------
Test Results:
Run Date: Mar 17 16:11:34
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
-------------------------------------------------
setup 0.00
077-pybindings-cgroup_get_procs.py 40.31
teardown 0.00
-------------------------------------------------
Total Run Time 40.31
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
ftests-070: avoid enabling controller on leaf cgroup node
cgroup v2, has no internal process constraint, where the process runs
only on the leaf node of the cgroup hierarchy and no controllers should
be enabled on the leaf cgroup node too. Let's not enable cpu controller
on the leaf cgroup node.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
ftests-068: avoid enabling controller on leaf cgroup node
cgroup v2, has no internal process constraint, where the process runs
only on the leaf node of the cgroup hierarchy and no controllers should
be enabled on the leaf cgroup node too. Let's not enable cpu controller
on the leaf cgroup node.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
ftests-066: avoid enabling controller on leaf cgroup node
cgroup v2, has no internal process constraint, where the process runs
only on the leaf node of the cgroup hierarchy and no controllers should
be enabled on the leaf cgroup node too. Let's not enable cpu controller
on the leaf cgroup node. Also, fix the expected stderr, accordingly
while migrating the tasks using cgclassify.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
ftests-064: avoid enabling controller on leaf cgroup node
cgroup v2, has no internal process constraint, where the process runs
only on the leaf node of the cgroup hierarchy and no controllers should
be enabled on the leaf cgroup node too. Let's not enable cpu controller
on the leaf cgroup node.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
ftests-062: avoid enabling controller on leaf cgroup node
cgroup v2, has no internal process constraint, where the process runs
only on the leaf node of the cgroup hierarchy and no controllers should
be enabled on the leaf cgroup node too. Let's not enable cpu controller
on the leaf cgroup node.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Revert the logic to rely on the leaf cgroup node's subtree_control file
to examine the enabled controllers, this breaks the cgroup v2's no
internal process constraint and fallback to the original idea of relying
upon on leaf cgroup nodes, parent subtree_control to examine the enabled
controllers.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
As per the no internal process constraint, of cgroup v2 no controller
should be enabled in the leaf cgroup node. This patch breaks this
constraint by assuming the controllers are enabled until the leaf node
of the hierarchy. Let's revert to the original approach of reading
until the parent of the leaf cgroup node.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
cgroup v2, has no internal process constraint, where the process runs
only on the leaf node of the cgroup hierarchy and no controllers should
be enabled on the leaf cgroup node too, so that they don't compete with
the parent's internal process. This patch broke this rule by enabling
the controller on the leaf node by default. Let's revert to the original
approach of not enabling the controller on the leaf cgroup node.
Signed-by-off: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Add a test to exercise cgconfigparser auto convert functionality.
-----------------------------------------------------------------
Test Results:
Run Date: Apr 07 14:14:57
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
-------------------------------------------
setup 0.00
076-cgconfig-auto_convert.py 0.11
teardown 0.00
-------------------------------------------
Total Run Time 0.11
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Changed test number to 76 and added it to Makefile.am
The user might be using cgroup v1 controller settings in the
cgconfig.conf and when migrating to the cgroup v2 setup, they are
required to manually edit the cgconfig.conf file to map v1 controllers
settings to that of v2 settings, this might be cumbersome activity.
This patch tries to address the mapping issue, by silently mapping
the possible controller settings to the current cgroup setup.
the cpu controller settings are of cgroup v1 but the system is booted
into cgroup v2 setup. Running cgconfigparser without the patch, the user
will be warned about invalid settings and the parser will exit.
$ sudo cgconfigparser -l ./cgconfig.conf
cgconfigparser; error loading cgconfig.conf: Cgroup, requested group parameter does not exist
with this patch, cgconfigparser will attempt to convert the settings.
$ sudo cgconfigparser -l ./cgconfig.conf
$ cat /sys/fs/cgroup/foo/cpu.weight
50
$ cat /sys/fs/cgroup/foo/cpu.max
5000 100000
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
This patch cleans up a few oddities around return statements:
1. Removes redundant return statements across the ftests/*, mostly in
the function prereqs and a few other places too.
2. Follows the same function template for prereqs, across the ftests/*.,
and removes the checks for success on return from prereqs function,
those will be true always.
