From 951e313b9ace658b7a1d01ee9febaa26f6afe6ea Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 19 Jun 2025 18:42:03 +0900 Subject: [PATCH 1/4] TEST-21-DFUZZER: update the list of destructive methods --- test/units/TEST-21-DFUZZER.sh | 81 +++++++++++++++++++++++++++++++---- 1 file changed, 73 insertions(+), 8 deletions(-) diff --git a/test/units/TEST-21-DFUZZER.sh b/test/units/TEST-21-DFUZZER.sh index ac49938c38..11fc3b85c7 100755 --- a/test/units/TEST-21-DFUZZER.sh +++ b/test/units/TEST-21-DFUZZER.sh @@ -43,19 +43,84 @@ trap at_exit EXIT systemctl log-level info -# FIXME: systemd-run doesn't play well with daemon-reexec -# See: https://github.com/systemd/systemd/issues/27204 -add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Manager:Reexecute FIXME" - -add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Manager:SoftReboot destructive" -add_suppression "org.freedesktop.login1" "Sleep destructive" - # Skip calling start and stop methods on unit objects, as doing that is not only time consuming, but it also # starts/stops units that interfere with the machine state. The actual code paths should be covered (to some # degree) by the respective method counterparts on the manager object. -for method in Start Stop Restart ReloadOrRestart ReloadOrTryRestart Kill; do +MANAGER_METHOD_FILTER=( + StartUnit + StartUnitWithFlags + StartUnitReplace + StopUnit + RestartUnit + TryRestartUnit + ReloadOrRestartUnit + ReloadOrTryRestartUnit + KillUnit + QueueSignalUnit + FreezeUnit + AttachProcessesToUnit + RemoveSubgroupFromUnit + AbandonScope + CancelJob + Exit + Reboot + SoftReboot + PowerOff + Halt + KExec + SwitchRoot + EnqueueMarkedJobs +) +UNIT_METHOD_FILTER=( + Start + Stop + Restart + TryRestart + ReloadOrRestart + ReloadOrTryRestart + Kill + QueueSignal + Freeze +) +SCOPE_METHOD_FILTER=( + Abandon +) +JOB_METHOD_FILTER=( + Cancel +) +LOGIN_METHOD_FILTER=( + FlushDevices # This triggers all devices and makes the system super heavy + PowerOff + PowerOffWithFlags + Reboot + RebootWithFlags + Halt + HaltWithFlags + Suspend + SuspendWithFlags + Hibernate + HibernateWithFlags + HybridSleep + HybridSleepWithFlags + SuspendThenHibernate + SuspendThenHibernateWithFlags + ScheduleShutdown +) +for method in "${MANAGER_METHOD_FILTER[@]}"; do + add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Manager:$method" +done +for method in "${UNIT_METHOD_FILTER[@]}"; do add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Unit:$method" done +for method in "${SCOPE_METHOD_FILTER[@]}"; do + add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Scope:$method" +done +for method in "${JOB_METHOD_FILTER[@]}"; do + add_suppression "org.freedesktop.systemd1" "org.freedesktop.systemd1.Job:$method" +done +for method in "${LOGIN_METHOD_FILTER[@]}"; do + add_suppression "org.freedesktop.login1" "org.freedesktop.login1.Manager:$method" +done cat /etc/dfuzzer.conf From 5e2b606e4e3939b057395feaadee01ef68b43286 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 19 Jun 2025 19:01:57 +0900 Subject: [PATCH 2/4] TEST-21-DFUZZER: first test session bus, then service bus, finally system bus --- test/units/TEST-21-DFUZZER.sh | 43 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/test/units/TEST-21-DFUZZER.sh b/test/units/TEST-21-DFUZZER.sh index 11fc3b85c7..cc02956ac3 100755 --- a/test/units/TEST-21-DFUZZER.sh +++ b/test/units/TEST-21-DFUZZER.sh @@ -135,7 +135,6 @@ BUS_LIST=( org.freedesktop.machine1 org.freedesktop.portable1 org.freedesktop.resolve1 - org.freedesktop.systemd1 org.freedesktop.timedate1 ) @@ -160,10 +159,6 @@ elif busctl introspect org.freedesktop.network1 / &>/dev/null; then ) fi -SESSION_BUS_LIST=( - org.freedesktop.systemd1 -) - # Maximum payload size generated by dfuzzer (in bytes) - default: 50K PAYLOAD_MAX=50000 # Tweak the maximum payload size if we're running under sanitizers, since @@ -172,33 +167,37 @@ if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then PAYLOAD_MAX=10000 # 10K fi +test_systemd() { + systemd-run "$@" --pipe --wait \ + -- dfuzzer -b "$PAYLOAD_MAX" -n org.freedesktop.systemd1 + + # Let's reload the systemd user daemon to test (de)serialization as well + systemctl "$@" daemon-reload + # FIXME: explicitly trigger reexecute until systemd/systemd#27204 is resolved + systemctl "$@" daemon-reexec +} + +# Let's first test the session bus before the system one, as it may be in a +# spurious state after fuzzing the system bus or login bus. +echo "Bus: org.freedesktop.systemd1 (session)" +test_systemd --machine 'testuser@.host' --user + # Overmount /var/lib/machines with a size-limited tmpfs, as fuzzing # the org.freedesktop.machine1 stuff makes quite a mess mount -t tmpfs -o size=50M tmpfs /var/lib/machines -# Fuzz both the system and the session buses (where applicable) +# Next, test the system service buses, as the services may be in a spurious +# state after fuzzing the system service manager bus. for bus in "${BUS_LIST[@]}"; do - echo "Bus: $bus (system)" + echo "Bus: $bus" systemd-run --pipe --wait \ -- dfuzzer -b "$PAYLOAD_MAX" -n "$bus" - - # Let's reload the systemd daemon to test (de)serialization as well - systemctl daemon-reload - # FIXME: explicitly trigger reexecute until systemd/systemd#27204 is resolved - systemctl daemon-reexec done umount /var/lib/machines -for bus in "${SESSION_BUS_LIST[@]}"; do - echo "Bus: $bus (session)" - systemd-run --machine 'testuser@.host' --user --pipe --wait \ - -- dfuzzer -b "$PAYLOAD_MAX" -n "$bus" - - # Let's reload the systemd user daemon to test (de)serialization as well - systemctl --machine 'testuser@.host' --user daemon-reload - # FIXME: explicitly trigger reexecute until systemd/systemd#27204 is resolved - systemctl --machine 'testuser@.host' --user daemon-reexec -done +# Finally, test the system bus. +echo "Bus: org.freedesktop.systemd1 (system)" +test_systemd touch /testok From 2487f72bdc9c8c718c5ce7c46d9804de03c0f7eb Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Tue, 17 Jun 2025 03:17:36 +0900 Subject: [PATCH 3/4] TEST-21-DFUZZER: enable services to be tested Since e19e17df579823093238edb60470b29a2c5e24a6, timesyncd is disabled by default, and fuzzing for timesyncd failed. ``` [ 754.247451] TEST-21-DFUZZER.sh[658]: Bus: org.freedesktop.timesync1 (system) [ 754.247725] TEST-21-DFUZZER.sh[658]: + systemd-run --pipe --wait -- dfuzzer -b 10000 -n org.freedesktop.timesync1 [ 754.282237] TEST-21-DFUZZER.sh[3236]: Running as unit: run-p3236-i3237.service [ 754.348983] TEST-21-DFUZZER.sh[3238]: [SESSION BUS] [ 754.350443] TEST-21-DFUZZER.sh[3238]: Bus not found. [ 754.350705] TEST-21-DFUZZER.sh[3238]: [SYSTEM BUS] [ 754.359249] TEST-21-DFUZZER.sh[3238]: Error while calling method 'GetConnectionUnixProcessID': GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: The connection does not exist [ 754.359520] TEST-21-DFUZZER.sh[3238]: Couldn't get the PID of the tested process [ 754.359764] TEST-21-DFUZZER.sh[3238]: Exit status: 4 [ 754.386721] TEST-21-DFUZZER.sh[3236]: Finished with result: exit-code [ 754.387331] TEST-21-DFUZZER.sh[3236]: Main processes terminated with: code=exited, status=4/NOPERMISSION [ 754.387537] TEST-21-DFUZZER.sh[3236]: Service runtime: 74ms [ 754.387706] TEST-21-DFUZZER.sh[3236]: CPU time consumed: 21ms [ 754.389210] TEST-21-DFUZZER.sh[3236]: Memory peak: 12.9M (swap: 0B) ``` Also, create dummy interface for networkd and resolved. Fixes #37834. --- test/units/TEST-21-DFUZZER.sh | 80 +++++++++++++++++++++++------------ 1 file changed, 54 insertions(+), 26 deletions(-) diff --git a/test/units/TEST-21-DFUZZER.sh b/test/units/TEST-21-DFUZZER.sh index cc02956ac3..6a0288001b 100755 --- a/test/units/TEST-21-DFUZZER.sh +++ b/test/units/TEST-21-DFUZZER.sh @@ -126,37 +126,51 @@ cat /etc/dfuzzer.conf # TODO # * check for possibly newly introduced buses? -BUS_LIST=( - org.freedesktop.home1 - org.freedesktop.hostname1 - org.freedesktop.import1 - org.freedesktop.locale1 - org.freedesktop.login1 - org.freedesktop.machine1 - org.freedesktop.portable1 - org.freedesktop.resolve1 - org.freedesktop.timedate1 +NAME_LIST=( + home + hostname + import + locale + login + machine + portable + resolve + timedate ) -# systemd-oomd requires PSI -if tail -n +1 /proc/pressure/{cpu,io,memory}; then - BUS_LIST+=( - org.freedesktop.oom1 - ) -fi - # Some services require specific conditions: +# - systemd-oomd requires PSI # - systemd-timesyncd can't run in a container # - systemd-networkd can run in a container if it has CAP_NET_ADMIN capability +if tail -n +1 /proc/pressure/{cpu,io,memory}; then + NAME_LIST+=( oom ) +fi + if ! systemd-detect-virt --container; then - BUS_LIST+=( - org.freedesktop.network1 - org.freedesktop.timesync1 - ) -elif busctl introspect org.freedesktop.network1 / &>/dev/null; then - BUS_LIST+=( - org.freedesktop.network1 - ) + NAME_LIST+=( timesync ) +fi + +if ip link add dummy-fuzz type dummy; then + # if a dummy interface is created, then let's also setup it for resolved + ip link set dummy-fuzz up + ip address add 192.0.2.1/24 dev dummy-fuzz + + # When we can create a dummy interface, we definitely have CAP_NET_ADMIN + NAME_LIST+=( network ) + + # Create unit files for another dummy interface for networkd + mkdir -p /run/systemd/network + cat >/run/systemd/network/10-dummy-fuzz2.netdev </run/systemd/network/10-dummy-fuzz2.network < Date: Sat, 26 Jul 2025 23:19:50 +0900 Subject: [PATCH 4/4] TEST-21-DFUZZER: suppress debugging logs from homed, nsresourced, and userdbd --- test/units/TEST-21-DFUZZER.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/test/units/TEST-21-DFUZZER.sh b/test/units/TEST-21-DFUZZER.sh index 6a0288001b..449c2d8b9d 100755 --- a/test/units/TEST-21-DFUZZER.sh +++ b/test/units/TEST-21-DFUZZER.sh @@ -181,6 +181,19 @@ if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then PAYLOAD_MAX=10000 # 10K fi +# Disable debugging logs from systemd-homed, systemd-nsresourced, and systemd-userdbd. +# Otherwise, journal is filled with the debugging logs by them. +systemctl service-log-level systemd-homed.service info +for service in systemd-nsresourced.service systemd-userdbd.service; do + mkdir -p "/run/systemd/system/${service}.d" + cat >"/run/systemd/system/${service}.d/10-disable-debug.conf" <