sandbox/linux/services/broker_process_unittest.cc - Issue 229893002: Add unit test to check for broker FD leak

Side by Side Diff: sandbox/linux/services/broker_process_unittest.cc

Issue 229893002: Add unit test to check for broker FD leak (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Be more explicit about allowing noisy tests Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "sandbox/linux/services/broker_process.h"	5 #include "sandbox/linux/services/broker_process.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <fcntl.h>	8 #include <fcntl.h>

9 #include <sys/stat.h>	9 #include <sys/stat.h>

10 #include <sys/types.h>	10 #include <sys/types.h>

11 #include <sys/wait.h>	11 #include <sys/wait.h>

12 #include <unistd.h>	12 #include <unistd.h>

13	13

14 #include <string>	14 #include <string>

15 #include <vector>	15 #include <vector>

16	16

17 #include "base/basictypes.h"	17 #include "base/basictypes.h"

18 #include "base/bind.h"	18 #include "base/bind.h"

19 #include "base/file_util.h"	19 #include "base/file_util.h"

20 #include "base/files/scoped_file.h"	20 #include "base/files/scoped_file.h"

21 #include "base/logging.h"	21 #include "base/logging.h"

22 #include "base/memory/scoped_ptr.h"	22 #include "base/memory/scoped_ptr.h"

23 #include "base/posix/eintr_wrapper.h"	23 #include "base/posix/eintr_wrapper.h"

	24 #include "base/posix/unix_domain_socket_linux.h"

24 #include "sandbox/linux/tests/test_utils.h"	25 #include "sandbox/linux/tests/test_utils.h"

25 #include "sandbox/linux/tests/unit_tests.h"	26 #include "sandbox/linux/tests/unit_tests.h"

26 #include "testing/gtest/include/gtest/gtest.h"	27 #include "testing/gtest/include/gtest/gtest.h"

27	28

28 namespace sandbox {	29 namespace sandbox {

29	30

30 namespace {	31 namespace {

31	32

32 // Creates and open a temporary file on creation and closes	33 // Creates and open a temporary file on creation and closes

33 // and removes it on destruction.	34 // and removes it on destruction.

(...skipping 393 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
427 // Don't do anything here, so that ASSERT works in the subfunction as	428 // Don't do anything here, so that ASSERT works in the subfunction as

428 // expected.	429 // expected.

429 }	430 }

430	431

431 TEST(BrokerProcess, OpenComplexFlagsNoClientCheck) {	432 TEST(BrokerProcess, OpenComplexFlagsNoClientCheck) {

432 TestOpenComplexFlags(false /* fast_check_in_client */);	433 TestOpenComplexFlags(false /* fast_check_in_client */);

433 // Don't do anything here, so that ASSERT works in the subfunction as	434 // Don't do anything here, so that ASSERT works in the subfunction as

434 // expected.	435 // expected.

435 }	436 }

436	437

	438 // We need to allow noise because the broker will log when it receives our

	439 // bogus IPCs.

	440 SANDBOX_TEST_ALLOW_NOISE(BrokerProcess, RecvMsgDescriptorLeak) {

	441 // Find the lowest available file descriptor currently.

	442 const int min_fd = dup(STDIN_FILENO);
	jln (very slow on Chromium) 2014/04/09 02:25:47 Maybe just create a pipe or open cpuinfo instead? Maybe just create a pipe or open cpuinfo instead? stdin could become problematic if we do something funky to it in an extension of the test. jln (very slow on Chromium) 2014/04/09 02:25:47 While dup(2) will always give you the smallest fd While dup(2) will always give you the smallest fd available, it's not guaranteed to equal the number of fds in use. I don't think it's out of question that because of the complexity of the test framework, a number of file descriptors get open and then closed before this runs. Unfortunately I think you may have no choice but count the number of entries in /proc/self/fd/. You could also binary search this between 0 and sysconf(OPEN_MAX) by trying to dup() a fd. jln (very slow on Chromium) 2014/04/09 02:32:09 I meant "by setting soft rlimit and trying to dup( Show quoted text > You could also binary search this between 0 and > sysconf(OPEN_MAX) by trying to dup() a fd. I meant "by setting soft rlimit and trying to dup() a fd". Or you could just start at 0 and increment since the number is almost certainly very small. mdempsky 2014/04/09 23:29:40 Changed to use pipes. Show quoted text On 2014/04/09 02:25:47, jln wrote: > Maybe just create a pipe or open cpuinfo instead? stdin could become problematic > if we do something funky to it in an extension of the test. Changed to use pipes. mdempsky 2014/04/09 23:29:40 True. I've reworked this to be more robust about Show quoted text On 2014/04/09 02:25:47, jln wrote: > While dup(2) will always give you the smallest fd available, it's not guaranteed > to equal the number of fds in use. True. I've reworked this to be more robust about the process having sparsely allocated file descriptors. Instead of using dup(0) and assuming the next couple should be free too, it allocates two pipes and then closes them again. I don't think I need to check for how many files are actually in use currently because RLIMIT_NOFILE doesn't limit the number of open file descriptors a process can have, it just limits the highest value of a new descriptor. E.g., if I have 100 descriptors but none of them are <10, RLIMIT_NOFILE will still allow me to allocate 10 more file descriptors. So since there aren't any other threads, allocating three extra fds and then setting RLIMIT_NOFILE to 1 greater than the largest of them ensures I'll still be able to allocate those three. I added a comment to help explain this, but let me know if you think more details would be helpful.
	443 SANDBOX_ASSERT(min_fd >= 0);

	444 SANDBOX_ASSERT(0 == IGNORE_EINTR(close(min_fd)));

	445

	446 // Lower our file descriptor limit to just above the current limit so we can
	jln (very slow on Chromium) 2014/04/09 02:25:47 You mean just above the current usage I think? You mean just above the current usage I think?
	447 // test for descriptor leaks easier.

	448 const unsigned kExtraFiles = 8;

	449 const struct rlimit new_rlim = {min_fd + kExtraFiles, min_fd + kExtraFiles};

	450 SANDBOX_ASSERT(0 == setrlimit(RLIMIT_NOFILE, &new_rlim));

	451

	452 const char kCpuInfo[] = "/proc/cpuinfo";

	453 std::vector<std::string> read_whitelist;

	454 read_whitelist.push_back(kCpuInfo);

	455

	456 BrokerProcess open_broker(EPERM, read_whitelist, std::vector<std::string>());

	457 SANDBOX_ASSERT(open_broker.Init(base::Bind(&NoOpCallback)));

	458

	459 static const char kBogus[] = "not a pickle";

	460 const std::vector<int> fds(1, STDIN_FILENO);

	461

	462 for (unsigned i = 0; i < kExtraFiles; ++i) {

	463 SANDBOX_ASSERT(UnixDomainSocket::SendMsg(

	464 open_broker.ipc_socketpair(), kBogus, sizeof(kBogus), fds));

	465 }

	466

	467 const int fd = open_broker.Open(kCpuInfo, O_RDONLY);

	468 SANDBOX_ASSERT(fd >= 0);

	469 SANDBOX_ASSERT(0 == IGNORE_EINTR(close(fd)));

	470 }

	471

437 } // namespace sandbox	472 } // namespace sandbox

OLD	NEW

« no previous file with comments | « sandbox/linux/services/broker_process.h ('k') | sandbox/linux/tests/unit_tests.h » ('j') | no next file with comments »