3. Also, replace consts.TEST_PASSED, None with pass for functions, that
serves as stub and remove the return value checks for stubs.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 7 Mar 2023 19:49:23 +0000 (12:49 -0700)]
ftests: Add cgroup_compare_cgroup() test
Add a test for the cgroup_compare_cgroup() python bindings
-----------------------------------------------------------------
Test Results:
Run Date: Mar 07 12:49:07
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
------------------------------------------------------
setup 0.00
075-pybindings-cgroup_compare_cgroup.py 0.09
teardown 0.00
------------------------------------------------------
Total Run Time 0.09
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 7 Mar 2023 19:45:35 +0000 (12:45 -0700)]
python: Add python bindings for cgroup_compare_cgroup()
Add python bindings for comparing two Cgroup instances. Perform
the usual python comparisons and also invoke cgroup_compare_cgroup()
to ensure the cgroups completely match.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 7 Mar 2023 22:34:34 +0000 (15:34 -0700)]
wrapper: Make cgroup_compare_cgroup() order agnostic
cgroup_compare_cgroup() can be used to compare two struct cgroup
instances. Improve its comparison algorithm so that it can successfully
identify cgroups as the same if the only difference is the order of the
controllers stored within them.
With this change, the following two cgroups would be identified as
equal.
cgroup_a
name = foo
controller[0] = memory
controller[1] = cpu
cgroup_b
name = foo
controller[0] = cpu
controller[1] = memory
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Sat, 4 Mar 2023 03:14:47 +0000 (03:14 +0000)]
ftests: Add a test for cgroup_add_all_controllers()
Add a test for cgroup_add_all_controllers()
-----------------------------------------------------------------
Test Results:
Run Date: Mar 04 04:00:53
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
--------------------------------------------------------------
setup 0.00
074-pybindings-cgroup_add_all_controllers-v1.py 0.13
teardown 0.00
--------------------------------------------------------------
Total Run Time 0.13
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Fri, 3 Mar 2023 18:16:00 +0000 (11:16 -0700)]
ftests: Add a test for cgroup_add_all_controllers()
Add a test for cgroup_add_all_controllers()
-----------------------------------------------------------------
Test Results:
Run Date: Mar 03 19:24:58
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
-----------------------------------------------------------
setup 0.00
073-pybindings-cgroup_add_all_controllers-v2.py 0.08
teardown 0.00
-----------------------------------------------------------
Total Run Time 0.08
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Tom Hromatka [Thu, 2 Mar 2023 23:25:12 +0000 (16:25 -0700)]
wrapper: Add cgroup v2 support to cgroup_add_all_controllers()
Add cgroup v2 support to cgroup_add_all_controllers(). For cgroup v1
(both legacy and hybrid), cgroup_add_all_controllers() reads
/proc/cgroups. For cgroup v2, cgroup_add_all_controllers() reads the
cgroup's cgroup.controllers file.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Kamalesh Babulal [Tue, 21 Mar 2023 09:12:30 +0000 (09:12 +0000)]
gunit/009: adopt the cgroup_set_values_recursive() changes
cgroup_set_values_recursive(), third argument ignore_non_dirty_values no
more suppress the errors but skips writing of the controller setting
that isn't marked dirty, propagate the changes to the test cases too.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 21 Mar 2023 09:06:16 +0000 (09:06 +0000)]
api: cgroup_copy_controller_values() mark settings dirty
Copying controllers settings from source to destination cgroups,
overwrites the value of the destination cgroup controller and hence
the dirty flag for all the controller settings should be
unconditionally set.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 21 Mar 2023 09:04:46 +0000 (09:04 +0000)]
api.c: write dirty settings only in cgroup_set_values_recursive()
cgroup_set_values_recursive() is called by cgroup_modify_cgroup() to
modify controller values, where all the settings modified or not are
written to the disk. This breaks when writing a new value of a setting
that is linked to another setting of the controller, followed by writing
an unmodified value to the linked setting. This effectively undoes the
modification. For example, consider two linked settings of the cpu
controller: cpu.weight and cpu.weight.nice, where writing the new value
of cpu.weight is followed by unmodified cpu.weight.nice value. Writing
of the latter will undo the new value of the former.
