int test(char *URL)
{
CURLcode res;
CURL *curl;
if(!strcmp(URL, "check")) {
/* used by the test script to ask if we can run this test or not */
if(rlimit(FALSE)) {
fprintf(stdout, "rlimit problem: %s\n", msgbuff);
return 1;
}
return 0; /* sure, run this! */
}
if(rlimit(TRUE)) {
/* failure */
return TEST_ERR_MAJOR_BAD;
}
/* run the test with the bunch of open file descriptors
and close them all once the test is over */
if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
fprintf(stderr, "curl_global_init() failed\n");
close_file_descriptors();
return TEST_ERR_MAJOR_BAD;
}
curl = curl_easy_init();
if(!curl) {
fprintf(stderr, "curl_easy_init() failed\n");
close_file_descriptors();
curl_global_cleanup();
return TEST_ERR_MAJOR_BAD;
}
test_setopt(curl, CURLOPT_URL, URL);
test_setopt(curl, CURLOPT_HEADER, 1L);
res = curl_easy_perform(curl);
test_cleanup:
close_file_descriptors();
curl_easy_cleanup(curl);
curl_global_cleanup();
return (int)res;
}
int start_sandbox() {
install_sandbox_configuration();
DPRINT(DEBUG_INFO, "Start the sandbox enviroment of the %s process\n",
sandbox.visibility==PUBLIC ? PUBLIC_STRING : PRIVATE_STRING );
setup_signal_handlers();
DPRINT(DEBUG_INFO, "Signal handler installed\n");
/* Initialize the sytem call table containing the
* handler for each function */
initialize_syscall_table();
DPRINT(DEBUG_INFO, "System call table initialized \n");
/*TODO Rewrite VSDO and vsyscall */
// close all file descriptors open so far
close_file_descriptors();
// This may be moved to another position, only the trusted
// process uses it.
/*Get the file descriptor of the mapins */
sandbox.self_maps = open("/proc/self/maps", O_RDONLY, 0);
if (sandbox.self_maps < 0)
die("Cannot access \"/proc/self/maps\"");
/* Create the trusted thread and enter seccomp mode */
if (create_trusted_thread() < 0 )
die("Create trusted thread");
sandbox.status = ENABLE;
wait_for_remote_process();
DPRINT(DEBUG_INFO, "Ends Sandbox\n");
return 0;
}
static int rlimit(int keep_open)
{
int *tmpfd;
int nitems, i;
int *memchunk = NULL;
char *fmt;
struct rlimit rl;
char strbuff[256];
char strbuff1[81];
char fmt_u[] = "%u";
char fmt_lu[] = "%lu";
#ifdef HAVE_LONGLONG
char fmt_llu[] = "%llu";
if (sizeof(rl.rlim_max) > sizeof(long))
fmt = fmt_llu;
else
#endif
fmt = (sizeof(rl.rlim_max) < sizeof(long))?fmt_u:fmt_lu;
/* get initial open file limits */
if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
store_errmsg("getrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
return -1;
}
/* show initial open file limits */
#ifdef RLIM_INFINITY
if (rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_cur);
fprintf(stderr, "initial soft limit: %s\n", strbuff);
#ifdef RLIM_INFINITY
if (rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_max);
fprintf(stderr, "initial hard limit: %s\n", strbuff);
/*
* if soft limit and hard limit are different we ask the
* system to raise soft limit all the way up to the hard
* limit. Due to some other system limit the soft limit
* might not be raised up to the hard limit. So from this
* point the resulting soft limit is our limit. Trying to
* open more than soft limit file descriptors will fail.
*/
if (rl.rlim_cur != rl.rlim_max) {
#ifdef OPEN_MAX
if ((rl.rlim_cur > 0) &&
(rl.rlim_cur < OPEN_MAX)) {
fprintf(stderr, "raising soft limit up to OPEN_MAX\n");
rl.rlim_cur = OPEN_MAX;
if (setrlimit(RLIMIT_NOFILE, &rl) != 0) {
/* on failure don't abort just issue a warning */
store_errmsg("setrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
msgbuff[0] = '\0';
}
}
#endif
fprintf(stderr, "raising soft limit up to hard limit\n");
rl.rlim_cur = rl.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &rl) != 0) {
/* on failure don't abort just issue a warning */
store_errmsg("setrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
msgbuff[0] = '\0';
}
/* get current open file limits */
if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
store_errmsg("getrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
return -3;
}
/* show current open file limits */
#ifdef RLIM_INFINITY
if (rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_cur);
fprintf(stderr, "current soft limit: %s\n", strbuff);
#ifdef RLIM_INFINITY
if (rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_max);
fprintf(stderr, "current hard limit: %s\n", strbuff);
} /* (rl.rlim_cur != rl.rlim_max) */
/*
* test 537 is all about testing libcurl functionality
* when the system has nearly exhausted the number of
* available file descriptors. Test 537 will try to run
* with a very small number of file descriptors available.
* This implies that any file descriptor which is open
* when the test runs will have a number in the high range
* of whatever the system supports.
*/
/*
* reserve a chunk of memory before opening file descriptors to
* avoid a low memory condition once the file descriptors are
* open. System conditions that could make the test fail should
* be addressed in the precheck phase. This chunk of memory shall
* be always free()ed before exiting the rlimit() function so
* that it becomes available to the test.
