nixpkgs/nixos/tests/boot-stage1.nix

import ./make-test-python.nix ({ pkgs, ... }: {
  name = "boot-stage1";

  machine = { config, pkgs, lib, ... }: {
    boot.extraModulePackages = let
      compileKernelModule = name: source: pkgs.runCommandCC name rec {
        inherit source;
        kdev = config.boot.kernelPackages.kernel.dev;
        kver = config.boot.kernelPackages.kernel.modDirVersion;
        ksrc = "${kdev}/lib/modules/${kver}/build";
        hardeningDisable = [ "pic" ];
        nativeBuildInputs = kdev.moduleBuildDependencies;
      } ''
        echo "obj-m += $name.o" > Makefile
        echo "$source" > "$name.c"
        make -C "$ksrc" M=$(pwd) modules
        install -vD "$name.ko" "$out/lib/modules/$kver/$name.ko"
      '';

      # This spawns a kthread which just waits until it gets a signal and
      # terminates if that is the case. We want to make sure that nothing during
      # the boot process kills any kthread by accident, like what happened in
      # issue #15226.
      kcanary = compileKernelModule "kcanary" ''
        #include <linux/version.h>
        #include <linux/init.h>
        #include <linux/module.h>
        #include <linux/kernel.h>
        #include <linux/kthread.h>
        #include <linux/sched.h>
        #include <linux/signal.h>
        #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
        #include <linux/sched/signal.h>
        #endif

        struct task_struct *canaryTask;

        static int kcanary(void *nothing)
        {
          allow_signal(SIGINT);
          allow_signal(SIGTERM);
          allow_signal(SIGKILL);
          while (!kthread_should_stop()) {
            set_current_state(TASK_INTERRUPTIBLE);
            schedule_timeout_interruptible(msecs_to_jiffies(100));
            if (signal_pending(current)) break;
          }
          return 0;
        }

        static int kcanaryInit(void)
        {
          kthread_run(&kcanary, NULL, "kcanary");
          return 0;
        }

        static void kcanaryExit(void)
        {
          kthread_stop(canaryTask);
        }

        module_init(kcanaryInit);
        module_exit(kcanaryExit);
      '';

    in lib.singleton kcanary;

    boot.initrd.kernelModules = [ "kcanary" ];

    boot.initrd.extraUtilsCommands = let
      compile = name: source: pkgs.runCommandCC name { inherit source; } ''
        mkdir -p "$out/bin"
        echo "$source" | gcc -Wall -o "$out/bin/$name" -xc -
      '';

      daemonize = name: source: compile name ''
        #include <stdio.h>
        #include <unistd.h>

        void runSource(void) {
        ${source}
        }

        int main(void) {
          if (fork() > 0) return 0;
          setsid();
          runSource();
          return 1;
        }
      '';

      mkCmdlineCanary = { name, cmdline ? "", source ? "" }: (daemonize name ''
        char *argv[] = {"${cmdline}", NULL};
        execvp("${name}-child", argv);
      '') // {
        child = compile "${name}-child" ''
          #include <stdio.h>
          #include <unistd.h>

          int main(void) {
            ${source}
            while (1) sleep(1);
            return 1;
          }
        '';
      };

      copyCanaries = with lib; concatMapStrings (canary: ''
        ${optionalString (canary ? child) ''
          copy_bin_and_libs "${canary.child}/bin/${canary.child.name}"
        ''}
        copy_bin_and_libs "${canary}/bin/${canary.name}"
      '');

    in copyCanaries [
      # Simple canary process which just sleeps forever and should be killed by
      # stage 2.
      (daemonize "canary1" "while (1) sleep(1);")

      # We want this canary process to try mimicking a kthread using a cmdline
      # with a zero length so we can make sure that the process is properly
      # killed in stage 1.
      (mkCmdlineCanary {
        name = "canary2";
        source = ''
          FILE *f;
          f = fopen("/run/canary2.pid", "w");
          fprintf(f, "%d\n", getpid());
          fclose(f);
        '';
      })

      # This canary process mimicks a storage daemon, which we do NOT want to be
      # killed before going into stage 2. For more on root storage daemons, see:
      # https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/
      (mkCmdlineCanary {
        name = "canary3";
        cmdline = "@canary3";
      })
    ];

    boot.initrd.postMountCommands = ''
      canary1
      canary2
      canary3
      # Make sure the pidfile of canary 2 is created so that we still can get
      # its former pid after the killing spree starts next within stage 1.
      while [ ! -s /run/canary2.pid ]; do sleep 0.1; done
    '';
  };

  testScript = ''
    machine.wait_for_unit("multi-user.target")
    machine.succeed("test -s /run/canary2.pid")
    machine.fail("pgrep -a canary1")
    machine.fail("kill -0 $(< /run/canary2.pid)")
    machine.succeed('pgrep -a -f "^@canary3$"')
    machine.succeed('pgrep -a -f "^kcanary$"')
  '';

