Do not crash when creating thread group with already-exceeded soft CP…

…U limit. Reported-by: [email protected] PiperOrigin-RevId: 698982765
google · Nov 22, 2024 · e6f1b65 · e6f1b65
1 parent b15656d
commit e6f1b65
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 1 deletion.
diff --git a/pkg/sentry/kernel/task_acct.go b/pkg/sentry/kernel/task_acct.go
@@ -148,7 +148,9 @@ type rlimitCPUSoftListener struct {
 
 // NotifyTimer implements ktime.Listener.NotifyTimer.
 func (l *rlimitCPUSoftListener) NotifyTimer(exp uint64) {
-	l.tg.appSysCPUClockLast.Load().SendGroupSignal(SignalInfoPriv(linux.SIGXCPU))
+	if t := l.tg.appSysCPUClockLast.Load(); t != nil { // May be nil during thread group creation.
+		t.SendGroupSignal(SignalInfoPriv(linux.SIGXCPU))
+	}
 }
 
 // +stateify savable

diff --git a/test/syscalls/linux/timers.cc b/test/syscalls/linux/timers.cc
@@ -298,6 +298,47 @@ TEST(TimerTest, RlimitCpuInheritedAcrossFork) {
       << "status = " << status;
 }
 
+TEST(TimerTest, RlimitCpuSoftLimitExceededOnFork) {
+  pid_t child_pid = fork();
+  MaybeSave();
+  if (child_pid == 0) {
+    // Ignore SIGXCPU from the RLIMIT_CPU soft limit.
+    struct sigaction new_action;
+    new_action.sa_handler = NoopSignalHandler;
+    new_action.sa_flags = 0;
+    sigemptyset(&new_action.sa_mask);
+    TEST_PCHECK(sigaction(SIGXCPU, &new_action, nullptr) == 0);
+
+    // Set hard limit to expire a short time from now.
+    constexpr int kDelaySeconds = 2;
+    struct timespec ts;
+    TEST_PCHECK(clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &ts) == 0);
+    struct rlimit cpu_limits;
+    cpu_limits.rlim_cur = ts.tv_sec;  // Exceeded immediately.
+    cpu_limits.rlim_max = ts.tv_sec + kDelaySeconds + 1;
+    TEST_PCHECK(setrlimit(RLIMIT_CPU, &cpu_limits) == 0);
+    MaybeSave();
+    pid_t grandchild_pid = fork();
+    MaybeSave();
+    if (grandchild_pid == 0) {
+      _exit(0);
+    }
+    TEST_PCHECK(grandchild_pid > 0);
+    int status;
+    ASSERT_THAT(waitpid(grandchild_pid, &status, 0),
+                SyscallSucceedsWithValue(grandchild_pid));
+    EXPECT_TRUE(WIFEXITED(status) && (WEXITSTATUS(status) == 0))
+        << "grandchild status = " << status;
+    _exit(0);
+  }
+
+  int status;
+  ASSERT_THAT(waitpid(child_pid, &status, 0),
+              SyscallSucceedsWithValue(child_pid));
+  EXPECT_TRUE(WIFEXITED(status) && (WEXITSTATUS(status) == 0))
+      << "child status = " << status;
+}
+
 // See timerfd.cc:TimerSlack() for rationale.
 constexpr absl::Duration kTimerSlack = absl::Milliseconds(500);