Reproducer:
-----------
int print_cpu_weight()
{
FILE *fp;
char value[10];
fp = fopen(PROC_CPU_WEIGHT, "r");
if (!fp) {
fprintf(stderr, "Failed to open %s\n", PROC_CPU_WEIGHT);
return 1;
}
int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgroup;
int ret;
ret = cgroup_init();
if (ret) {
fprintf(stderr, "cgroup initialization failed\n");
exit (1);
}
/* Create */
cgroup = cgroup_new_cgroup(CGRP_NAME);
if (!cgroup) {
fprintf(stderr, "Failed to allocate cgroup %s\n", CGRP_NAME);
exit(1);
}
cgc = cgroup_add_controller(cgroup, CTRL_NAME);
if (!cgc) {
fprintf(stderr, "Failed to add controller %s\n", CTRL_NAME);
exit (1);
}
ret = cgroup_create_cgroup(cgroup, 0);
if (ret) {
fprintf(stderr, "Failed to create cgroup %s\n", CGRP_NAME);
goto out;
}
ret = print_cpu_weight();
if (ret)
goto out;
cgroup_free(&cgroup);
/* Load and modify */
cgroup = cgroup_new_cgroup(CGRP_NAME);
if (!cgroup) {
fprintf(stderr, "Failed to allocate cgroup %s\n", CGRP_NAME);
exit(1);
}
ret = cgroup_get_cgroup(cgroup);
if (ret) {
fprintf(stderr, "Failed to get cgroup %s\n", CGRP_NAME);
goto out;
}
cgc = NULL;
cgc = cgroup_get_controller(cgroup, CTRL_NAME);
if (!cgc) {
fprintf(stderr, "Failed to get controller %s\n", CTRL_NAME);
exit (1);
}
ret = cgroup_set_value_string(cgc, CTRL_SETTING, "8");
if (ret) {
fprintf(stderr, "Failed to set the %s value\n", CTRL_SETTING);
goto out;
}
ret = cgroup_modify_cgroup(cgroup);
if (ret) {
fprintf(stderr, "Failed to modify cgroup\n");\
goto out;
}
ret = print_cpu_weight();
if (ret)
goto out;
out:
cgroup_free(&cgroup);
return 0;
}
This patch additionally cleans up cgroup_set_values_recursive(), by
renaming the third argument ignore_non_dirty_failure to
ignore_non_dirty_values. This rename also changes the purpose of the
flag, where the calling functions, set it to ignore the writing of the
controller setting, which is not modified/dirty and introduces extensive
checks for writing the controller setting.
Fixes: https://github.com/libcgroup/libcgroup/issues/323 Reported-by: Justin Israel <justinisrael@gmail.com>
[Justin contributed to the reproducer] Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tests/gunit: Extend the fuzzer to test cgroup_get_value_bool()
Add fuzzing to the cgroup_get_value_bool() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 13 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_uid_gid
[ OK ] APIArgsTest.API_cgroup_get_uid_gid (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_int64
[ OK ] APIArgsTest.API_cgroup_set_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_int64
[ OK ] APIArgsTest.API_cgroup_get_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_uint64
[ OK ] APIArgsTest.API_cgroup_set_value_uint64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_uint64
[ OK ] APIArgsTest.API_cgroup_get_value_uint64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_bool
[ OK ] APIArgsTest.API_cgroup_set_value_bool (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_bool
[ OK ] APIArgsTest.API_cgroup_get_value_bool (0 ms)
[----------] 13 tests from APIArgsTest (1 ms total)
The second and third arguments passed to cgroup_get_value_bool() are of
type pointers and the user might pass NULL in place of one or both of
the arguments, causing a segfault. The reason is, argument values are
used without checks, fix it by checking for NULL pointers before
proceeding.
