StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Add a resource starvation test

Browse Source 
PiperOrigin-RevId: 248334209
Change-Id: Iff0f0b3024c67a767c429a547695cc48a2d02a30
This commit is contained in:
Wiktor Garbacz 2019-05-15 08:04:36 -07:00 committed by Copybara-Service
parent 6588aa2a68
commit 42761c8b72
5 changed files with 121 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sandboxed_api/sandbox2/BUILD.bazel
View File

@ -671,6 +671,7 @@ cc_test(
"//sandboxed_api/sandbox2/testcases:abort", "//sandboxed_api/sandbox2/testcases:abort",
"//sandboxed_api/sandbox2/testcases:minimal", "//sandboxed_api/sandbox2/testcases:minimal",
"//sandboxed_api/sandbox2/testcases:sleep", "//sandboxed_api/sandbox2/testcases:sleep",
"//sandboxed_api/sandbox2/testcases:starve",
"//sandboxed_api/sandbox2/testcases:tsync", "//sandboxed_api/sandbox2/testcases:tsync",
], ],
tags = ["local"], tags = ["local"],

22
sandboxed_api/sandbox2/sandbox2_test.cc
View File

@ -37,6 +37,8 @@
using ::testing::Eq; using ::testing::Eq;
using ::testing::HasSubstr; using ::testing::HasSubstr;
using ::testing::IsEmpty; using ::testing::IsEmpty;
using ::testing::IsTrue;
using ::testing::Lt;
namespace sandbox2 { namespace sandbox2 {
namespace { namespace {
@ -196,5 +198,25 @@ TEST(RunAsyncTest, SandboxeeViolationDisabledStacktraces) {
EXPECT_THAT(result.GetStackTrace(), IsEmpty()); EXPECT_THAT(result.GetStackTrace(), IsEmpty());
} }
TEST(StarvationTest, MonitorIsNotStarvedByTheSandboxee) {
const std::string path = GetTestSourcePath("sandbox2/testcases/starve");
std::vector<std::string> args = {path};
std::vector<std::string> envs;
auto executor = absl::make_unique<Executor>(path, args, envs);
SAPI_ASSERT_OK_AND_ASSIGN(auto policy,
PolicyBuilder().DangerDefaultAllowAll().TryBuild());
executor->limits()->set_walltime_limit(absl::Seconds(5));
Sandbox2 sandbox(std::move(executor), std::move(policy));
auto start = absl::Now();
ASSERT_THAT(sandbox.RunAsync(), IsTrue());
auto result = sandbox.AwaitResult();
EXPECT_THAT(result.final_status(), Eq(Result::TIMEOUT));
auto end = absl::Now();
auto elapsed = end - start;
EXPECT_THAT(elapsed, Lt(absl::Seconds(10)));
}
} // namespace } // namespace
} // namespace sandbox2 } // namespace sandbox2

7
sandboxed_api/sandbox2/testcases/BUILD.bazel
View File

@ -240,6 +240,13 @@ cc_binary(
], ],
) )
cc_binary(
name = "starve",
testonly = 1,
srcs = ["starve.cc"],
copts = sapi_platform_copts(),
)
cc_binary( cc_binary(
name = "hostname", name = "hostname",
testonly = 1, testonly = 1,

13
sandboxed_api/sandbox2/testcases/CMakeLists.txt
View File

@ -212,6 +212,19 @@ target_link_libraries(symbolize PRIVATE
${_sandbox2_fully_static_linkopts} ${_sandbox2_fully_static_linkopts}
) )
# sandboxed_api/sandbox2/testcases:starve
add_executable(starve
starve.cc
)
add_executable(sandbox2::testcase_starve ALIAS starve)
set_target_properties(starve PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(starve PRIVATE
sapi::base
)
# sandboxed_api/sandbox2/testcases:tsync # sandboxed_api/sandbox2/testcases:tsync
add_executable(tsync add_executable(tsync
tsync.cc tsync.cc

78
sandboxed_api/sandbox2/testcases/starve.cc Normal file
View File

@ -0,0 +1,78 @@
// Copyright 2019 Google LLC. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <sched.h>
#include <signal.h>
#include <unistd.h>
#include <cinttypes>
constexpr int kProcesses = 512;
constexpr int kThreads = 1;
constexpr int kSenders = 1;
constexpr int kStackSize = 4096;
pid_t g_pids[kProcesses];
uint8_t g_stacks[kThreads][kStackSize] __attribute__((aligned(4096)));
constexpr int kSignals[] = {
SIGPROF,
};
void SignalHandler(int) {}
int ChildFunc(void*) {
for (;;) {
sleep(10);
}
}
int main() {
for (int i = 0; i < kProcesses; ++i) {
int p[2];
char c;
pipe(p);
g_pids[i] = fork();
if (g_pids[i] == 0) {
for (int sig : kSignals) {
signal(sig, SignalHandler);
}
for (int j = 0; j < kThreads; ++j) {
int flags = CLONE_FILES | CLONE_FS | CLONE_IO | CLONE_PARENT |
CLONE_SIGHAND | CLONE_THREAD | CLONE_VM;
clone(&ChildFunc, g_stacks[j + 1], flags, nullptr, nullptr, nullptr,
nullptr);
}
close(p[0]);
write(p[1], &c, 1);
close(p[1]);
for (;;) {
sleep(10);
}
}
read(p[0], &c, 1);
}
for (int i = 0; i < kSenders; ++i) {
if (fork() == 0) {
break;
}
}
for (;;) {
for (int sig : kSignals) {
for (int pid : g_pids) {
kill(pid, sig);
}
}
}
}