*/
for (nitems = i = 1; nitems <= i; i *= 2)
nitems = i;
if (nitems > 0x7fff)
nitems = 0x40000;
do {
num_open.rlim_max = sizeof(*memchunk) * (size_t)nitems;
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "allocating memchunk %s byte array\n", strbuff);
memchunk = malloc(sizeof(*memchunk) * (size_t)nitems);
if (!memchunk) {
fprintf(stderr, "memchunk, malloc() failed\n");
nitems /= 2;
}
} while (nitems && !memchunk);
if (!memchunk) {
store_errmsg("memchunk, malloc() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
return -4;
}
/* initialize it to fight lazy allocation */
fprintf(stderr, "initializing memchunk array\n");
for (i = 0; i < nitems; i++)
memchunk[i] = -1;
/* set the number of file descriptors we will try to open */
#ifdef RLIM_INFINITY
if ((rl.rlim_cur > 0) && (rl.rlim_cur != RLIM_INFINITY)) {
#else
if (rl.rlim_cur > 0) {
#endif
/* soft limit minus SAFETY_MARGIN */
num_open.rlim_max = rl.rlim_cur - SAFETY_MARGIN;
}
else {
/* a huge number of file descriptors */
for (nitems = i = 1; nitems <= i; i *= 2)
nitems = i;
if (nitems > 0x7fff)
nitems = 0x40000;
num_open.rlim_max = nitems;
}
/* verify that we won't overflow size_t in malloc() */
if ((size_t)(num_open.rlim_max) > ((size_t)-1) / sizeof(*fd)) {
sprintf(strbuff1, fmt, num_open.rlim_max);
sprintf(strbuff, "unable to allocate an array for %s "
"file descriptors, would overflow size_t", strbuff1);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
free(memchunk);
return -5;
}
/* allocate array for file descriptors */
do {
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "allocating array for %s file descriptors\n", strbuff);
fd = malloc(sizeof(*fd) * (size_t)(num_open.rlim_max));
if (!fd) {
fprintf(stderr, "fd, malloc() failed\n");
num_open.rlim_max /= 2;
}
} while (num_open.rlim_max && !fd);
if (!fd) {
store_errmsg("fd, malloc() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
free(memchunk);
return -6;
}
/* initialize it to fight lazy allocation */
fprintf(stderr, "initializing fd array\n");
for (num_open.rlim_cur = 0;
num_open.rlim_cur < num_open.rlim_max;
num_open.rlim_cur++)
fd[num_open.rlim_cur] = -1;
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "trying to open %s file descriptors\n", strbuff);
/* open a dummy descriptor */
fd[0] = open(DEV_NULL, O_RDONLY);
if (fd[0] < 0) {
sprintf(strbuff, "opening of %s failed", DEV_NULL);
store_errmsg(strbuff, ERRNO);
fprintf(stderr, "%s\n", msgbuff);
free(fd);
fd = NULL;
free(memchunk);
return -7;
}
/* create a bunch of file descriptors */
for (num_open.rlim_cur = 1;
num_open.rlim_cur < num_open.rlim_max;
num_open.rlim_cur++) {
fd[num_open.rlim_cur] = dup(fd[0]);
if (fd[num_open.rlim_cur] < 0) {
fd[num_open.rlim_cur] = -1;
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "dup() attempt %s failed", strbuff1);
fprintf(stderr, "%s\n", strbuff);
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "fds system limit seems close to %s", strbuff1);
fprintf(stderr, "%s\n", strbuff);
num_open.rlim_max = num_open.rlim_cur - SAFETY_MARGIN;
num_open.rlim_cur -= num_open.rlim_max;
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "closing %s file descriptors", strbuff1);
fprintf(stderr, "%s\n", strbuff);
for (num_open.rlim_cur = num_open.rlim_max;
fd[num_open.rlim_cur] >= 0;
num_open.rlim_cur++) {
close(fd[num_open.rlim_cur]);
fd[num_open.rlim_cur] = -1;
}
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "shrinking array for %s file descriptors\n", strbuff);
/* we don't care if we can't shrink it */
tmpfd = realloc(fd, sizeof(*fd) * (size_t)(num_open.rlim_max));
if (tmpfd) {
fd = tmpfd;
tmpfd = NULL;
}
break;
}
}
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "%s file descriptors open\n", strbuff);
#if !defined(HAVE_POLL_FINE) && \
!defined(USE_WINSOCK) && \
!defined(TPF)
/*
* when using select() instead of poll() we cannot test
* libcurl functionality with a socket number equal or
* greater than FD_SETSIZE. In any case, macro VERIFY_SOCK
* in lib/select.c enforces this check and protects libcurl
* from a possible crash. The effect of this protection
* is that test 537 will always fail, since the actual
* call to select() never takes place. We skip test 537
* with an indication that select limit would be exceeded.
