From b350a41a1022afecd959681f9450c77a3805f3ed Mon Sep 17 00:00:00 2001 From: Wiktor Garbacz Date: Thu, 7 Sep 2023 02:42:26 -0700 Subject: [PATCH] Gather more coverage data Switch to ForkWithFlags for InitProcess (it will not reset coverage). Explicitly dump coverage after initial namespace setup. Return instead of exiting from libunwind sandbox. PiperOrigin-RevId: 563368599 Change-Id: I3b764db015a71bd091ee7b4b5b614281cbb84832 --- sandboxed_api/sandbox2/forkserver.cc | 7 +++++-- sandboxed_api/sandbox2/forkserver_bin.cc | 3 ++- sandboxed_api/sandbox2/util.cc | 20 ++++++++++---------- sandboxed_api/sandbox2/util.h | 2 ++ 4 files changed, 19 insertions(+), 13 deletions(-) diff --git a/sandboxed_api/sandbox2/forkserver.cc b/sandboxed_api/sandbox2/forkserver.cc index 2495bd7..f068bc3 100644 --- a/sandboxed_api/sandbox2/forkserver.cc +++ b/sandboxed_api/sandbox2/forkserver.cc @@ -37,8 +37,8 @@ #include #include #include -#include #include +#include #include "absl/base/attributes.h" #include "absl/container/flat_hash_map.h" @@ -300,7 +300,7 @@ void ForkServer::LaunchChild(const ForkRequest& request, int execve_fd, // A custom init process is only needed if a new PID NS is created. if (request.clone_flags() & CLONE_NEWPID) { // Spawn a child process - pid_t child = fork(); + pid_t child = util::ForkWithFlags(SIGCHLD); if (child < 0) { SAPI_RAW_PLOG(FATAL, "Could not spawn init process"); } @@ -587,6 +587,9 @@ void ForkServer::CreateInitialNamespaces() { SAPI_RAW_PCHECK(TEMP_FAILURE_RETRY(read(open_efd.get(), &value, sizeof(value))) == sizeof(value), "synchronizing initial namespaces creation"); + SAPI_RAW_PCHECK(chroot("/realroot") == 0, + "chrooting prior to dumping coverage"); + util::DumpCoverageData(); _exit(0); } SAPI_RAW_PCHECK(TEMP_FAILURE_RETRY(read(create_efd.get(), &value, diff --git a/sandboxed_api/sandbox2/forkserver_bin.cc b/sandboxed_api/sandbox2/forkserver_bin.cc index c431954..12b5402 100644 --- a/sandboxed_api/sandbox2/forkserver_bin.cc +++ b/sandboxed_api/sandbox2/forkserver_bin.cc @@ -68,7 +68,8 @@ int main() { if (child_pid == 0) { sandbox2::Client client(&comms); client.SandboxMeHere(); - exit(sandbox2::RunLibUnwindAndSymbolizer(&comms)); + return sandbox2::RunLibUnwindAndSymbolizer(&comms) ? EXIT_SUCCESS + : EXIT_FAILURE; } } SAPI_RAW_VLOG(1, "ForkServer Comms closed. Exiting"); diff --git a/sandboxed_api/sandbox2/util.cc b/sandboxed_api/sandbox2/util.cc index 0e475cd..d02d744 100644 --- a/sandboxed_api/sandbox2/util.cc +++ b/sandboxed_api/sandbox2/util.cc @@ -74,6 +74,16 @@ extern "C" void __gcov_flush() ABSL_ATTRIBUTE_WEAK; extern "C" void __gcov_reset() ABSL_ATTRIBUTE_WEAK; #endif +void ResetCoverageData() { +#ifdef __ELF__ + if (&__gcov_reset != nullptr) { + __gcov_reset(); + } +#endif +} + +} // namespace + void DumpCoverageData() { #ifdef __ELF__ if (&__gcov_dump != nullptr) { @@ -86,16 +96,6 @@ void DumpCoverageData() { #endif } -void ResetCoverageData() { -#ifdef __ELF__ - if (&__gcov_reset != nullptr) { - __gcov_reset(); - } -#endif -} - -} // namespace - void CharPtrArrToVecString(char* const* arr, std::vector* vec) { *vec = CharPtrArray(arr).ToStringVector(); } diff --git a/sandboxed_api/sandbox2/util.h b/sandboxed_api/sandbox2/util.h index 0957b99..ba1f92d 100644 --- a/sandboxed_api/sandbox2/util.h +++ b/sandboxed_api/sandbox2/util.h @@ -29,6 +29,8 @@ namespace sandbox2::util { +void DumpCoverageData(); + // Converts an array of char* (terminated by a nullptr, like argv, or environ // arrays), to an std::vector. ABSL_DEPRECATED("Use CharPtrArray(arr).ToStringVector() instead")