Message ID | 20220209085213.2882229-1-liwang@redhat.com |
---|---|
State | Accepted |
Headers | show |
Series | [v2] getrusage03: mlock all address space for process calling consume_mb | expand |
Hi! > --- a/testcases/kernel/syscalls/getrusage/getrusage03.c > +++ b/testcases/kernel/syscalls/getrusage/getrusage03.c > @@ -193,4 +193,8 @@ static struct tst_test test = { > .setup = setup, > .test = run, > .tcnt = ARRAY_SIZE(testfunc_list), > + .caps = (struct tst_cap []) { > + TST_CAP(TST_CAP_REQ, CAP_IPC_LOCK), > + {} > + }, > }; I wonder if we should start to track the capabilities like this instead of the .needs_root approach. I guess that it may be useful to keep things granular in the future.
On Wed, Feb 16, 2022 at 5:54 PM Cyril Hrubis <chrubis@suse.cz> wrote: > Hi! > > --- a/testcases/kernel/syscalls/getrusage/getrusage03.c > > +++ b/testcases/kernel/syscalls/getrusage/getrusage03.c > > @@ -193,4 +193,8 @@ static struct tst_test test = { > > .setup = setup, > > .test = run, > > .tcnt = ARRAY_SIZE(testfunc_list), > > + .caps = (struct tst_cap []) { > > + TST_CAP(TST_CAP_REQ, CAP_IPC_LOCK), > > + {} > > + }, > > }; > > I wonder if we should start to track the capabilities like this instead > of the .needs_root approach. I guess that it may be useful to keep > things granular in the future. > I think yes, Linux Capabilities makes it possible for specific privileges to the test process, and avoid that .needs_root limited many tests scenario to skip directly with non-root users. Especially beneficial for running LTP in the docker with only part of root privileges for reasons like strict security verification.
Hi! > I think yes, Linux Capabilities makes it possible for specific privileges to > the test process, and avoid that .needs_root limited many tests scenario > to skip directly with non-root users. Especially beneficial for running LTP > in the docker with only part of root privileges for reasons like strict > security > verification. Looks good then: Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Pushed, thanks.
diff --git a/include/lapi/capability.h b/include/lapi/capability.h index 8cabd0f28..17ec107b1 100644 --- a/include/lapi/capability.h +++ b/include/lapi/capability.h @@ -24,6 +24,10 @@ # define CAP_NET_RAW 13 #endif +#ifndef CAP_IPC_LOCK +# define CAP_IPC_LOCK 14 +#endif + #ifndef CAP_SYS_CHROOT # define CAP_SYS_CHROOT 18 #endif diff --git a/testcases/kernel/syscalls/getrusage/getrusage03.c b/testcases/kernel/syscalls/getrusage/getrusage03.c index 201d258fa..43fab0605 100644 --- a/testcases/kernel/syscalls/getrusage/getrusage03.c +++ b/testcases/kernel/syscalls/getrusage/getrusage03.c @@ -193,4 +193,8 @@ static struct tst_test test = { .setup = setup, .test = run, .tcnt = ARRAY_SIZE(testfunc_list), + .caps = (struct tst_cap []) { + TST_CAP(TST_CAP_REQ, CAP_IPC_LOCK), + {} + }, }; diff --git a/testcases/kernel/syscalls/getrusage/getrusage03.h b/testcases/kernel/syscalls/getrusage/getrusage03.h index f1bbe9be5..b28b9d4c3 100644 --- a/testcases/kernel/syscalls/getrusage/getrusage03.h +++ b/testcases/kernel/syscalls/getrusage/getrusage03.h @@ -16,6 +16,8 @@ static void consume_mb(int consume_nr) size_t size; unsigned long vmswap_size; + mlockall(MCL_CURRENT|MCL_FUTURE); + size = consume_nr * 1024 * 1024; ptr = SAFE_MALLOC(size); memset(ptr, 0, size);
It is trying to test without swap happen to guarantee less disturbing for the ’->ru_maxrss‘ counting. Therefore add mlockall() to prevent that memory address space of the calling process from being paged to the swap area. Due to that lock needs CAP_IPC_LOCK capability and child can not inherit memory locks from parent, here add the definition and put the mlockall() in consume_mb. Signed-off-by: Li Wang <liwang@redhat.com> --- include/lapi/capability.h | 4 ++++ testcases/kernel/syscalls/getrusage/getrusage03.c | 4 ++++ testcases/kernel/syscalls/getrusage/getrusage03.h | 2 ++ 3 files changed, 10 insertions(+)