  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ aszlig ];
})
nixos/boot-stage1: port test to python 2019-11-05 13:48:02 +01:00			`import ./make-test-python.nix ({ pkgs, ... }: {`
nixos/tests: Add a test for boot stage 1 We already have a small regression test for #15226 within the swraid installer test. Unfortunately, we only check there whether the md kthread got signalled but not whether other rampaging processes are still alive that should have been killed. So in order to do this we provide multiple canary processes which are checked after the system has booted up: * canary1: It's a simple forking daemon which just sleeps until it's going to be killed. Of course we expect this process to not be alive anymore after boot up. * canary2: Similar to canary1, but tries to mimick a kthread to make sure that it's going to be properly killed at the end of stage 1. * canary3: Like canary2, but this time using a @ in front of its command name to actually prevent it from being killed. * kcanary: This one is a real kthread and it runs until killed, which shouldn't be the case. Tested with and without 67223ee and everything works as expected, at least on my machine. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 16:06:22 +02:00			`name = "boot-stage1";`

			`machine = { config, pkgs, lib, ... }: {`
			`boot.extraModulePackages = let`
tests/boot-stage1: Use runCommandCC for kcanary Since 97bfc2fac92d90c668ae1ec078356d0bd0a9ddb7, runCommand doesn't include a compiler anymore. So let's switch to the new runCommandCC, which resembles the old state. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-10-09 14:12:45 +02:00			`compileKernelModule = name: source: pkgs.runCommandCC name rec {`
nixos/tests: Add a test for boot stage 1 We already have a small regression test for #15226 within the swraid installer test. Unfortunately, we only check there whether the md kthread got signalled but not whether other rampaging processes are still alive that should have been killed. So in order to do this we provide multiple canary processes which are checked after the system has booted up: * canary1: It's a simple forking daemon which just sleeps until it's going to be killed. Of course we expect this process to not be alive anymore after boot up. * canary2: Similar to canary1, but tries to mimick a kthread to make sure that it's going to be properly killed at the end of stage 1. * canary3: Like canary2, but this time using a @ in front of its command name to actually prevent it from being killed. * kcanary: This one is a real kthread and it runs until killed, which shouldn't be the case. Tested with and without 67223ee and everything works as expected, at least on my machine. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 16:06:22 +02:00			`inherit source;`
			`kdev = config.boot.kernelPackages.kernel.dev;`
			`kver = config.boot.kernelPackages.kernel.modDirVersion;`
			`ksrc = "${kdev}/lib/modules/${kver}/build";`
nixos.tests.boot-stage1: disable pic for kernel module 2016-08-13 09:45:48 +00:00			`hardeningDisable = [ "pic" ];`
nixos.tests.boot-stage1: fix missing libelf 2018-02-22 04:04:49 +01:00			`nativeBuildInputs = kdev.moduleBuildDependencies;`
nixos/tests: Add a test for boot stage 1 We already have a small regression test for #15226 within the swraid installer test. Unfortunately, we only check there whether the md kthread got signalled but not whether other rampaging processes are still alive that should have been killed. So in order to do this we provide multiple canary processes which are checked after the system has booted up: * canary1: It's a simple forking daemon which just sleeps until it's going to be killed. Of course we expect this process to not be alive anymore after boot up. * canary2: Similar to canary1, but tries to mimick a kthread to make sure that it's going to be properly killed at the end of stage 1. * canary3: Like canary2, but this time using a @ in front of its command name to actually prevent it from being killed. * kcanary: This one is a real kthread and it runs until killed, which shouldn't be the case. Tested with and without 67223ee and everything works as expected, at least on my machine. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 16:06:22 +02:00			`} ''`
			`echo "obj-m += $name.o" > Makefile`
			`echo "$source" > "$name.c"`
			`make -C "$ksrc" M=$(pwd) modules`
			`install -vD "$name.ko" "$out/lib/modules/$kver/$name.ko"`
			`'';`