Reproducer:
-----------
#include <stdlib.h>
#include <libcgroup.h>
int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgrp;
int ret;
ret = cgroup_init();
if (ret)
exit(1);
cgrp = cgroup_new_cgroup("fuzzer");
if (!cgrp)
exit(1);
cgc = cgroup_add_controller(cgrp, "cpuset");
if (!cgc)
exit(1);
ret = cgroup_add_value_string(cgc, "cpuset.cpu_exclusive", "0");
if (ret)
exit (1);
cgroup_get_value_bool(cgc, "cpuset.cpu_exclusive", NULL);
//should not reach here
return 0;
}
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The test cases, that cover the unlikely conditions, are numbered in the
reverse starting from 999, similarly, test case 098 tries to delete a
non-existent shared point. Re-number it from '099' -> '998' to hint
at the nature of the test case.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tests/gunit: Extend the fuzzer to test cgroup_set_value_bool()
Add fuzzing to the cgroup_set_value_bool() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 12 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (1 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_uid_gid
[ OK ] APIArgsTest.API_cgroup_get_uid_gid (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_int64
[ OK ] APIArgsTest.API_cgroup_set_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_int64
[ OK ] APIArgsTest.API_cgroup_get_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_uint64
[ OK ] APIArgsTest.API_cgroup_set_value_uint64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_uint64
[ OK ] APIArgsTest.API_cgroup_get_value_uint64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_bool
[ OK ] APIArgsTest.API_cgroup_set_value_bool (0 ms)
[----------] 12 tests from APIArgsTest (1 ms total)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The second argument passed to cgroup_set_value_bool() is of type
char * and the user might pass NULL in the place of the argument,
causing a segfault. The reason is, argument values are used without
checks, fix it by checking for NULL pointers before proceeding.
Reproducer:
----------
#include <stdlib.h>
#include <libcgroup.h>
int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgrp;
int ret;
ret = cgroup_init();
if (ret)
exit(1);
cgrp = cgroup_new_cgroup("fuzzer");
if (!cgrp)
exit(1);
cgc = cgroup_add_controller(cgrp, "cpuset");
if (!cgc)
exit(1);
ret = cgroup_add_value_string(cgc, "cpuset.cpu_exclusive", "0");
if (ret)
exit (1);
cgroup_set_value_bool(cgc, NULL, 0);
//should not reach here
return 0;
}
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgxset: check for delimiter in name_value string
While parsing -r option for name, and value pairs, we rely on strtok()
to return NULL, when there is no delimiter and lhf/rhf can't be mapped
into the name, and value tokens. This assumption is not true, strtok()
returns the whole string when it doesn't find the delimiter. Operating
under this assumption also segfaults later in the code. Fix it, by
checking for the presence of a delimiter in the passed name_value_str
in parse_r_flag(). This also initializes the pointer to NULL, to avoid
reading them before assignment in the error path.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tools/cgset: check for delimiter in name_value string
While parsing -r option for name, and value pairs, we rely on strtok()
to return NULL, when there is no delimiter and lhf/rhf can't be mapped
into the name, and value tokens. This assumption is not true, strtok()
returns the whole string when it doesn't find the delimiter. Operating
under this assumption also segfaults later in the code. Fix it, by
checking for the presence of a delimiter in the passed name_value_str
in parse_r_flag(). This also initializes the pointer to NULL, to
avoid reading them before assignment in the error path.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
tests/gunit: Extend the fuzzer to test cgroup_get_value_uint64()
Add fuzzing to the cgroup_get_value_uint64() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 11 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_uid_gid
[ OK ] APIArgsTest.API_cgroup_get_uid_gid (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_int64
[ OK ] APIArgsTest.API_cgroup_set_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_int64
[ OK ] APIArgsTest.API_cgroup_get_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_uint64
[ OK ] APIArgsTest.API_cgroup_set_value_uint64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_uint64
[ OK ] APIArgsTest.API_cgroup_get_value_uint64 (0 ms)
[----------] 11 tests from APIArgsTest (0 ms total)
wrapper: fix segfault in cgroup_get_value_uint64()
The second and third arguments passed to cgroup_get_value_uint64() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault. The reason is, argument values are
used without checks, fix it by checking for NULL pointers before
proceeding.
tests/gunit: Extend the fuzzer to test cgroup_set_value_uint64()
Add fuzzing to the cgroup_set_value_uint64() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 10 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_uid_gid
[ OK ] APIArgsTest.API_cgroup_get_uid_gid (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_int64
[ OK ] APIArgsTest.API_cgroup_set_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_int64
[ OK ] APIArgsTest.API_cgroup_get_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_uint64
[ OK ] APIArgsTest.API_cgroup_set_value_uint64 (0 ms)
[----------] 10 tests from APIArgsTest (0 ms total)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
wrapper: fix segfault in cgroup_set_value_uint64()
The second argument passed to cgroup_set_value_uint64() is of type
char * and the user might pass NULL in the place of the argument,
causing a segfault. The reason is, argument values are used without
checks, fix it by checking for NULL pointers before proceeding.
