remove valgrind checks from //sandbox/linux

We have not supported valgrind for some time (it was never ported to the GN build IIUC, and has been obsoleted by ASan/MSan/TSan). Followup to https://chromium-review.googlesource.com/c/chromium/src/+/778881 BUG=791518 Change-Id: I3a03f033263e6477eddcc683b986635b6ff2c963 Reviewed-on: https://chromium-review.googlesource.com/805994 Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Cr-Commit-Position: refs/heads/master@{#521472}

remove valgrind checks from //sandbox/linux
We have not supported valgrind for some time (it was never ported to the GN build IIUC, and has been obsoleted by ASan/MSan/TSan). Followup to https://chromium-review.googlesource.com/c/chromium/src/+/778881 BUG=791518 Change-Id: I3a03f033263e6477eddcc683b986635b6ff2c963 Reviewed-on: https://chromium-review.googlesource.com/805994 Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Cr-Commit-Position: refs/heads/master@{#521472}
1a70fddf · Mostyn Bramley-Moore · Commit Bot · 3013728f · 1a70fddf · 1a70fddf
Commit 1a70fddf authored Dec 04, 2017 by Mostyn Bramley-Moore Committed by Commit Bot Dec 04, 2017
12 changed files
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
@@ -15,8 +15,6 @@
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/posix/eintr_wrapper.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
-#include "base/third_party/valgrind/valgrind.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/bpf_dsl/codegen.h"
 #include "sandbox/linux/bpf_dsl/policy.h"
@@ -122,12 +120,6 @@ SandboxBPF::~SandboxBPF() {

 // static
 bool SandboxBPF::SupportsSeccompSandbox(SeccompLevel level) {
-  // Never pretend to support seccomp with Valgrind, as it
-  // throws the tool off.
-  if (RunningOnValgrind()) {
-    return false;
-  }
-
  switch (level) {
    case SeccompLevel::SINGLE_THREADED:
      return KernelSupportsSeccompBPF();

--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
@@ -9,7 +9,6 @@
 #include <memory>

 #include "base/logging.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 #include "sandbox/linux/bpf_dsl/policy.h"
 #include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
@@ -44,9 +43,9 @@ void SandboxBPFTestRunner::Run() {
    bpf_tester_delegate_->RunTestFunction();
  } else {
    printf("This BPF test is not fully running in this configuration!\n");
-    // Android and Valgrind are the only configurations where we accept not
-    // having kernel BPF support.
-    if (!IsAndroid() && !RunningOnValgrind()) {
+    // Android is the only configuration where we accept not having kernel
+    // BPF support.
+    if (!IsAndroid()) {
      const bool seccomp_bpf_is_supported = false;
      SANDBOX_ASSERT(seccomp_bpf_is_supported);
    }

--- a/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
@@ -40,7 +40,7 @@ class BPFTesterDelegate {
 // run a test function (via |bpf_tester_delegate|) if the current kernel
 // configuration allows it. If it can not run the test under seccomp-bpf,
 // Run() will still compile the policy which should allow to get some coverage
-// under tools such as Valgrind.
+// under tools that behave like Valgrind.
 class SandboxBPFTestRunner : public SandboxTestRunner {
 public:
  // This constructor takes ownership of the |bpf_tester_delegate| object.

--- a/sandbox/linux/seccomp-bpf/syscall.h
+++ b/sandbox/linux/seccomp-bpf/syscall.h
@@ -28,7 +28,7 @@ class SANDBOX_EXPORT Syscall {
  // System calls can take up to six parameters (up to eight on some
  // architectures). Traditionally, glibc
  // implements this property by using variadic argument lists. This works, but
-  // confuses modern tools such as valgrind, because we are nominally passing
+  // confuses tools that behave like Valgrind, because we are nominally passing
  // uninitialized data whenever we call through this function and pass less
  // than the full six arguments.
  // So, instead, we use C++'s template system to achieve a very similar