*/
num_open.rlim_cur = FD_SETSIZE - SAFETY_MARGIN;
if (num_open.rlim_max > num_open.rlim_cur) {
sprintf(strbuff, "select limit is FD_SETSIZE %d", FD_SETSIZE);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
close_file_descriptors();
free(memchunk);
return -8;
}
num_open.rlim_cur = FD_SETSIZE - SAFETY_MARGIN;
for (rl.rlim_cur = 0;
rl.rlim_cur < num_open.rlim_max;
rl.rlim_cur++) {
if ((fd[rl.rlim_cur] > 0) &&
((unsigned int)fd[rl.rlim_cur] > num_open.rlim_cur)) {
sprintf(strbuff, "select limit is FD_SETSIZE %d", FD_SETSIZE);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
close_file_descriptors();
free(memchunk);
return -9;
}
}
#endif /* using a FD_SETSIZE bound select() */
/*
* Old or 'backwards compatible' implementations of stdio do not allow
* handling of streams with an underlying file descriptor number greater
* than 255, even when allowing high numbered file descriptors for sockets.
* At this point we have a big number of file descriptors which have been
* opened using dup(), so lets test the stdio implementation and discover
* if it is capable of fopen()ing some additional files.
*/
if (!fopen_works()) {
sprintf(strbuff1, fmt, num_open.rlim_max);
sprintf(strbuff, "stdio fopen() fails with %s fds open()",
strbuff1);
fprintf(stderr, "%s\n", msgbuff);
sprintf(strbuff, "stdio fopen() fails with lots of fds open()");
store_errmsg(strbuff, 0);
close_file_descriptors();
free(memchunk);
return -10;
}
/* free the chunk of memory we were reserving so that it
becomes becomes available to the test */
free(memchunk);
/* close file descriptors unless instructed to keep them */
if (!keep_open) {
close_file_descriptors();
}
return 0;
}
int test(char *URL)
{
CURLcode res;
CURL *curl;
if(!strcmp(URL, "check")) {
/* used by the test script to ask if we can run this test or not */
if(rlimit(FALSE)) {
fprintf(stdout, "rlimit problem: %s\n", msgbuff);
return 1;
}
return 0; /* sure, run this! */
}
if (rlimit(TRUE)) {
/* failure */
return TEST_ERR_MAJOR_BAD;
}
/* run the test with the bunch of open file descriptors
and close them all once the test is over */
if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
fprintf(stderr, "curl_global_init() failed\n");
close_file_descriptors();
return TEST_ERR_MAJOR_BAD;
}
if ((curl = curl_easy_init()) == NULL) {
fprintf(stderr, "curl_easy_init() failed\n");
close_file_descriptors();
curl_global_cleanup();
return TEST_ERR_MAJOR_BAD;
}
test_setopt(curl, CURLOPT_URL, URL);
test_setopt(curl, CURLOPT_HEADER, 1L);
res = curl_easy_perform(curl);
test_cleanup:
close_file_descriptors();
curl_easy_cleanup(curl);
curl_global_cleanup();
return (int)res;
}
static int rlimit(int keep_open)
{
int nitems, i;
int *memchunk = NULL;
char *fmt;
struct rlimit rl;
char strbuff[256];
char strbuff1[81];
char strbuff2[81];
char fmt_u[] = "%u";
char fmt_lu[] = "%lu";
#ifdef HAVE_LONGLONG
char fmt_llu[] = "%llu";
if (sizeof(rl.rlim_max) > sizeof(long))
fmt = fmt_llu;
else
#endif
fmt = (sizeof(rl.rlim_max) < sizeof(long))?fmt_u:fmt_lu;
/* get initial open file limits */
if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
store_errmsg("getrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
return -1;
}
/* show initial open file limits */
#ifdef RLIM_INFINITY
if (rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_cur);
fprintf(stderr, "initial soft limit: %s\n", strbuff);
#ifdef RLIM_INFINITY
if (rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_max);
fprintf(stderr, "initial hard limit: %s\n", strbuff);
/* show our constants */
fprintf(stderr, "test518 FD_SETSIZE: %d\n", FD_SETSIZE);
fprintf(stderr, "test518 NUM_OPEN : %d\n", NUM_OPEN);
fprintf(stderr, "test518 NUM_NEEDED: %d\n", NUM_NEEDED);
/*
* if soft limit and hard limit are different we ask the
* system to raise soft limit all the way up to the hard
* limit. Due to some other system limit the soft limit
* might not be raised up to the hard limit. So from this
* point the resulting soft limit is our limit. Trying to
* open more than soft limit file descriptors will fail.
*/
if (rl.rlim_cur != rl.rlim_max) {
#ifdef OPEN_MAX
if ((rl.rlim_cur > 0) &&
(rl.rlim_cur < OPEN_MAX)) {
fprintf(stderr, "raising soft limit up to OPEN_MAX\n");
rl.rlim_cur = OPEN_MAX;
if (setrlimit(RLIMIT_NOFILE, &rl) != 0) {
/* on failure don't abort just issue a warning */
store_errmsg("setrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
msgbuff[0] = '\0';
}
}
#endif
fprintf(stderr, "raising soft limit up to hard limit\n");
rl.rlim_cur = rl.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &rl) != 0) {
/* on failure don't abort just issue a warning */
store_errmsg("setrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
msgbuff[0] = '\0';
}
/* get current open file limits */
if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
store_errmsg("getrlimit() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
return -3;
}
/* show current open file limits */
#ifdef RLIM_INFINITY
if (rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_cur);
fprintf(stderr, "current soft limit: %s\n", strbuff);
#ifdef RLIM_INFINITY
if (rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_max);
fprintf(stderr, "current hard limit: %s\n", strbuff);
} /* (rl.rlim_cur != rl.rlim_max) */
/*
* test 518 is all about testing libcurl functionality
* when more than FD_SETSIZE file descriptors are open.