tests/gunit: Extend the fuzzer to test cgroup_get_value_int64()
Add fuzzing to the cgroup_get_value_int64() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 9 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_uid_gid
[ OK ] APIArgsTest.API_cgroup_get_uid_gid (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_int64
[ OK ] APIArgsTest.API_cgroup_set_value_int64 (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_int64
[ OK ] APIArgsTest.API_cgroup_get_value_int64 (0 ms)
[----------] 9 tests from APIArgsTest (0 ms total)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The second and third arguments passed to cgroup_get_value_int64() are of
type char * and the user might pass NULL in place of one or both of the
arguments, causing a segfault. The reason is, argument values are used
without checks, fix it by checking for NULL pointers before proceeding.
tests/gunit: Extend the fuzzer to test cgroup_set_value_int64()
Add fuzzing to the cgroup_set_value_int64() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 8 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (1 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_uid_gid
[ OK ] APIArgsTest.API_cgroup_get_uid_gid (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_int64
[ OK ] APIArgsTest.API_cgroup_set_value_int64 (0 ms)
[----------] 8 tests from APIArgsTest (1 ms total)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
The second argument passed to cgroup_set_value_int64() is of type char *
and the user might pass NULL in the place of the argument, causing a
segfault. The reason is, argument values are used without checks, fix
it by checking for NULL pointers before proceeding.
Tom Hromatka [Fri, 17 Feb 2023 22:16:34 +0000 (15:16 -0700)]
ftests: Cleanup pid logic in functional tests
PIDs were inconsistently being managed in the functional tests. Some
functions treated them as `int` and in others they were `str`. Modify
all functions that deal with PIDs to treat them as `int` or a list of
`int`s.
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 28 Feb 2023 09:15:11 +0000 (14:45 +0530)]
tests/gunit: Extend the fuzzer to test cgroup_get_uid_gid()
Add fuzzing to the cgroup_get_uid_gid() API, by passing combination of
of valid/NULL as arguments to the API.
[----------] 7 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_uid_gid
[ OK ] APIArgsTest.API_cgroup_get_uid_gid (0 ms)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 28 Feb 2023 09:15:05 +0000 (14:45 +0530)]
wrapper: fix segfault in cgroup_get_uid_gid()
The arguments passed to cgroup_get_uid_gid() are of type pointers and
the user might pass NULL in place of or all of the arguments, causing
a segfault. segfault is triggered when the NULL, argument value is
passed without check, fix it by checking for NULL before proceeding.
Kamalesh Babulal [Wed, 22 Feb 2023 14:43:45 +0000 (20:13 +0530)]
github/actions: Introduce a timeout to avoid apt races
There are chances that apt-get operations are run on the same VM by
different runners both competing to get apt locks. Introduce timeout of
3 seconds, in case the lock is already taken by another instance of
a runner.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Wed, 22 Feb 2023 17:06:13 +0000 (10:06 -0700)]
tests/ftests: synchronize between github runners
If a VM is shared between multiple github runners, there are chances of
each other stomping over other's run, if executed parallelly. To avoid
the race between the runners, introduce lock file, that gets acquired
(created) when ftest.sh starts and get removed by ftest-nocontainer.sh,
this ensures that both test cases are executed before other runner,
that's waiting for its chance to run. A runner would wait for
10 minutes before re-trying to run. At the max, a runner would wait for
50 minutes (5 retries) before giving up.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 27 Feb 2023 04:21:19 +0000 (09:51 +0530)]
tests/gunit: Extend the fuzzer to test cgroup_add_value_string()
Add fuzzing to the cgroup_add_value_string() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 6 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_value_string
[ OK ] APIArgsTest.API_cgroup_add_value_string (0 ms)
[----------] 6 tests from APIArgsTest (0 ms total)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 27 Feb 2023 04:20:34 +0000 (09:50 +0530)]
wrapper: fix segfault in cgroup_add_value_string
The second and third arguments passed to cgroup_add_value_string() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault. segfault is trigger when the NULL,
argument value is passed to second argument without check, fix it by
checking for NULL before proceeding.