			`# This spawns a kthread which just waits until it gets a signal and`
			`# terminates if that is the case. We want to make sure that nothing during`
			`# the boot process kills any kthread by accident, like what happened in`
			`# issue #15226.`
			`kcanary = compileKernelModule "kcanary" ''`
tests/boot-stage1: Fix build of kcanary module In bfe9c928c18583d3adfb5978a55b48c392649ef5 the default kernel has been updated to version 4.14 and the declarations for allow_signal() and signal_pending() are no longer exposed via kthread.h, so let's actually use the right header files. I've added a condition for kernel 4.10 and upwards to include the linux/sched/signal.h header file, because that got introduced in version 4.10. Even if the declaration would still reside in kthread.h (I haven't checked) for version 4.10 it won't hurt and the compilation will still succeed. Tested against kernel 4.9 and 4.14 and the build now succeeds. Signed-off-by: aszlig <aszlig@nix.build> 2017-11-14 04:30:08 +01:00			`#include <linux/version.h>`
nixos/tests: Add a test for boot stage 1 We already have a small regression test for #15226 within the swraid installer test. Unfortunately, we only check there whether the md kthread got signalled but not whether other rampaging processes are still alive that should have been killed. So in order to do this we provide multiple canary processes which are checked after the system has booted up: * canary1: It's a simple forking daemon which just sleeps until it's going to be killed. Of course we expect this process to not be alive anymore after boot up. * canary2: Similar to canary1, but tries to mimick a kthread to make sure that it's going to be properly killed at the end of stage 1. * canary3: Like canary2, but this time using a @ in front of its command name to actually prevent it from being killed. * kcanary: This one is a real kthread and it runs until killed, which shouldn't be the case. Tested with and without 67223ee and everything works as expected, at least on my machine. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 16:06:22 +02:00			`#include <linux/init.h>`
			`#include <linux/module.h>`
			`#include <linux/kernel.h>`
			`#include <linux/kthread.h>`
			`#include <linux/sched.h>`
tests/boot-stage1: Fix build of kcanary module In bfe9c928c18583d3adfb5978a55b48c392649ef5 the default kernel has been updated to version 4.14 and the declarations for allow_signal() and signal_pending() are no longer exposed via kthread.h, so let's actually use the right header files. I've added a condition for kernel 4.10 and upwards to include the linux/sched/signal.h header file, because that got introduced in version 4.10. Even if the declaration would still reside in kthread.h (I haven't checked) for version 4.10 it won't hurt and the compilation will still succeed. Tested against kernel 4.9 and 4.14 and the build now succeeds. Signed-off-by: aszlig <aszlig@nix.build> 2017-11-14 04:30:08 +01:00			`#include <linux/signal.h>`
			`#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)`
			`#include <linux/sched/signal.h>`
			`#endif`
nixos/tests: Add a test for boot stage 1 We already have a small regression test for #15226 within the swraid installer test. Unfortunately, we only check there whether the md kthread got signalled but not whether other rampaging processes are still alive that should have been killed. So in order to do this we provide multiple canary processes which are checked after the system has booted up: * canary1: It's a simple forking daemon which just sleeps until it's going to be killed. Of course we expect this process to not be alive anymore after boot up. * canary2: Similar to canary1, but tries to mimick a kthread to make sure that it's going to be properly killed at the end of stage 1. * canary3: Like canary2, but this time using a @ in front of its command name to actually prevent it from being killed. * kcanary: This one is a real kthread and it runs until killed, which shouldn't be the case. Tested with and without 67223ee and everything works as expected, at least on my machine. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 16:06:22 +02:00
			`struct task_struct *canaryTask;`

			`static int kcanary(void *nothing)`
			`{`
			`allow_signal(SIGINT);`
			`allow_signal(SIGTERM);`
			`allow_signal(SIGKILL);`
			`while (!kthread_should_stop()) {`
			`set_current_state(TASK_INTERRUPTIBLE);`
			`schedule_timeout_interruptible(msecs_to_jiffies(100));`
			`if (signal_pending(current)) break;`
			`}`
			`return 0;`
			`}`

			`static int kcanaryInit(void)`
			`{`
			`kthread_run(&kcanary, NULL, "kcanary");`
			`return 0;`
			`}`

			`static void kcanaryExit(void)`
			`{`
			`kthread_stop(canaryTask);`
			`}`

			`module_init(kcanaryInit);`
			`module_exit(kcanaryExit);`
			`'';`

			`in lib.singleton kcanary;`

			`boot.initrd.kernelModules = [ "kcanary" ];`

			`boot.initrd.extraUtilsCommands = let`
runCommand: Use stdenvNoCC This ensures that most "trivial" derivations used to build NixOS configurations no longer depend on GCC. For commands that do invoke gcc, there is runCommandCC. 2016-09-27 16:36:16 +02:00			`compile = name: source: pkgs.runCommandCC name { inherit source; } ''`
nixos/tests: Add a test for boot stage 1 We already have a small regression test for #15226 within the swraid installer test. Unfortunately, we only check there whether the md kthread got signalled but not whether other rampaging processes are still alive that should have been killed. So in order to do this we provide multiple canary processes which are checked after the system has booted up: * canary1: It's a simple forking daemon which just sleeps until it's going to be killed. Of course we expect this process to not be alive anymore after boot up. * canary2: Similar to canary1, but tries to mimick a kthread to make sure that it's going to be properly killed at the end of stage 1. * canary3: Like canary2, but this time using a @ in front of its command name to actually prevent it from being killed. * kcanary: This one is a real kthread and it runs until killed, which shouldn't be the case. Tested with and without 67223ee and everything works as expected, at least on my machine. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 16:06:22 +02:00			`mkdir -p "$out/bin"`
			`echo "$source" \| gcc -Wall -o "$out/bin/$name" -xc -`
			`'';`