* This means that if for any reason we are not able to
* open more than FD_SETSIZE file descriptors then test
* 518 should not be run.
*/
/*
* verify that soft limit is higher than NUM_NEEDED,
* which is the number of file descriptors we would
* try to open plus SAFETY_MARGIN to not exhaust the
* file descriptor pool
*/
num_open.rlim_cur = NUM_NEEDED;
if ((rl.rlim_cur > 0) &&
#ifdef RLIM_INFINITY
(rl.rlim_cur != RLIM_INFINITY) &&
#endif
(rl.rlim_cur <= num_open.rlim_cur)) {
sprintf(strbuff2, fmt, rl.rlim_cur);
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "fds needed %s > system limit %s",
strbuff1, strbuff2);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
return -4;
}
/*
* reserve a chunk of memory before opening file descriptors to
* avoid a low memory condition once the file descriptors are
* open. System conditions that could make the test fail should
* be addressed in the precheck phase. This chunk of memory shall
* be always free()ed before exiting the rlimit() function so
* that it becomes available to the test.
*/
for (nitems = i = 1; nitems <= i; i *= 2)
nitems = i;
if (nitems > 0x7fff)
nitems = 0x40000;
do {
num_open.rlim_max = sizeof(*memchunk) * (size_t)nitems;
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "allocating memchunk %s byte array\n", strbuff);
memchunk = malloc(sizeof(*memchunk) * (size_t)nitems);
if (!memchunk) {
fprintf(stderr, "memchunk, malloc() failed\n");
nitems /= 2;
}
} while (nitems && !memchunk);
if (!memchunk) {
store_errmsg("memchunk, malloc() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
return -5;
}
/* initialize it to fight lazy allocation */
fprintf(stderr, "initializing memchunk array\n");
for (i = 0; i < nitems; i++)
memchunk[i] = -1;
/* set the number of file descriptors we will try to open */
num_open.rlim_max = NUM_OPEN;
/* verify that we won't overflow size_t in malloc() */
if ((size_t)(num_open.rlim_max) > ((size_t)-1) / sizeof(*fd)) {
sprintf(strbuff1, fmt, num_open.rlim_max);
sprintf(strbuff, "unable to allocate an array for %s "
"file descriptors, would overflow size_t", strbuff1);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
free(memchunk);
return -6;
}
/* allocate array for file descriptors */
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "allocating array for %s file descriptors\n", strbuff);
fd = malloc(sizeof(*fd) * (size_t)(num_open.rlim_max));
if (!fd) {
store_errmsg("fd, malloc() failed", ERRNO);
fprintf(stderr, "%s\n", msgbuff);
free(memchunk);
return -7;
}
/* initialize it to fight lazy allocation */
fprintf(stderr, "initializing fd array\n");
for (num_open.rlim_cur = 0;
num_open.rlim_cur < num_open.rlim_max;
num_open.rlim_cur++)
fd[num_open.rlim_cur] = -1;
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "trying to open %s file descriptors\n", strbuff);
/* open a dummy descriptor */
fd[0] = open(DEV_NULL, O_RDONLY);
if (fd[0] < 0) {
sprintf(strbuff, "opening of %s failed", DEV_NULL);
store_errmsg(strbuff, ERRNO);
fprintf(stderr, "%s\n", msgbuff);
free(fd);
fd = NULL;
free(memchunk);
return -8;
}
/* create a bunch of file descriptors */
for (num_open.rlim_cur = 1;
num_open.rlim_cur < num_open.rlim_max;
num_open.rlim_cur++) {
fd[num_open.rlim_cur] = dup(fd[0]);
if (fd[num_open.rlim_cur] < 0) {
fd[num_open.rlim_cur] = -1;
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "dup() attempt %s failed", strbuff1);
fprintf(stderr, "%s\n", strbuff);
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "fds system limit seems close to %s", strbuff1);
fprintf(stderr, "%s\n", strbuff);
num_open.rlim_max = NUM_NEEDED;
sprintf(strbuff2, fmt, num_open.rlim_max);
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "fds needed %s > system limit %s",
strbuff2, strbuff1);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
for (num_open.rlim_cur = 0;
fd[num_open.rlim_cur] >= 0;
num_open.rlim_cur++)
close(fd[num_open.rlim_cur]);
free(fd);
fd = NULL;
free(memchunk);
return -9;
}
}
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "%s file descriptors open\n", strbuff);
#if !defined(HAVE_POLL_FINE) && \
!defined(USE_WINSOCK) && \
!defined(TPF)
/*
* when using select() instead of poll() we cannot test
* libcurl functionality with a socket number equal or
* greater than FD_SETSIZE. In any case, macro VERIFY_SOCK
* in lib/select.c enforces this check and protects libcurl
* from a possible crash. The effect of this protection
* is that test 518 will always fail, since the actual
* call to select() never takes place. We skip test 518
* with an indication that select limit would be exceeded.