Reproducer:
----------
int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgrp;
int ret;
ret = cgroup_init();
if (ret)
exit (1);
cgrp = cgroup_new_cgroup("fuzzer");
if (!cgrp)
exit (1);
cgc = cgroup_add_controller(cgrp, "cpu");
if (!cgc)
exit (1);
cgroup_add_value_string(cgc, NULL, NULL);
// should not reach here
return 0;
}
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 22 Feb 2023 21:09:07 +0000 (14:09 -0700)]
tools/cgxset: Fix potential memory leak in converted_src_cgroup
There's a brief window where converted_src_cgroup is allocated but
hasn't been assigned to the *cgroup pointer. If a failure occurs in
this window, then converted_src_cgroup must be freed before doing the
goto to the error path.
Also, simplify the error-handling logic in cgxset::main() by having all
errors goto "err".
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Fri, 24 Feb 2023 05:35:07 +0000 (11:05 +0530)]
tests/gunit: Extend the fuzzer to test cgroup_add_controller()
Add fuzzing to the cgroup_add_controller() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 5 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
[ OK ] APIArgsTest.API_cgroup_get_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_add_controller
[ OK ] APIArgsTest.API_cgroup_add_controller (0 ms)
[----------] 5 tests from APIArgsTest (0 ms total)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Fri, 24 Feb 2023 05:35:02 +0000 (11:05 +0530)]
wrapper: fix segfault in cgroup_add_controller()
The second argument passed to cgroup_add_controller() is of type
char * and the user might pass NULL in place of the arguments, causing
a segfault. segfault is trigger when the NULL, argument values is used
without checks, fix it by checking for NULL before proceeding.
Reproducer:
-----------
int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgrp;
int ret;
cgroup_init();
if (ret)
exit(1);
cgrp = cgroup_new_cgroup("fuzzer");
if (!cgrp)
exit(1);
cgc = cgroup_add_controller(cgrp, "cpu");
if (!cgc)
exit(1);
cgroup_add_controller(cgrp, NULL);
// should not reach here
return 0;
}
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 23 Feb 2023 13:45:54 +0000 (13:45 +0000)]
tests/ftest: use string filter() to concatenation cause
if, then, else construction is used to concatenate the 'cause' string,
that appends the reason for the test failures. The reason to use the
checks to TypeError that occurs while concatenating None and str type.
Replace them with a one-liner string.filter(), across the test sources.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 21 Feb 2023 13:10:05 +0000 (13:10 +0000)]
tests/gunit: Extend the fuzzer to test cgroup_get_value_string()
Add fuzzing to the cgroup_get_value_string() API, by passing combination
of valid/NULL as arguments to the API.
s
[----------] 4 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (0 ms)
[ RUN ] APIArgsTest.API_cgroup_get_value_string
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 21 Feb 2023 10:49:06 +0000 (10:49 +0000)]
wrapper: fix segfault in cgroup_get_value_string()
The second and third arguments passed to cgroup_get_value_string() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault. segfault is trigger when the NULL,
argument values are used without checks, fix it by checking for NULL
before proceeding.
Reproducer:
-----------
int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgrp;
int ret;
cgroup_init();
if (ret)
exit(1);
cgrp = cgroup_new_cgroup("fuzzer");
if (!cgrp)
exit(1);
cgc = cgroup_add_controller(cgrp, "cpu");
if (!cgc)
exit(1);
ret = cgroup_add_value_string(cgc, "cpu.shares", "1024");
if (!cgc)
exit(1);
ret = cgroup_create_cgroup(cgrp, 1);
if (ret)
exit(1);
cgc = cgroup_get_controller(cgrp, "cpu");
if (!cgc)
exit(1);
cgroup_get_value_string(cgc, NULL, NULL);
return 0;
}
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Tue, 21 Feb 2023 13:13:25 +0000 (13:13 +0000)]
tests/gunit: Extend the fuzzer to test cgroup_set_value_string()
Add fuzzing to the cgroup_set_value_string() API, by passing combination
of valid/NULL as arguments to the API.
[----------] 3 tests from APIArgsTest
[ RUN ] APIArgsTest.API_cgroup_set_permissions
[ OK ] APIArgsTest.API_cgroup_set_permissions (0 ms)
[ RUN ] APIArgsTest.API_cgroup_new_cgroup
[ OK ] APIArgsTest.API_cgroup_new_cgroup (0 ms)
[ RUN ] APIArgsTest.API_cgroup_set_value_string
[ OK ] APIArgsTest.API_cgroup_set_value_string (19 ms)
[----------] 3 tests from APIArgsTest (19 ms total)
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Mon, 20 Feb 2023 15:09:07 +0000 (15:09 +0000)]
wrapper: fix segfault in cgroup_set_value_string()
The second and third arguments passed to cgroup_set_value_string() are
of type char * and the user might pass NULL in place of one or both of
the arguments, causing a segfault. segfault is trigger when the NULL,
argument values are used without checks, fix it by checking for NULL
before proceeding.
