From 4c50b33ed537359908d977a42a33324ec2964287 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 8 Sep 2015 20:40:55 +0200 Subject: [PATCH] Validate --cpuset-cpus, --cpuset-mems Before this patch libcontainer badly errored out with `invalid argument` or `numerical result out of range` while trying to write to cpuset.cpus or cpuset.mems with an invalid value provided. This patch adds validation to --cpuset-cpus and --cpuset-mems flag along with validation based on system's available cpus/mems before starting a container. Signed-off-by: Antonio Murdaca --- parsers/parsers.go | 52 +++++++++++++++++++++++++++++++++++++++- parsers/parsers_test.go | 38 +++++++++++++++++++++++++++++ sysinfo/sysinfo.go | 39 ++++++++++++++++++++++++++++++ sysinfo/sysinfo_linux.go | 18 ++++++++++++-- sysinfo/sysinfo_test.go | 26 ++++++++++++++++++++ 5 files changed, 170 insertions(+), 3 deletions(-) create mode 100644 sysinfo/sysinfo_test.go diff --git a/parsers/parsers.go b/parsers/parsers.go index 30b1932..75d54c5 100644 --- a/parsers/parsers.go +++ b/parsers/parsers.go @@ -127,7 +127,7 @@ func PartParser(template, data string) (map[string]string, error) { out = make(map[string]string, len(templateParts)) ) if len(parts) != len(templateParts) { - return nil, fmt.Errorf("Invalid format to parse. %s should match template %s", data, template) + return nil, fmt.Errorf("Invalid format to parse. %s should match template %s", data, template) } for i, t := range templateParts { @@ -196,3 +196,53 @@ func ParseLink(val string) (string, string, error) { } return arr[0], arr[1], nil } + +// ParseUintList parses and validates the specified string as the value +// found in some cgroup file (e.g. `cpuset.cpus`, `cpuset.mems`), which could be +// one of the formats below. Note that duplicates are actually allowed in the +// input string. It returns a `map[int]bool` with available elements from `val` +// set to `true`. +// Supported formats: +// 7 +// 1-6 +// 0,3-4,7,8-10 +// 0-0,0,1-7 +// 03,1-3 <- this is gonna get parsed as [1,2,3] +// 3,2,1 +// 0-2,3,1 +func ParseUintList(val string) (map[int]bool, error) { + if val == "" { + return map[int]bool{}, nil + } + + availableInts := make(map[int]bool) + split := strings.Split(val, ",") + errInvalidFormat := fmt.Errorf("invalid format: %s", val) + + for _, r := range split { + if !strings.Contains(r, "-") { + v, err := strconv.Atoi(r) + if err != nil { + return nil, errInvalidFormat + } + availableInts[v] = true + } else { + split := strings.SplitN(r, "-", 2) + min, err := strconv.Atoi(split[0]) + if err != nil { + return nil, errInvalidFormat + } + max, err := strconv.Atoi(split[1]) + if err != nil { + return nil, errInvalidFormat + } + if max < min { + return nil, errInvalidFormat + } + for i := min; i <= max; i++ { + availableInts[i] = true + } + } + } + return availableInts, nil +} diff --git a/parsers/parsers_test.go b/parsers/parsers_test.go index d83722e..49cbdb1 100644 --- a/parsers/parsers_test.go +++ b/parsers/parsers_test.go @@ -1,6 +1,7 @@ package parsers import ( + "reflect" "runtime" "strings" "testing" @@ -238,3 +239,40 @@ func TestParseLink(t *testing.T) { t.Fatalf("Expected error 'bad format for links: link:alias:wrong' but got: %v", err) } } + +func TestParseUintList(t *testing.T) { + valids := map[string]map[int]bool{ + "": {}, + "7": {7: true}, + "1-6": {1: true, 2: true, 3: true, 4: true, 5: true, 6: true}, + "0-7": {0: true, 1: true, 2: true, 3: true, 4: true, 5: true, 6: true, 7: true}, + "0,3-4,7,8-10": {0: true, 3: true, 4: true, 7: true, 8: true, 9: true, 10: true}, + "0-0,0,1-4": {0: true, 1: true, 2: true, 3: true, 4: true}, + "03,1-3": {1: true, 2: true, 3: true}, + "3,2,1": {1: true, 2: true, 3: true}, + "0-2,3,1": {0: true, 1: true, 2: true, 3: true}, + } + for k, v := range valids { + out, err := ParseUintList(k) + if err != nil { + t.Fatalf("Expected not to fail, got %v", err) + } + if !reflect.DeepEqual(out, v) { + t.Fatalf("Expected %v, got %v", v, out) + } + } + + invalids := []string{ + "this", + "1--", + "1-10,,10", + "10-1", + "-1", + "-1,0", + } + for _, v := range invalids { + if out, err := ParseUintList(v); err == nil { + t.Fatalf("Expected failure with %s but got %v", v, out) + } + } +} diff --git a/sysinfo/sysinfo.go b/sysinfo/sysinfo.go index e62eadf..851d176 100644 --- a/sysinfo/sysinfo.go +++ b/sysinfo/sysinfo.go @@ -1,5 +1,7 @@ package sysinfo +import "github.com/docker/docker/pkg/parsers" + // SysInfo stores information about which features a kernel supports. // TODO Windows: Factor out platform specific capabilities. type SysInfo struct { @@ -63,4 +65,41 @@ type cgroupBlkioInfo struct { type cgroupCpusetInfo struct { // Whether Cpuset is supported or not Cpuset bool + + // Available Cpuset's cpus + Cpus string + + // Available Cpuset's memory nodes + Mems string +} + +// IsCpusetCpusAvailable returns `true` if the provided string set is contained +// in cgroup's cpuset.cpus set, `false` otherwise. +// If error is not nil a parsing error occurred. +func (c cgroupCpusetInfo) IsCpusetCpusAvailable(provided string) (bool, error) { + return isCpusetListAvailable(provided, c.Cpus) +} + +// IsCpusetMemsAvailable returns `true` if the provided string set is contained +// in cgroup's cpuset.mems set, `false` otherwise. +// If error is not nil a parsing error occurred. +func (c cgroupCpusetInfo) IsCpusetMemsAvailable(provided string) (bool, error) { + return isCpusetListAvailable(provided, c.Mems) +} + +func isCpusetListAvailable(provided, available string) (bool, error) { + parsedProvided, err := parsers.ParseUintList(provided) + if err != nil { + return false, err + } + parsedAvailable, err := parsers.ParseUintList(available) + if err != nil { + return false, err + } + for k := range parsedProvided { + if !parsedAvailable[k] { + return false, nil + } + } + return true, nil } diff --git a/sysinfo/sysinfo_linux.go b/sysinfo/sysinfo_linux.go index 44f10fa..0ef3fbd 100644 --- a/sysinfo/sysinfo_linux.go +++ b/sysinfo/sysinfo_linux.go @@ -126,7 +126,7 @@ func checkCgroupBlkioInfo(quiet bool) cgroupBlkioInfo { // checkCgroupCpusetInfo reads the cpuset information from the cpuset cgroup mount point. func checkCgroupCpusetInfo(quiet bool) cgroupCpusetInfo { - _, err := cgroups.FindCgroupMountpoint("cpuset") + mountPoint, err := cgroups.FindCgroupMountpoint("cpuset") if err != nil { if !quiet { logrus.Warn(err) @@ -134,7 +134,21 @@ func checkCgroupCpusetInfo(quiet bool) cgroupCpusetInfo { return cgroupCpusetInfo{} } - return cgroupCpusetInfo{Cpuset: true} + cpus, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.cpus")) + if err != nil { + return cgroupCpusetInfo{} + } + + mems, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.mems")) + if err != nil { + return cgroupCpusetInfo{} + } + + return cgroupCpusetInfo{ + Cpuset: true, + Cpus: strings.TrimSpace(string(cpus)), + Mems: strings.TrimSpace(string(mems)), + } } func cgroupEnabled(mountPoint, name string) bool { diff --git a/sysinfo/sysinfo_test.go b/sysinfo/sysinfo_test.go new file mode 100644 index 0000000..b61fbcf --- /dev/null +++ b/sysinfo/sysinfo_test.go @@ -0,0 +1,26 @@ +package sysinfo + +import "testing" + +func TestIsCpusetListAvailable(t *testing.T) { + cases := []struct { + provided string + available string + res bool + err bool + }{ + {"1", "0-4", true, false}, + {"01,3", "0-4", true, false}, + {"", "0-7", true, false}, + {"1--42", "0-7", false, true}, + {"1-42", "00-1,8,,9", false, true}, + {"1,41-42", "43,45", false, false}, + {"0-3", "", false, false}, + } + for _, c := range cases { + r, err := isCpusetListAvailable(c.provided, c.available) + if (c.err && err == nil) && r != c.res { + t.Fatalf("Expected pair: %v, %v for %s, %s. Got %v, %v instead", c.res, c.err, c.provided, c.available, (c.err && err == nil), r) + } + } +}