*/
num_open.rlim_cur = FD_SETSIZE - SAFETY_MARGIN;
if (num_open.rlim_max > num_open.rlim_cur) {
sprintf(strbuff, "select limit is FD_SETSIZE %d", FD_SETSIZE);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
close_file_descriptors();
free(memchunk);
return -10;
}
num_open.rlim_cur = FD_SETSIZE - SAFETY_MARGIN;
for (rl.rlim_cur = 0;
rl.rlim_cur < num_open.rlim_max;
rl.rlim_cur++) {
if ((fd[rl.rlim_cur] > 0) &&
((unsigned int)fd[rl.rlim_cur] > num_open.rlim_cur)) {
sprintf(strbuff, "select limit is FD_SETSIZE %d", FD_SETSIZE);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
close_file_descriptors();
free(memchunk);
return -11;
}
}
#endif /* using a FD_SETSIZE bound select() */
/*
* Old or 'backwards compatible' implementations of stdio do not allow
* handling of streams with an underlying file descriptor number greater
* than 255, even when allowing high numbered file descriptors for sockets.
* At this point we have a big number of file descriptors which have been
* opened using dup(), so lets test the stdio implementation and discover
* if it is capable of fopen()ing some additional files.
*/
if (!fopen_works()) {
sprintf(strbuff1, fmt, num_open.rlim_max);
sprintf(strbuff, "stdio fopen() fails with %s fds open()",
strbuff1);
fprintf(stderr, "%s\n", msgbuff);
sprintf(strbuff, "stdio fopen() fails with lots of fds open()");
store_errmsg(strbuff, 0);
close_file_descriptors();
free(memchunk);
return -12;
}
/* free the chunk of memory we were reserving so that it
becomes becomes available to the test */
free(memchunk);
/* close file descriptors unless instructed to keep them */
if (!keep_open) {
close_file_descriptors();
}
return 0;
}
static int rlimit(int keep_open)
{
int nitems, i;
int *memchunk = NULL;
char *fmt;
struct rlimit rl;
char strbuff[256];
char strbuff1[81];
char strbuff2[81];
char fmt_u[] = "%u";
char fmt_lu[] = "%lu";
#ifdef HAVE_LONGLONG
char fmt_llu[] = "%llu";
if (sizeof(rl.rlim_max) > sizeof(long))
fmt = fmt_llu;
else
#endif
fmt = (sizeof(rl.rlim_max) < sizeof(long))?fmt_u:fmt_lu;
/* get initial open file limits */
if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
store_errmsg("getrlimit() failed", our_errno());
fprintf(stderr, "%s\n", msgbuff);
return -1;
}
/* show initial open file limits */
#ifdef RLIM_INFINITY
if (rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_cur);
fprintf(stderr, "initial soft limit: %s\n", strbuff);
#ifdef RLIM_INFINITY
if (rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_max);
fprintf(stderr, "initial hard limit: %s\n", strbuff);
/* show our constants */
fprintf(stderr, "test518 FD_SETSIZE: %d\n", FD_SETSIZE);
fprintf(stderr, "test518 NUM_OPEN : %d\n", NUM_OPEN);
fprintf(stderr, "test518 NUM_NEEDED: %d\n", NUM_NEEDED);
/*
* if soft limit and hard limit are different we ask the
* system to raise soft limit all the way up to the hard
* limit. Due to some other system limit the soft limit
* might not be raised up to the hard limit. So from this
* point the resulting soft limit is our limit. Trying to
* open more than soft limit file descriptors will fail.
*/
if (rl.rlim_cur != rl.rlim_max) {
fprintf(stderr, "raising soft limit up to hard limit\n");
rl.rlim_cur = rl.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &rl) != 0) {
store_errmsg("setrlimit() failed", our_errno());
fprintf(stderr, "%s\n", msgbuff);
return -2;
}
/* get current open file limits */
if (getrlimit(RLIMIT_NOFILE, &rl) != 0) {
store_errmsg("getrlimit() failed", our_errno());
fprintf(stderr, "%s\n", msgbuff);
return -3;
}
/* show current open file limits */
#ifdef RLIM_INFINITY
if (rl.rlim_cur == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_cur);
fprintf(stderr, "current soft limit: %s\n", strbuff);
#ifdef RLIM_INFINITY
if (rl.rlim_max == RLIM_INFINITY)
strcpy(strbuff, "INFINITY");
else
#endif
sprintf(strbuff, fmt, rl.rlim_max);
fprintf(stderr, "current hard limit: %s\n", strbuff);
} /* (rl.rlim_cur != rl.rlim_max) */
/*
* test 518 is all about testing libcurl functionality
* when more than FD_SETSIZE file descriptors are open.
* This means that if for any reason we are not able to
* open more than FD_SETSIZE file descriptors then test
* 518 should not be run.
