Merge pull request #22547 from mrc0mmand/dfuzzer

test: fuzz our dbus interfaces with dfuzzer

test/TEST-01-BASIC/test.sh

@@ -6,6 +6,7 @@ TEST_DESCRIPTION="Basic systemd setup"
 IMAGE_NAME="basic"
 RUN_IN_UNPRIVILEGED_CONTAINER=${RUN_IN_UNPRIVILEGED_CONTAINER:-yes}
 TEST_REQUIRE_INSTALL_TESTS=0
+TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED=0
 
 # shellcheck source=test/test-functions
 . "${TEST_BASE_DIR:?}/test-functions"

test/TEST-21-DFUZZER/Makefile

@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile

test/TEST-21-DFUZZER/test.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+TEST_DESCRIPTION="Fuzz our D-Bus interfaces with dfuzzer"
+TEST_NO_NSPAWN=1
+TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED=0
+QEMU_TIMEOUT="${QEMU_TIMEOUT:-1800}"
+
+# shellcheck source=test/test-functions
+. "${TEST_BASE_DIR:?}/test-functions"
+
+command -v dfuzzer >/dev/null || exit 0
+
+if ! get_bool "$IS_BUILT_WITH_ASAN"; then
+    echo "systemd is built without ASan, skipping..."
+    exit 0
+fi
+
+test_append_files() {
+    local workspace="${1:?}"
+
+    image_install dfuzzer /etc/dfuzzer.conf
+
+    # Enable all systemd-related services, including the D-Bus ones
+    "$SYSTEMCTL" --root="${workspace:?}" preset-all
+}
+
+do_test "$@"

test/test-functions

@@ -40,6 +40,7 @@ IMAGE_NAME=${IMAGE_NAME:-default}
 STRIP_BINARIES="${STRIP_BINARIES:-yes}"
 TEST_REQUIRE_INSTALL_TESTS="${TEST_REQUIRE_INSTALL_TESTS:-1}"
 TEST_PARALLELIZE="${TEST_PARALLELIZE:-0}"
+TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED="${TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED:-1}"
 LOOPDEV=
 
 # Simple wrapper to unify boolean checks.
@@ -98,6 +99,7 @@ SYSTEMD_JOURNAL_REMOTE="${SYSTEMD_JOURNAL_REMOTE:-$(command -v "$BUILD_DIR/syste
 SYSTEMD="${SYSTEMD:-$(command -v "$BUILD_DIR/systemd" || command -v "$ROOTLIBDIR/systemd")}"
 SYSTEMD_NSPAWN="${SYSTEMD_NSPAWN:-$(command -v "$BUILD_DIR/systemd-nspawn" || command -v systemd-nspawn)}"
 JOURNALCTL="${JOURNALCTL:-$(command -v "$BUILD_DIR/journalctl" || command -v journalctl)}"
+SYSTEMCTL="${SYSTEMCTL:-$(command -v "$BUILD_DIR/systemctl" || command -v systemctl)}"
 
 TESTFILE="${BASH_SOURCE[1]}"
 if [ -z "$TESTFILE" ]; then
@@ -2934,9 +2936,8 @@ test_setup() {
         fi
 
         mount_initdir
-        # We want to test all services in TEST-01-BASIC, but mask them in
-        # all other tests
-        if [[ "${TESTID:?}" != "01" ]]; then
+
+        if get_bool "${TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED}"; then
             dinfo "Masking supporting services"
             mask_supporting_services
         fi

test/units/testsuite-21.service

@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Fuzz our D-Bus interfaces with dfuzzer
+After=dbus.service multi-user.target
+Wants=dbus.service multi-user.target
+
+[Service]
+ExecStartPre=rm -f /failed /skipped /testok
+ExecStart=/usr/lib/systemd/tests/testdata/units/%N.sh
+Type=oneshot

test/units/testsuite-21.sh

@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+# Save the end.service state before we start fuzzing, as it might get changed
+# on the fly by one of the fuzzers
+systemctl list-jobs | grep -F 'end.service' && SHUTDOWN_AT_EXIT=1 || SHUTDOWN_AT_EXIT=0
+
+at_exit() {
+    # "Safety net" - check for any coredumps which might have not caused dfuzzer
+    # to stop & return an error (we need to do this now before truncating the
+    # journal)
+    # TODO: check fo ASan/UBSan errors
+    local found_cd=0
+    while read -r exe; do
+        coredumctl info "$exe"
+        found_cd=1
+    done < <(coredumpctl -F COREDUMP_EXE | sort -u)
+    [[ $found_cd -eq 0 ]] || exit 1
+
+    # We have to call the end.service explicitly even if it's specified on
+    # the kernel cmdline via systemd.wants=end.service, since dfuzzer calls
+    # org.freedesktop.systemd1.Manager.ClearJobs() which drops the service
+    # from the queue
+    [[ $SHUTDOWN_AT_EXIT -ne 0 ]] && systemctl start --job-mode=flush end.service
+}
+
+trap at_exit EXIT
+
+systemctl log-level info
+
+# TODO
+#   * check for possibly newly introduced buses?
+BUS_LIST=(
+    org.freedesktop.home1
+    org.freedesktop.hostname1
+    org.freedesktop.import1
+    org.freedesktop.locale1
+    org.freedesktop.login1
+    org.freedesktop.machine1
+    org.freedesktop.network1
+    org.freedesktop.portable1
+    org.freedesktop.resolve1
+    org.freedesktop.systemd1
+    org.freedesktop.timedate1
+    org.freedesktop.timesync1
+)
+
+# systemd-oomd requires PSI
+if tail -n +1 /proc/pressure/{cpu,io,memory}; then
+    BUS_LIST+=(org.freedesktop.oom1)
+fi
+
+SESSION_BUS_LIST=(
+    org.freedesktop.systemd1
+)
+
+# Maximum payload size generated by dfuzzer (in bytes) - default: 50K
+PAYLOAD_MAX=50000
+# Tweak the maximum payload size if we're running under sanitizers, since
+# with larger payloads we start hitting reply timeouts
+if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then
+    PAYLOAD_MAX=10000 # 10K
+fi
+
+# Overmount /var/lib/machines with a size-limited tmpfs, as fuzzing
+# the org.freedesktop.machine1 stuff makes quite a mess
+mount -t tmpfs -o size=50M tmpfs /var/lib/machines
+
+# Fuzz both the system and the session buses (where applicable)
+for bus in "${BUS_LIST[@]}"; do
+    echo "Bus: $bus (system)"
+    systemd-run --pipe --wait \
+                -- dfuzzer -v -b "$PAYLOAD_MAX" -n "$bus"
+
+    # Let's reload the systemd daemon to test (de)serialization as well
+    systemctl daemon-reload
+done
+
+umount /var/lib/machines
+
+for bus in "${SESSION_BUS_LIST[@]}"; do
+    echo "Bus: $bus (session)"
+    systemd-run --machine 'testuser@.host' --user --pipe --wait \
+                -- dfuzzer -v -b "$PAYLOAD_MAX" -n "$bus"
+
+    # Let's reload the systemd user daemon to test (de)serialization as well
+    systemctl --machine 'testuser@.host' --user daemon-reload
+done
+
+echo OK >/testok
+
+exit 0