search

google / syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer
Apache License 2.0
5.41k stars 1.23k forks source link

vm/gvisor: config supporting limiting cpu and memory #2485

Open zjuchenyuan opened 3 years ago

zjuchenyuan commented 3 years ago

In fuzzing experiment evaluation, it's important to limit the resource one fuzzing instance can use, to avoid negatively impact other parallel instances running on the same host.

So, I propose changing vm/gvisor/gvisor.go configTempl to include settings for cpu and memory limitation.

https://github.com/google/syzkaller/blob/26967e354e030f6a022b7a60a7c9899ec25923aa/vm/gvisor/gvisor.go#L381-L399

For example, to limit each fuzzing container to only occupy 2 cpus and 4GB memory, adding this config to configTempl: (extracted from config.json generated by docker run -it --rm --runtime=runsc --cpus 2 -m 4gb ubuntu)

"linux": {
    "resources": {
        "memory": {
            "limit": 4294967296,
            "disableOOMKiller": false
        },
        "cpu": {
            "shares": 0,
            "quota": 200000,
            "period": 100000
        }
    }
}

I'm wondering is this configTempl is the right place to do the limiting? Or better ways to limit the resource a fuzzing can occupy?

dvyukov commented 3 years ago

CC @avagin @dean-deng

Sounds reasonable to me.

avagin commented 3 years ago

Sounds reasonable to me too.