*/
/*
* verify that soft limit is higher than NUM_NEEDED,
* which is the number of file descriptors we would
* try to open plus SAFETY_MARGIN to not exhaust the
* file descriptor pool
*/
num_open.rlim_cur = NUM_NEEDED;
if ((rl.rlim_cur > 0) &&
#ifdef RLIM_INFINITY
(rl.rlim_cur != RLIM_INFINITY) &&
#endif
(rl.rlim_cur <= num_open.rlim_cur)) {
sprintf(strbuff2, fmt, rl.rlim_cur);
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "fds needed %s > system limit %s",
strbuff1, strbuff2);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
return -4;
}
/*
* reserve a chunk of memory before opening file descriptors to
* avoid a low memory condition once the file descriptors are
* open. System conditions that could make the test fail should
* be addressed in the precheck phase. This chunk of memory shall
* be always free()ed before exiting the rlimit() function so
* that it becomes available to the test.
*/
for (nitems = i = 1; nitems <= i; i *= 2)
nitems = i;
if (nitems > 0x7fff)
nitems = 0x40000;
do {
num_open.rlim_max = sizeof(*memchunk) * (size_t)nitems;
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "allocating memchunk %s byte array\n", strbuff);
memchunk = malloc(sizeof(*memchunk) * (size_t)nitems);
if (!memchunk) {
fprintf(stderr, "memchunk, malloc() failed\n");
nitems /= 2;
}
} while (nitems && !memchunk);
if (!memchunk) {
store_errmsg("memchunk, malloc() failed", our_errno());
fprintf(stderr, "%s\n", msgbuff);
return -5;
}
/* initialize it to fight lazy allocation */
fprintf(stderr, "initializing memchunk array\n");
for (i = 0; i < nitems; i++)
memchunk[i] = -1;
/* set the number of file descriptors we will try to open */
num_open.rlim_max = NUM_OPEN;
/* verify that we won't overflow size_t in malloc() */
if ((size_t)(num_open.rlim_max) > ((size_t)-1) / sizeof(*fd)) {
sprintf(strbuff1, fmt, num_open.rlim_max);
sprintf(strbuff, "unable to allocate an array for %s "
"file descriptors, would overflow size_t", strbuff1);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
free(memchunk);
return -6;
}
/* allocate array for file descriptors */
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "allocating array for %s file descriptors\n", strbuff);
fd = malloc(sizeof(*fd) * (size_t)(num_open.rlim_max));
if (!fd) {
store_errmsg("fd, malloc() failed", our_errno());
fprintf(stderr, "%s\n", msgbuff);
free(memchunk);
return -7;
}
/* initialize it to fight lazy allocation */
fprintf(stderr, "initializing fd array\n");
for (num_open.rlim_cur = 0;
num_open.rlim_cur < num_open.rlim_max;
num_open.rlim_cur++)
fd[num_open.rlim_cur] = -1;
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "trying to open %s file descriptors\n", strbuff);
/* open a dummy descriptor */
fd[0] = open(DEV_NULL, O_RDONLY);
if (fd[0] < 0) {
sprintf(strbuff, "opening of %s failed", DEV_NULL);
store_errmsg(strbuff, our_errno());
fprintf(stderr, "%s\n", msgbuff);
free(fd);
fd = NULL;
free(memchunk);
return -8;
}
/* create a bunch of file descriptors */
for (num_open.rlim_cur = 1;
num_open.rlim_cur < num_open.rlim_max;
num_open.rlim_cur++) {
fd[num_open.rlim_cur] = dup(fd[0]);
if (fd[num_open.rlim_cur] < 0) {
fd[num_open.rlim_cur] = -1;
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "dup() attempt %s failed", strbuff1);
fprintf(stderr, "%s\n", strbuff);
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "fds system limit seems close to %s", strbuff1);
fprintf(stderr, "%s\n", strbuff);
num_open.rlim_max = NUM_NEEDED;
sprintf(strbuff2, fmt, num_open.rlim_max);
sprintf(strbuff1, fmt, num_open.rlim_cur);
sprintf(strbuff, "fds needed %s > system limit %s",
strbuff2, strbuff1);
store_errmsg(strbuff, 0);
fprintf(stderr, "%s\n", msgbuff);
for (num_open.rlim_cur = 0;
fd[num_open.rlim_cur] >= 0;
num_open.rlim_cur++)
close(fd[num_open.rlim_cur]);
free(fd);
fd = NULL;
free(memchunk);
return -9;
}
}
sprintf(strbuff, fmt, num_open.rlim_max);
fprintf(stderr, "%s file descriptors open\n", strbuff);
/* free the chunk of memory we were reserving so that it
becomes becomes available to the test */
free(memchunk);
/* close file descriptors unless instructed to keep them */
if (!keep_open) {
close_file_descriptors();
}
return 0;
}
static int
launch_uml (guestfs_h *g, void *datav, const char *arg)
{
struct backend_uml_data *data = datav;
CLEANUP_FREE_STRINGSBUF DECLARE_STRINGSBUF (cmdline);
int console_sock = -1, daemon_sock = -1;
int r;
int csv[2], dsv[2];
CLEANUP_FREE char *kernel = NULL, *initrd = NULL, *appliance = NULL;
int has_appliance_drive;
CLEANUP_FREE char *appliance_cow = NULL;
uint32_t size;
CLEANUP_FREE void *buf = NULL;
struct drive *drv;
size_t i;
struct hv_param *hp;
char *term = getenv ("TERM");
if (!uml_supported (g))
return -1;
if (!g->nr_drives) {
error (g, _("you must call guestfs_add_drive before guestfs_launch"));
return -1;
}
/* Assign a random unique ID to this run. */
if (guestfs_int_random_string (data->umid, UML_UMID_LEN) == -1) {
perrorf (g, "guestfs_int_random_string");
return -1;
}
/* Locate and/or build the appliance. */
if (guestfs_int_build_appliance (g, &kernel, &initrd, &appliance) == -1)
return -1;
has_appliance_drive = appliance != NULL;
/* Create COW overlays for the appliance. Note that the documented
* syntax ubd0=cow,orig does not work since kernel 3.3. See:
* http://thread.gmane.org/gmane.linux.uml.devel/13556
*/
if (has_appliance_drive) {
appliance_cow = make_cow_overlay (g, appliance);
if (!appliance_cow)
goto cleanup0;
}
/* The socket that the daemon will talk to us on.