			`daemonize = name: source: compile name ''`
			`#include <stdio.h>`
			`#include <unistd.h>`

			`void runSource(void) {`
			`${source}`
			`}`

			`int main(void) {`
			`if (fork() > 0) return 0;`
			`setsid();`
			`runSource();`
			`return 1;`
			`}`
			`'';`

			`mkCmdlineCanary = { name, cmdline ? "", source ? "" }: (daemonize name ''`
			`char *argv[] = {"${cmdline}", NULL};`
			`execvp("${name}-child", argv);`
			`'') // {`
			`child = compile "${name}-child" ''`
			`#include <stdio.h>`
			`#include <unistd.h>`

			`int main(void) {`
			`${source}`
			`while (1) sleep(1);`
			`return 1;`
			`}`
			`'';`
			`};`

			`copyCanaries = with lib; concatMapStrings (canary: ''`
			`${optionalString (canary ? child) ''`
			`copy_bin_and_libs "${canary.child}/bin/${canary.child.name}"`
			`''}`
			`copy_bin_and_libs "${canary}/bin/${canary.name}"`
			`'');`

			`in copyCanaries [`
			`# Simple canary process which just sleeps forever and should be killed by`
			`# stage 2.`
			`(daemonize "canary1" "while (1) sleep(1);")`

			`# We want this canary process to try mimicking a kthread using a cmdline`
			`# with a zero length so we can make sure that the process is properly`
			`# killed in stage 1.`
			`(mkCmdlineCanary {`
			`name = "canary2";`
			`source = ''`
			`FILE *f;`
			`f = fopen("/run/canary2.pid", "w");`
			`fprintf(f, "%d\n", getpid());`
			`fclose(f);`
			`'';`
			`})`

			`# This canary process mimicks a storage daemon, which we do NOT want to be`
			`# killed before going into stage 2. For more on root storage daemons, see:`
			`# https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/`
			`(mkCmdlineCanary {`
			`name = "canary3";`
			`cmdline = "@canary3";`
			`})`
			`];`

			`boot.initrd.postMountCommands = ''`
			`canary1`
			`canary2`
			`canary3`
			`# Make sure the pidfile of canary 2 is created so that we still can get`
			`# its former pid after the killing spree starts next within stage 1.`
			`while [ ! -s /run/canary2.pid ]; do sleep 0.1; done`
			`'';`
			`};`

			`testScript = ''`
nixos/boot-stage1: port test to python 2019-11-05 13:48:02 +01:00			`machine.wait_for_unit("multi-user.target")`
			`machine.succeed("test -s /run/canary2.pid")`
			`machine.fail("pgrep -a canary1")`
			`machine.fail("kill -0 $(< /run/canary2.pid)")`
			`machine.succeed('pgrep -a -f "^@canary3$"')`
			`machine.succeed('pgrep -a -f "^kcanary$"')`
nixos/tests: Add a test for boot stage 1 We already have a small regression test for #15226 within the swraid installer test. Unfortunately, we only check there whether the md kthread got signalled but not whether other rampaging processes are still alive that should have been killed. So in order to do this we provide multiple canary processes which are checked after the system has booted up: * canary1: It's a simple forking daemon which just sleeps until it's going to be killed. Of course we expect this process to not be alive anymore after boot up. * canary2: Similar to canary1, but tries to mimick a kthread to make sure that it's going to be properly killed at the end of stage 1. * canary3: Like canary2, but this time using a @ in front of its command name to actually prevent it from being killed. * kcanary: This one is a real kthread and it runs until killed, which shouldn't be the case. Tested with and without 67223ee and everything works as expected, at least on my machine. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 16:06:22 +02:00			`'';`
nixos/tests/boot-stage1: Add myself to maintainers As @edolstra pointed out that the kernel module might be painful to maintain. I strongly disagree because it's only a small module and it's good to have such a canary in the tests no matter how the bootup process looks like, so I'm going the masochistic route and try to maintain it. If it really becomes too much maintenance burden, we can still drop or disable kcanary. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2016-05-06 21:32:21 +02:00
			`meta.maintainers = with pkgs.stdenv.lib.maintainers; [ aszlig ];`
			`})`