Reproducer:
-----------
int main(void)
{
struct cgroup_controller *cgc;
struct cgroup *cgrp;
cgroup_init();
if (ret)
exit(1);
cgrp = cgroup_new_cgroup("fuzzer");
if (!cgrp)
exit(1);
cgc = cgroup_add_controller(cgrp, "cpu");
if (!cgc)
exit(1);
ret = cgroup_create_cgroup(cgrp, 1);
if (ret)
exit(1);
cgroup_set_value_string(cgc, NULL, NULL);
// should not reach here.
return 0;
}
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Wed, 15 Feb 2023 21:50:14 +0000 (14:50 -0700)]
ftests: Add cgroup_get_cgroup() pybindings test
Add a test to exercise cgroup_get_cgroup() and its python bindings.
-----------------------------------------------------------------
Test Results:
Run Date: Feb 15 14:50:00
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
--------------------------------------------------
setup 0.00
072-pybindings-cgroup_get_cgroup.py 2.66
teardown 0.00
--------------------------------------------------
Total Run Time 2.66
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Prior to this change, the above python code returned ECGROUPNOTEXIST in
the cg.get() line. Now it successfully completes, but no controllers
are populated.
Reported-by: Justin Israel <justinisrael@gmail.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 14 Feb 2023 19:58:59 +0000 (12:58 -0700)]
api: Add support for "cgroup" controller in cgroup v2
The "cgroup" controller has settings that the user may want to
read/write, e.g. cgroup.controllers, cgroup.subtree_control,
cgroup.procs, etc.
Add support for this controller when the cgroup v2 mount table is
parsed by creating a custom controller for the "cgroup" settings.
Note that this feature has not been added to cgroup v1 and cgroup v1
will continue to have limited access to the cgroup.* files.
Reported-by: Justin Israel <justinisrael@gmail.com> Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Tom Hromatka [Tue, 14 Feb 2023 19:53:03 +0000 (12:53 -0700)]
api: Support specifying controllers in cgroup_get_cgroup()
Add support for the user to explicitly specify controllers of interest
when calling cgroup_get_cgroup(). Controllers not specified will not
be added to the struct cgroup. Also, this allows users to view cgroup
v2 controllers that aren't enabled. This may be useful for seeing
settings like cpuset.cpus.effective even when the cpuset controller
isn't enabled.
If no controllers are specified, then the previous behavior should be
utilized. All controllers that are enabled for that cgroup will be
added to the struct cgroup.
Here is a simple example python program that exercises these changes:
#!/usr/bin/env python3
from libcgroup import Cgroup, Version
Kamalesh Babulal [Fri, 17 Feb 2023 09:59:30 +0000 (09:59 +0000)]
tools/cgset: fix Uninitialized pointer read
Fix Uninitialized pointer read, reported by Coverity Tool:
CID 307779 (#2 of 2): Uninitialized pointer read (UNINIT)22.
uninit_use_in_call: Using uninitialized value src_cgroup when calling
cgroup_free.
In main(), src_cgrp points to a valid struct cgroup only when the
user calls cgxset using --copy-from flag, Coverity warns about the
freeing src_cgrp, which is uninitialized in the error path. This patch
initializes converted_src_cgroup, src_cgroup and cgroup uninitialized
pointers and checks is src_cgrp is valid pointer before passing it to
cgroup_free()
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Fri, 17 Feb 2023 09:54:50 +0000 (09:54 +0000)]
tools/cgset: fix Uninitialized pointers read
Fix Uninitialized pointer read, reported by Coverity Tool:
CID 307778 (#2 of 2): Uninitialized pointer read (UNINIT)22.
uninit_use_in_call: Using uninitialized value src_cgroup when calling
cgroup_free.