--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -23,8 +23,6 @@
 #include "base/macros.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/process/launch.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
-#include "base/third_party/valgrind/valgrind.h"
 #include "build/build_config.h"
 #include "sandbox/linux/services/namespace_utils.h"
 #include "sandbox/linux/services/proc_util.h"
@@ -115,10 +113,10 @@ bool ChrootToSafeEmptyDir() {
 void CheckCloneNewUserErrno(int error) {
  // EPERM can happen if already in a chroot. EUSERS if too many nested
  // namespaces are used. EINVAL for kernels that don't support the feature.
-  // Valgrind will ENOSYS unshare().  ENOSPC can occur when the system has
-  // reached its maximum configured number of user namespaces.
+  // ENOSPC can occur when the system has reached its maximum configured
+  // number of user namespaces.
  PCHECK(error == EPERM || error == EUSERS || error == EINVAL ||
-         error == ENOSYS || error == ENOSPC);
+         error == ENOSPC);
 }

 // Converts a Capability to the corresponding Linux CAP_XXX value.
@@ -256,12 +254,6 @@ bool Credentials::HasCapability(Capability cap) {

 // static
 bool Credentials::CanCreateProcessInNewUserNS() {
-  // Valgrind will let clone(2) pass-through, but doesn't support unshare(),
-  // so always consider UserNS unsupported there.
-  if (RunningOnValgrind()) {
-    return false;
-  }
-
 #if defined(THREAD_SANITIZER)
  // With TSAN, processes will always have threads running and can never
  // enter a new user namespace with MoveToNewUserNS().

--- a/sandbox/linux/services/namespace_utils.cc
+++ b/sandbox/linux/services/namespace_utils.cc
@@ -20,8 +20,6 @@
 #include "base/posix/eintr_wrapper.h"
 #include "base/process/launch.h"
 #include "base/strings/safe_sprintf.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
-#include "base/third_party/valgrind/valgrind.h"

 namespace sandbox {

@@ -52,12 +50,6 @@ bool NamespaceUtils::WriteToIdMapFile(const char* map_file, generic_id_t id) {

 // static
 bool NamespaceUtils::KernelSupportsUnprivilegedNamespace(int type) {
-  // Valgrind will let clone(2) pass-through, but doesn't support unshare(),
-  // so always consider namespaces unsupported there.
-  if (RunningOnValgrind()) {
-    return false;
-  }
-
  // As of Linux 3.8, /proc/self/ns/* files exist for all namespace types. Since
  // user namespaces were added in 3.8, it is OK to rely on the existence of
  // /proc/self/ns/*.

--- a/sandbox/linux/services/syscall_wrappers.cc
+++ b/sandbox/linux/services/syscall_wrappers.cc
@@ -16,7 +16,6 @@

 #include "base/compiler_specific.h"
 #include "base/logging.h"
-#include "base/third_party/valgrind/valgrind.h"
 #include "build/build_config.h"
 #include "sandbox/linux/system_headers/capability.h"
 #include "sandbox/linux/system_headers/linux_signal.h"

--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
+++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
@@ -13,7 +13,6 @@

 #include "base/logging.h"
 #include "base/posix/eintr_wrapper.h"
-#include "base/third_party/valgrind/valgrind.h"
 #include "build/build_config.h"
 #include "sandbox/linux/system_headers/linux_signal.h"
 #include "sandbox/linux/tests/test_utils.h"

--- a/sandbox/linux/services/thread_helpers_unittests.cc
+++ b/sandbox/linux/services/thread_helpers_unittests.cc
@@ -14,7 +14,6 @@
 #include "base/macros.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/process/process_metrics.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 #include "base/threading/platform_thread.h"
 #include "base/threading/thread.h"
 #include "build/build_config.h"
@@ -30,13 +29,7 @@ namespace {
 // These tests fail under ThreadSanitizer, see http://crbug.com/342305
 #if !defined(THREAD_SANITIZER)

-int GetRaceTestIterations() {
-  if (RunningOnValgrind()) {
-    return 2;
-  } else {
-    return 1000;
-  }
-}
+const int kRaceTestIterations = 1000;

 class ScopedProc {
 public:
@@ -81,7 +74,7 @@ TEST(ThreadHelpers, IsSingleThreadedIterated) {
  ASSERT_TRUE(ThreadHelpers::IsSingleThreaded(proc_fd.fd()));