*/
if (socketpair (AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, dsv) == -1) {
perrorf (g, "socketpair");
goto cleanup0;
}
/* The console socket. */
if (!g->direct_mode) {
if (socketpair (AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC, 0, csv) == -1) {
perrorf (g, "socketpair");
close (dsv[0]);
close (dsv[1]);
goto cleanup0;
}
}
/* Construct the vmlinux command line. We have to do this before
* forking, because after fork we are not allowed to use
* non-signal-safe functions such as malloc.
*/
#define ADD_CMDLINE(str) \
guestfs_int_add_string (g, &cmdline, (str))
#define ADD_CMDLINE_PRINTF(fs,...) \
guestfs_int_add_sprintf (g, &cmdline, (fs), ##__VA_ARGS__)
ADD_CMDLINE (g->hv);
/* Give this instance a unique random ID. */
ADD_CMDLINE_PRINTF ("umid=%s", data->umid);
/* Set memory size. */
ADD_CMDLINE_PRINTF ("mem=%dM", g->memsize);
/* vmlinux appears to ignore this, but let's add it anyway. */
ADD_CMDLINE_PRINTF ("initrd=%s", initrd);
/* Make sure our appliance init script runs first. */
ADD_CMDLINE ("init=/init");
/* This tells the /init script not to reboot at the end. */
ADD_CMDLINE ("guestfs_noreboot=1");
/* Root filesystem should be mounted read-write (default seems to
* be "ro").
*/
ADD_CMDLINE ("rw");
/* See also guestfs_int_appliance_command_line. */
if (g->verbose)
ADD_CMDLINE ("guestfs_verbose=1");
ADD_CMDLINE ("panic=1");
ADD_CMDLINE_PRINTF ("TERM=%s", term ? term : "linux");
if (g->selinux)
ADD_CMDLINE ("selinux=1 enforcing=0");
else
ADD_CMDLINE ("selinux=0");
/* XXX This isn't quite right. Multiple append args won't work. */
if (g->append)
ADD_CMDLINE (g->append);
/* Add the drives. */
ITER_DRIVES (g, i, drv) {
if (!drv->overlay)
ADD_CMDLINE_PRINTF ("ubd%zu=%s", i, drv->src.u.path);
else
ADD_CMDLINE_PRINTF ("ubd%zu=%s", i, drv->overlay);
}
/* Add the ext2 appliance drive (after all the drives). */
if (has_appliance_drive) {
char drv_name[64] = "ubd";
guestfs_int_drive_name (g->nr_drives, &drv_name[3]);
ADD_CMDLINE_PRINTF ("ubd%zu=%s", g->nr_drives, appliance_cow);
ADD_CMDLINE_PRINTF ("root=/dev/%s", drv_name);
}
/* Create the daemon socket. */
ADD_CMDLINE_PRINTF ("ssl3=fd:%d", dsv[1]);
ADD_CMDLINE ("guestfs_channel=/dev/ttyS3");
/* Add any vmlinux parameters. */
for (hp = g->hv_params; hp; hp = hp->next) {
ADD_CMDLINE (hp->hv_param);
if (hp->hv_value)
ADD_CMDLINE (hp->hv_value);
}
/* Finish off the command line. */
guestfs_int_end_stringsbuf (g, &cmdline);
r = fork ();
if (r == -1) {
perrorf (g, "fork");
if (!g->direct_mode) {
close (csv[0]);
close (csv[1]);
}
close (dsv[0]);
close (dsv[1]);
goto cleanup0;
}
if (r == 0) { /* Child (vmlinux). */
/* Set up the daemon socket for the child. */
close (dsv[0]);
set_cloexec_flag (dsv[1], 0); /* so it doesn't close across exec */
if (!g->direct_mode) {
/* Set up stdin, stdout, stderr. */
close (0);
close (1);
close (csv[0]);
/* We set the FD_CLOEXEC flag on the socket above, but now (in
* the child) it's safe to unset this flag so vmlinux can use the
* socket.
