mirror of
https://github.com/golang/go
synced 2024-11-08 14:06:20 -07:00
f2e58c6d42
TestSetuidEtc() was failing sporadically on linux-ppc64. From the three https://build.golang.org/ logs, it looked like the logged errors could be associated with threads dying, but proc reads were, in some way, racing with their demise. Exploring ways to increase thread demise, revealed that races of this type can happen on non-ppc64 systems, and that os.IsNotExist(err) was not a sufficient error condition test for a thread's status file disappearing. This change includes a fix for that to. The actual issue on linux-ppc64 appears to be tied to PID reaping and reuse latency on whatever the build test environment is for linux-ppc64-buildlet. I suspect this can happen on any linux system, however, especially where the container has a limited PID range. The fix for this, limited to the test (the runtime syscall support is unchanged), is to confirm that the Pid for the interrogated thread's /proc/<TID>/status file confirms that it is still associated with the test-process' PID. linux-ppc64-buildlet: go/bin/go test syscall -run=TestSetuidEtc -count=10000 ok syscall 104.285s Fixes #42462 Change-Id: I55c84ab8361003570a405fa52ffec4949bf91113 Reviewed-on: https://go-review.googlesource.com/c/go/+/268717 Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Tobias Klauser <tobias.klauser@gmail.com>
185 lines
6.5 KiB
Go
185 lines
6.5 KiB
Go
// Copyright 2019 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// +build linux,cgo
|
|
|
|
package cgotest
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"strings"
|
|
"syscall"
|
|
"testing"
|
|
)
|
|
|
|
// #include <stdio.h>
|
|
// #include <stdlib.h>
|
|
// #include <pthread.h>
|
|
// #include <unistd.h>
|
|
// #include <sys/types.h>
|
|
//
|
|
// pthread_t *t = NULL;
|
|
// pthread_mutex_t mu;
|
|
// int nts = 0;
|
|
// int all_done = 0;
|
|
//
|
|
// static void *aFn(void *vargp) {
|
|
// int done = 0;
|
|
// while (!done) {
|
|
// usleep(100);
|
|
// pthread_mutex_lock(&mu);
|
|
// done = all_done;
|
|
// pthread_mutex_unlock(&mu);
|
|
// }
|
|
// return NULL;
|
|
// }
|
|
//
|
|
// void trial(int argc) {
|
|
// int i;
|
|
// nts = argc;
|
|
// t = calloc(nts, sizeof(pthread_t));
|
|
// pthread_mutex_init(&mu, NULL);
|
|
// for (i = 0; i < nts; i++) {
|
|
// pthread_create(&t[i], NULL, aFn, NULL);
|
|
// }
|
|
// }
|
|
//
|
|
// void cleanup(void) {
|
|
// int i;
|
|
// pthread_mutex_lock(&mu);
|
|
// all_done = 1;
|
|
// pthread_mutex_unlock(&mu);
|
|
// for (i = 0; i < nts; i++) {
|
|
// pthread_join(t[i], NULL);
|
|
// }
|
|
// pthread_mutex_destroy(&mu);
|
|
// free(t);
|
|
// }
|
|
import "C"
|
|
|
|
// compareStatus is used to confirm the contents of the thread
|
|
// specific status files match expectations.
|
|
func compareStatus(filter, expect string) error {
|
|
expected := filter + expect
|
|
pid := syscall.Getpid()
|
|
fs, err := ioutil.ReadDir(fmt.Sprintf("/proc/%d/task", pid))
|
|
if err != nil {
|
|
return fmt.Errorf("unable to find %d tasks: %v", pid, err)
|
|
}
|
|
expectedProc := fmt.Sprintf("Pid:\t%d", pid)
|
|
foundAThread := false
|
|
for _, f := range fs {
|
|
tf := fmt.Sprintf("/proc/%s/status", f.Name())
|
|
d, err := ioutil.ReadFile(tf)
|
|
if err != nil {
|
|
// There are a surprising number of ways this
|
|
// can error out on linux. We've seen all of
|
|
// the following, so treat any error here as
|
|
// equivalent to the "process is gone":
|
|
// os.IsNotExist(err),
|
|
// "... : no such process",
|
|
// "... : bad file descriptor.
|
|
continue
|
|
}
|
|
lines := strings.Split(string(d), "\n")
|
|
for _, line := range lines {
|
|
// Different kernel vintages pad differently.
|
|
line = strings.TrimSpace(line)
|
|
if strings.HasPrefix(line, "Pid:\t") {
|
|
// On loaded systems, it is possible
|
|
// for a TID to be reused really
|
|
// quickly. As such, we need to
|
|
// validate that the thread status
|
|
// info we just read is a task of the
|
|
// same process PID as we are
|
|
// currently running, and not a
|
|
// recently terminated thread
|
|
// resurfaced in a different process.
|
|
if line != expectedProc {
|
|
break
|
|
}
|
|
// Fall through in the unlikely case
|
|
// that filter at some point is
|
|
// "Pid:\t".