In main(), src_cgrp points to a valid struct cgroup only when the user
calls cgset using --copy-from flag, Coverity warns about the freeing
src_cgrp, which is uninitialized in the error path. This patch
initializes src_cgrp and cgroup uninitialized pointers and checks
is src_cgrp is valid pointer before passing it to cgroup_free()
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 13:36:48 +0000 (13:36 +0000)]
tests: Add a test for the python bindings to cgroup_set_default_systemd_cgroup
Add a test for the python bindings to cgroup_set_default_systemd_cgroup()
-----------------------------------------------------------------
Test Results:
Run Date: Feb 16 13:36:28
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
-----------------------------------------------------
setup 0.00
071-sudo-set_default_systemd_cgroup.py 0.02
teardown 0.00
-----------------------------------------------------
Total Run Time 0.02
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
TJH: Remove unnecessary int() typecast and add the test to Makefile.am
Kamalesh Babulal [Mon, 13 Feb 2023 06:49:59 +0000 (06:49 +0000)]
python: binding to read and set systemd_default_cgroup
Add an python binding that reads /run/libcgroup/systemd and if the file
exists, sets the systemd_default_cgroup. Then on all the paths
constructed, has the systemd_default_cgroup appended to it. This is
used when cgroup sub-tree is constructed for systemd delegation.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgexec's -b (systemd) option
Add documentation about the -b option in the cgexec's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgclassify's -b (systemd) option
Add documentation about the -b option in the cgclassify's man page.
This option ignores the default systemd delegated hierarchy path
and constructs the path of the control groups relative to the cgroup
root hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgcreate's -b (systemd) option
Add documentation about the -b option in the cgcreate's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgxset's -b (systemd) option
Add documentation about the -b option in the cgxset's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgxget's -b (systemd) option
Add documentation about the -b option in the cgxget's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgdelete's -b (systemd) option
Add documentation about the -b option in the cgdelete's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgset's -b (systemd) option
Add documentation about the -b option in the cgset's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Thu, 16 Feb 2023 12:08:54 +0000 (17:38 +0530)]
man: document cgget's -b (systemd) option
Add documentation about the -b option in the cgget's man page. This
option ignores the default systemd delegated hierarchy path and
constructs the path of the control groups relative to the cgroup root
hierarchy.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Wed, 15 Feb 2023 19:05:06 +0000 (12:05 -0700)]
pybindings: Fix a build warning on Fedora
While building python bindings on Fedora 34, gcc 11.3.1 triggers a
build warning:
[1/1] Cythonizing libcgroup.pyx
In file included from /usr/include/bits/libc-header-start.h:33,
from /usr/include/limits.h:26,
from /usr/lib/gcc/x86_64-redhat-linux/11/include/limits.h:203,
from /usr/lib/gcc/x86_64-redhat-linux/11/include/syslimits.h:7,
from /usr/lib/gcc/x86_64-redhat-linux/11/include/limits.h:34,
from /usr/include/python3.9/Python.h:11,
from libcgroup.c:25:
/usr/include/features.h:397:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]
397 | # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
| ^~~~~~~
the reason being the default compiler flags for c/c++ includes
'-Wp,-D_FORTIFY_SOURCE=2' and '-D_FORTIFY_SOURCE=2'. Whereas Ubuntu
compilers include '-D_FORTIFY_SOURCE=2' option only. This can be
fixed by adding '-O2' to the CPP Flags in the pybinding Makefile and
there is no side effect in both Fedora and Ubuntu because by default
'-D_FORTIFY_SOURCE=2' is included. The Ubuntu automatically auto
includes '-D_FORTIFY_SOURCE=2' when '-O2' is passed but here it's been
already explicitly passed.
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Kamalesh Babulal [Fri, 10 Feb 2023 07:52:13 +0000 (07:52 +0000)]
ftests: Add a test to validate cgx{get,set} systemd options (cgroup v2)
Add a test case to validate cgx{get, set} tool's systemd options on
cgroup unified setup mode.
-----------------------------------------------------------------
Test Results:
Run Date: Feb 05 08:15:40
Passed: 1 test(s)
Skipped: 0 test(s)
Failed: 0 test(s)
-----------------------------------------------------------------
Timing Results:
Test Time (sec)
---------------------------------------------------------
setup 0.00
070-sudo-systemd_cgxget-cpu-settings-v2.py 3.00
teardown 0.00
---------------------------------------------------------
Total Run Time
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com> Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>