  // Iterate to check for race conditions.
-  for (int i = 0; i < GetRaceTestIterations(); ++i) {
+  for (int i = 0; i < kRaceTestIterations; ++i) {
    base::Thread thread("sandbox_tests");
    ASSERT_TRUE(
        ThreadHelpers::StartThreadAndWatchProcFS(proc_fd.fd(), &thread));
@@ -98,7 +91,7 @@ TEST(ThreadHelpers, IsSingleThreadedStartAndStop) {
  base::Thread thread("sandbox_tests");
  // This is testing for a race condition, so iterate.
  // Manually, this has been tested with more that 1M iterations.
-  for (int i = 0; i < GetRaceTestIterations(); ++i) {
+  for (int i = 0; i < kRaceTestIterations; ++i) {
    ASSERT_TRUE(
        ThreadHelpers::StartThreadAndWatchProcFS(proc_fd.fd(), &thread));
    ASSERT_FALSE(ThreadHelpers::IsSingleThreaded(proc_fd.fd()));
@@ -116,7 +109,7 @@ SANDBOX_TEST(ThreadHelpers, AssertSingleThreadedAfterThreadStopped) {
  base::Thread thread1("sandbox_tests");
  base::Thread thread2("sandbox_tests");

-  for (int i = 0; i < GetRaceTestIterations(); ++i) {
+  for (int i = 0; i < kRaceTestIterations; ++i) {
    SANDBOX_ASSERT(
        ThreadHelpers::StartThreadAndWatchProcFS(proc_fd.fd(), &thread1));
    SANDBOX_ASSERT(

--- a/sandbox/linux/syscall_broker/broker_host.cc
+++ b/sandbox/linux/syscall_broker/broker_host.cc
@@ -23,8 +23,6 @@
 #include "base/pickle.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/posix/unix_domain_socket.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
-#include "base/third_party/valgrind/valgrind.h"
 #include "sandbox/linux/syscall_broker/broker_common.h"
 #include "sandbox/linux/syscall_broker/broker_policy.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"
@@ -41,10 +39,6 @@ namespace {
 int sys_open(const char* pathname, int flags) {
  // Hardcode mode to rw------- when creating files.
  int mode = (flags & O_CREAT) ? 0600 : 0;
-  if (RunningOnValgrind()) {
-    // Valgrind does not support AT_FDCWD, just use libc's open() in this case.
-    return open(pathname, flags, mode);
-  }
  return syscall(__NR_openat, AT_FDCWD, pathname, flags, mode);
 }


--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
+++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
@@ -525,8 +525,6 @@ SANDBOX_TEST_ALLOW_NOISE(BrokerProcess, MAYBE_RecvMsgDescriptorLeak) {
      *std::max_element(available_fds,
                        available_fds + arraysize(available_fds));

-  // Valgrind doesn't allow changing the hard descriptor limit, so we only
-  // change the soft descriptor limit here.
  struct rlimit rlim;
  SANDBOX_ASSERT(0 == getrlimit(RLIMIT_NOFILE, &rlim));
  SANDBOX_ASSERT(fd_limit <= rlim.rlim_cur);

--- a/sandbox/linux/tests/unit_tests.cc
+++ b/sandbox/linux/tests/unit_tests.cc
@@ -17,8 +17,6 @@
 #include "base/debug/leak_annotations.h"
 #include "base/files/file_util.h"
 #include "base/posix/eintr_wrapper.h"
-#include "base/third_party/dynamic_annotations/dynamic_annotations.h"
-#include "base/third_party/valgrind/valgrind.h"
 #include "build/build_config.h"
 #include "sandbox/linux/tests/unit_tests.h"

@@ -179,13 +177,9 @@ void UnitTests::RunTestInProcess(SandboxTestRunner* test_runner,
    SANDBOX_ASSERT(!close(fds[0]));
    SANDBOX_ASSERT(!close(fds[1]));

-    // Don't set a timeout if running on Valgrind, since it's generally much
-    // slower.
-    if (!RunningOnValgrind()) {
 #if !defined(OS_NACL_NONSFI)
-      SetProcessTimeout(GetSubProcessTimeoutTimeInSeconds());
+    SetProcessTimeout(GetSubProcessTimeoutTimeInSeconds());
 #endif
-    }

    // Disable core files. They are not very useful for our individual test
    // cases.