From 253fe724353d356123467a9c7d66f5697f4a3783 Mon Sep 17 00:00:00 2001 From: Chao Wu Date: Sun, 3 Mar 2024 23:34:06 +0800 Subject: [PATCH 1/2] Dragonball: fix test_handler_insert_region the mmap region start guest addr hard-code a value and later there would be check whether the mentioned addr is larger than or equal to mem_end (default to host_phy_mem >> 1) in order to satisfy the requirement for DaxMemory. Since github virt machine phy_mem is larger than previous CI machine we use, the hard-code value could no longer be worked. To fix this, we change the address to mem_end in unit test to avoid the influence of host machine change. fixes: #9207 Signed-off-by: Chao Wu --- src/dragonball/src/device_manager/mod.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/dragonball/src/device_manager/mod.rs b/src/dragonball/src/device_manager/mod.rs index f0958b1166..e8e660985a 100644 --- a/src/dragonball/src/device_manager/mod.rs +++ b/src/dragonball/src/device_manager/mod.rs @@ -1429,11 +1429,7 @@ mod tests { Some(vm.vm_config().clone()), vm.shared_info().clone(), ); - #[cfg(target_arch = "x86_64")] - let guest_addr = GuestAddress(0x200000000000); - // TODO: #7290 - https://github.com/kata-containers/kata-containers/issues/7290 - #[cfg(target_arch = "aarch64")] - let guest_addr = GuestAddress(0xF800000000); + let guest_addr = GuestAddress(*dbs_boot::layout::GUEST_MEM_END); let cache_len = 1024 * 1024 * 1024; let mmap_region = MmapRegion::build( From 9f0eab904b4e559e7e8f1edc8c1ad351dd9f3ebc Mon Sep 17 00:00:00 2001 From: Chao Wu Date: Sun, 3 Mar 2024 23:35:40 +0800 Subject: [PATCH 2/2] Dragonball: fix test_signal_handler a) There is some unknown syscalls triggered in new github virt machine that would break the make test process with SIGSYS after applying SeccompFilter. In order to fix this, we change the allowlist in this unit test for seccompfileter into a blocklist to avoid meeting the unknown syscalls. b) lazy static METRICS is not fully initialize in the unit test and may lead to unstable result for this UT. fixes: #9207 Signed-off-by: Chao Wu --- src/dragonball/src/signal_handler.rs | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/src/dragonball/src/signal_handler.rs b/src/dragonball/src/signal_handler.rs index 0890294e4a..7f368a9cf6 100644 --- a/src/dragonball/src/signal_handler.rs +++ b/src/dragonball/src/signal_handler.rs @@ -156,28 +156,17 @@ mod tests { #[test] fn test_signal_handler() { + // When METRICS initializes lazy, it will call the call_once to add locks. + // If the signal interrupts the initialization process, initializing again the + // metrics in the signal interrupt handler will cause a deadlock. + lazy_static::initialize(&METRICS); let child = thread::spawn(move || { assert!(register_signal_handlers().is_ok()); let filter = SeccompFilter::new( - vec![ - (libc::SYS_brk, vec![]), - (libc::SYS_exit, vec![]), - (libc::SYS_futex, vec![]), - (libc::SYS_getpid, vec![]), - (libc::SYS_munmap, vec![]), - (libc::SYS_kill, vec![]), - (libc::SYS_rt_sigprocmask, vec![]), - (libc::SYS_rt_sigreturn, vec![]), - (libc::SYS_sched_getaffinity, vec![]), - (libc::SYS_set_tid_address, vec![]), - (libc::SYS_sigaltstack, vec![]), - (libc::SYS_write, vec![]), - ] - .into_iter() - .collect(), - SeccompAction::Trap, + vec![(libc::SYS_mkdirat, vec![])].into_iter().collect(), SeccompAction::Allow, + SeccompAction::Trap, std::env::consts::ARCH.try_into().unwrap(), ) .unwrap();