*/
set_cloexec_flag (csv[1], 0);
/* Stdin. */
if (dup (csv[1]) == -1) {
dup_failed:
perror ("dup failed");
_exit (EXIT_FAILURE);
}
/* Stdout. */
if (dup (csv[1]) == -1)
goto dup_failed;
/* Send stderr to the pipe as well. */
close (2);
if (dup (csv[1]) == -1)
goto dup_failed;
close (csv[1]);
/* RHBZ#1123007 */
close_file_descriptors (fd > 2 && fd != dsv[1]);
}
/* Dump the command line (after setting up stderr above). */
if (g->verbose)
print_vmlinux_command_line (g, cmdline.argv);
/* Put vmlinux in a new process group. */
if (g->pgroup)
setpgid (0, 0);
setenv ("LC_ALL", "C", 1);
execv (g->hv, cmdline.argv); /* Run vmlinux. */
perror (g->hv);
_exit (EXIT_FAILURE);
}
/* Parent (library). */
data->pid = r;
/* Fork the recovery process off which will kill vmlinux if the
* parent process fails to do so (eg. if the parent segfaults).
*/
data->recoverypid = -1;
if (g->recovery_proc) {
r = fork ();
if (r == 0) {
struct sigaction sa;
pid_t vmlinux_pid = data->pid;
pid_t parent_pid = getppid ();
/* Remove all signal handlers. See the justification here:
* https://www.redhat.com/archives/libvir-list/2008-August/msg00303.html
* We don't mask signal handlers yet, so this isn't completely
* race-free, but better than not doing it at all.
*/
memset (&sa, 0, sizeof sa);
sa.sa_handler = SIG_DFL;
sa.sa_flags = 0;
sigemptyset (&sa.sa_mask);
for (i = 1; i < NSIG; ++i)
sigaction (i, &sa, NULL);
/* Close all other file descriptors. This ensures that we don't
* hold open (eg) pipes from the parent process.
*/
close_file_descriptors (1);
/* It would be nice to be able to put this in the same process
* group as vmlinux (ie. setpgid (0, vmlinux_pid)). However
* this is not possible because we don't have any guarantee here
* that the vmlinux process has started yet.
*/
if (g->pgroup)
setpgid (0, 0);
/* Writing to argv is hideously complicated and error prone. See:
* http://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/utils/misc/ps_status.c;hb=HEAD
*/
/* Loop around waiting for one or both of the other processes to
* disappear. It's fair to say this is very hairy. The PIDs that
* we are looking at might be reused by another process. We are
* effectively polling. Is the cure worse than the disease?
*/
for (;;) {
if (kill (vmlinux_pid, 0) == -1)
/* vmlinux's gone away, we aren't needed */
_exit (EXIT_SUCCESS);
if (kill (parent_pid, 0) == -1) {
/* Parent's gone away, vmlinux still around, so kill vmlinux. */
kill (data->pid, SIGKILL);
_exit (EXIT_SUCCESS);
}
sleep (2);
}
}
/* Don't worry, if the fork failed, this will be -1. The recovery
* process isn't essential.
*/
data->recoverypid = r;
}
if (!g->direct_mode) {
/* Close the other end of the console socketpair. */
close (csv[1]);
console_sock = csv[0]; /* stdin of child */
csv[0] = -1;
}
daemon_sock = dsv[0];
close (dsv[1]);
dsv[0] = -1;
g->state = LAUNCHING;
/* Wait for vmlinux to start and to connect back to us via
* virtio-serial and send the GUESTFS_LAUNCH_FLAG message.
*/
g->conn =
guestfs_int_new_conn_socket_connected (g, daemon_sock, console_sock);
if (!g->conn)
goto cleanup1;
/* g->conn now owns these sockets. */
daemon_sock = console_sock = -1;
/* We now have to wait for vmlinux to start up, the daemon to start
* running, and for it to send the GUESTFS_LAUNCH_FLAG to us.
*/
r = guestfs_int_recv_from_daemon (g, &size, &buf);
if (r == -1) {
guestfs_int_launch_failed_error (g);
goto cleanup1;
}
if (size != GUESTFS_LAUNCH_FLAG) {
guestfs_int_launch_failed_error (g);
goto cleanup1;
}
if (g->verbose)
guestfs_int_print_timestamped_message (g, "appliance is up");
/* This is possible in some really strange situations, such as
* guestfsd starts up OK but then vmlinux immediately exits. Check
* for it because the caller is probably expecting to be able to
* send commands after this function returns.
*/
if (g->state != READY) {
error (g, _("vmlinux launched and contacted daemon, but state != READY"));
goto cleanup1;
}
if (has_appliance_drive)
guestfs_int_add_dummy_appliance_drive (g);
return 0;
cleanup1:
if (!g->direct_mode && csv[0] >= 0)
close (csv[0]);
if (dsv[0] >= 0)
close (dsv[0]);
if (data->pid > 0) kill (data->pid, SIGKILL);
if (data->recoverypid > 0) kill (data->recoverypid, SIGKILL);
if (data->pid > 0) waitpid (data->pid, NULL, 0);
if (data->recoverypid > 0) waitpid (data->recoverypid, NULL, 0);
data->pid = 0;
data->recoverypid = 0;
memset (&g->launch_t, 0, sizeof g->launch_t);
cleanup0:
if (daemon_sock >= 0)
close (daemon_sock);
if (console_sock >= 0)
close (console_sock);
if (g->conn) {
g->conn->ops->free_connection (g, g->conn);
g->conn = NULL;
}
g->state = CONFIG;
return -1;
}