|
|
}
|
|
if strings.HasPrefix(line, filter) {
|
|
if line != expected {
|
|
return fmt.Errorf("%q got:%q want:%q (bad) [pid=%d file:'%s' %v]\n", tf, line, expected, pid, string(d), expectedProc)
|
|
}
|
|
foundAThread = true
|
|
break
|
|
}
|
|
}
|
|
}
|
|
if !foundAThread {
|
|
return fmt.Errorf("found no thread /proc/<TID>/status files for process %q", expectedProc)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// test1435 test 9 glibc implemented setuid/gid syscall functions are
|
|
// mapped. This test is a slightly more expansive test than that of
|
|
// src/syscall/syscall_linux_test.go:TestSetuidEtc() insofar as it
|
|
// launches concurrent threads from C code via CGo and validates that
|
|
// they are subject to the system calls being tested. For the actual
|
|
// Go functionality being tested here, the syscall_linux_test version
|
|
// is considered authoritative, but non-trivial improvements to that
|
|
// should be mirrored here.
|
|
func test1435(t *testing.T) {
|
|
if syscall.Getuid() != 0 {
|
|
t.Skip("skipping root only test")
|
|
}
|
|
|
|
// Launch some threads in C.
|
|
const cts = 5
|
|
C.trial(cts)
|
|
defer C.cleanup()
|
|
|
|
vs := []struct {
|
|
call string
|
|
fn func() error
|
|
filter, expect string
|
|
}{
|
|
{call: "Setegid(1)", fn: func() error { return syscall.Setegid(1) }, filter: "Gid:", expect: "\t0\t1\t0\t1"},
|
|
{call: "Setegid(0)", fn: func() error { return syscall.Setegid(0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Seteuid(1)", fn: func() error { return syscall.Seteuid(1) }, filter: "Uid:", expect: "\t0\t1\t0\t1"},
|
|
{call: "Setuid(0)", fn: func() error { return syscall.Setuid(0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setgid(1)", fn: func() error { return syscall.Setgid(1) }, filter: "Gid:", expect: "\t1\t1\t1\t1"},
|
|
{call: "Setgid(0)", fn: func() error { return syscall.Setgid(0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setgroups([]int{0,1,2,3})", fn: func() error { return syscall.Setgroups([]int{0, 1, 2, 3}) }, filter: "Groups:", expect: "\t0 1 2 3"},
|
|
{call: "Setgroups(nil)", fn: func() error { return syscall.Setgroups(nil) }, filter: "Groups:", expect: ""},
|
|
{call: "Setgroups([]int{0})", fn: func() error { return syscall.Setgroups([]int{0}) }, filter: "Groups:", expect: "\t0"},
|
|
|
|
{call: "Setregid(101,0)", fn: func() error { return syscall.Setregid(101, 0) }, filter: "Gid:", expect: "\t101\t0\t0\t0"},
|
|
{call: "Setregid(0,102)", fn: func() error { return syscall.Setregid(0, 102) }, filter: "Gid:", expect: "\t0\t102\t102\t102"},
|
|
{call: "Setregid(0,0)", fn: func() error { return syscall.Setregid(0, 0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setreuid(1,0)", fn: func() error { return syscall.Setreuid(1, 0) }, filter: "Uid:", expect: "\t1\t0\t0\t0"},
|
|
{call: "Setreuid(0,2)", fn: func() error { return syscall.Setreuid(0, 2) }, filter: "Uid:", expect: "\t0\t2\t2\t2"},
|
|
{call: "Setreuid(0,0)", fn: func() error { return syscall.Setreuid(0, 0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setresgid(101,0,102)", fn: func() error { return syscall.Setresgid(101, 0, 102) }, filter: "Gid:", expect: "\t101\t0\t102\t0"},
|
|
{call: "Setresgid(0,102,101)", fn: func() error { return syscall.Setresgid(0, 102, 101) }, filter: "Gid:", expect: "\t0\t102\t101\t102"},
|
|
{call: "Setresgid(0,0,0)", fn: func() error { return syscall.Setresgid(0, 0, 0) }, filter: "Gid:", expect: "\t0\t0\t0\t0"},
|
|
|
|
{call: "Setresuid(1,0,2)", fn: func() error { return syscall.Setresuid(1, 0, 2) }, filter: "Uid:", expect: "\t1\t0\t2\t0"},
|
|
{call: "Setresuid(0,2,1)", fn: func() error { return syscall.Setresuid(0, 2, 1) }, filter: "Uid:", expect: "\t0\t2\t1\t2"},
|
|
{call: "Setresuid(0,0,0)", fn: func() error { return syscall.Setresuid(0, 0, 0) }, filter: "Uid:", expect: "\t0\t0\t0\t0"},
|
|
}
|
|
|
|
for i, v := range vs {
|
|
if err := v.fn(); err != nil {
|
|
t.Errorf("[%d] %q failed: %v", i, v.call, err)
|
|
continue
|
|
}
|
|
if err := compareStatus(v.filter, v.expect); err != nil {
|
|
t.Errorf("[%d] %q comparison: %v", i, v.call, err)
|
|
}
|
|
}
|
|
}
|