update(ci): enable sanitizers in e2e tests, use new options

Signed-off-by: Luca Guerra <[email protected]>
falcosecurity · Mar 5, 2024 · 79bf5ff · 79bf5ff
1 parent 0fc1ba1
commit 79bf5ff
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 8 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,8 +32,7 @@ jobs:
           - name: system_deps_minimal
             cmake_opts: -DBUILD_WARNINGS_AS_ERRORS=On -DUSE_BUNDLED_DEPS=False -DMINIMAL_BUILD=True
           - name: sanitizers
-            cmake_opts: -DCMAKE_C_FLAGS="-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=undefined" -DCMAKE_CXX_FLAGS="-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=undefined" -DUSE_BUNDLED_DEPS=False
-            ldflags: -lpthread
+            cmake_opts: -DUSE_ASAN=On -DUSE_UBSAN=On -DUSE_BUNDLED_DEPS=False
     container:
       image: debian:buster
     steps:
@@ -59,7 +58,7 @@ jobs:
           UBSAN_OPTIONS: print_stacktrace=1
         run: |
           mkdir -p build
-          cd build && LDFLAGS="${{ matrix.ldflags }}" cmake ${{ matrix.cmake_opts }} ../
+          cd build && cmake ${{ matrix.cmake_opts }} ../
           KERNELDIR=/lib/modules/$(ls /lib/modules)/build make -j4
           make run-unit-tests
 

diff --git a/.github/workflows/e2e_ci.yml b/.github/workflows/e2e_ci.yml
@@ -82,6 +82,8 @@ jobs:
             cmake \
                 -DBUILD_BPF=ON \
                 -DUSE_BUNDLED_DEPS=OFF \
+                -DUSE_ASAN=ON \
+                -DUSE_UBSAN=ON \
                 -DENABLE_LIBSINSP_E2E_TESTS=ON \
                 -DBUILD_LIBSCAP_MODERN_BPF=ON \
                 -DBUILD_LIBSCAP_GVISOR=OFF \
@@ -92,14 +94,18 @@ jobs:
 
       - name: Run e2e tests with ${{ matrix.driver.name }} 🏎️
         if: matrix.arch == 'amd64'
+        env:
+          UBSAN_OPTIONS: print_stacktrace=1
         run: |
           cd build/test/libsinsp_e2e/
-          sudo ./libsinsp_e2e_tests ${{ matrix.driver.option }}
+          sudo -E ./libsinsp_e2e_tests ${{ matrix.driver.option }}
 
         # the actuated arm64 workers doesn't have the CONFIG_QFMT_V2 flag
         # which is needed for the quotactl_ok test (cmd=QQUOTA_ON + id=QFMT_VFS_V0).
       - name: Run e2e tests with ${{ matrix.driver.name }} 🏎️
         if: matrix.arch == 'arm64'
+        env:
+          UBSAN_OPTIONS: print_stacktrace=1
         run: |
           cd build/test/libsinsp_e2e/
-          sudo ./libsinsp_e2e_tests ${{ matrix.driver.option }} --gtest_filter=-sys_call_test.quotactl_ok
+          sudo -E ./libsinsp_e2e_tests ${{ matrix.driver.option }} --gtest_filter=-sys_call_test.quotactl_ok
diff --git a/cmake/modules/CompilerFlags.cmake b/cmake/modules/CompilerFlags.cmake
@@ -57,15 +57,14 @@ if(NOT MSVC)
 
 	if(USE_ASAN)
 		set(FALCOSECURITY_LIBS_USERSPACE_COMPILE_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_COMPILE_FLAGS};-fsanitize=address")
-		set(FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS};-fsanitize=address")
+		set(FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS};-fsanitize=address;-lpthread")
 	endif()
 
 	if(USE_UBSAN)
 		set(FALCOSECURITY_LIBS_USERSPACE_COMPILE_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_COMPILE_FLAGS};-fsanitize=undefined")
-		set(FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS};-fsanitize=address")
+		set(FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS};-fsanitize=undefined")
 		if(UBSAN_HALT_ON_ERROR)
 			set(FALCOSECURITY_LIBS_USERSPACE_COMPILE_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_COMPILE_FLAGS};-fno-sanitize-recover=undefined")
-			set(FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS "${FALCOSECURITY_LIBS_USERSPACE_LINK_FLAGS};-fsanitize=address")
 		endif()
 	endif()