From fdb70dd9222219307ca53662e789fc9304ca3616 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 7 Jul 2022 14:12:38 +0200
Subject: [PATCH 1/4] test: create an ASan wrapper for `getent` and `su`

since they "suffer" from the same issue as `login` and other binaries
that load PAM stuff
---
 test/test-functions | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/test-functions b/test/test-functions
index acb09c20be..8d24ccf573 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -2482,9 +2482,9 @@ inst_binary() {
 
     # Same as above, but we need to wrap certain libraries unconditionally
     #
-    # login, useradd, userdel - dlopen()s (not only) systemd's PAM modules
+    # getent, login, su, useradd, userdel - dlopen()s (not only) systemd's PAM modules
     # tar - called by machinectl in TEST-25
-    if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(login|tar|useradd|userdel)$ ]]; then
+    if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(getent|login|su|tar|useradd|userdel)$ ]]; then
         wrap_binary=1
     fi
 

From 98b27937cb02dac98d8a9f0c48ba677b45df0831 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 7 Jul 2022 14:13:32 +0200
Subject: [PATCH 2/4] test: bump the data partition size if we don't strip
 binaries

so we can run TEST-24 under sanitizers as well.

Also, when at it, use the 'named-fields' sfdisk format to make the code
a bit more descriptive without needing a manual.
---
 test/test-functions | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/test/test-functions b/test/test-functions
index 8d24ccf573..4a9f3322e3 100644
--- a/test/test-functions
+++ b/test/test-functions
@@ -1246,33 +1246,38 @@ create_empty_image() {
         exit 1
     fi
 
-    local size=500
+    # Partition sizes are in MiBs
+    local root_size=500
+    local data_size=50
     if ! get_bool "$NO_BUILD"; then
         if meson configure "${BUILD_DIR:?}" | grep 'static-lib\|standalone-binaries' | awk '{ print $2 }' | grep -q 'true'; then
-            size=$((size+=200))
+            root_size=$((root_size+=200))
         fi
         if meson configure "${BUILD_DIR:?}" | grep 'link-.*-shared' | awk '{ print $2 }' | grep -q 'false'; then
-            size=$((size+=200))
+            root_size=$((root_size+=200))
         fi
         if get_bool "$IS_BUILT_WITH_COVERAGE"; then
-            size=$((size+=250))
+            root_size=$((root_size+=250))
         fi
     fi
     if ! get_bool "$STRIP_BINARIES"; then
-        size=$((4 * size))
+        root_size=$((4 * root_size))
+        data_size=$((2 * data_size))
     fi
 
-    echo "Setting up ${IMAGE_PUBLIC:?} (${size} MB)"
+    echo "Setting up ${IMAGE_PUBLIC:?} (${root_size} MB)"
     rm -f "${IMAGE_PRIVATE:?}" "$IMAGE_PUBLIC"
 
     # Create the blank file to use as a root filesystem
-    truncate -s "${size}M" "$IMAGE_PUBLIC"
+    truncate -s "${root_size}M" "$IMAGE_PUBLIC"
 
     LOOPDEV=$(losetup --show -P -f "$IMAGE_PUBLIC")
     [ -b "$LOOPDEV" ] || return 1
+    # Create two partitions - a root one and a data one (utilized by some tests)
     sfdisk "$LOOPDEV" <<EOF
-,$((size - 50))M,L,*
-,
+label: gpt
+type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 name=root size=$((root_size - data_size))M bootable
+type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 name=data
 EOF
 
     udevadm settle

From 1e429729589e0e17158727694c8d1e9c3d42466b Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 7 Jul 2022 16:56:42 +0200
Subject: [PATCH 3/4] test: make TEST-64 a bit more ASan friendly

Reduce the number of iterations in some of the test cases, since they
generate a huge amount of uevents and basically DoS udev (which can't
keep up while being slowed down by ASan). To avoid this, let's reduce
the number of iterations and bump the timeout when running under ASan,
since we're not interested in performance in such cases.
---
 test/units/testsuite-64.sh | 40 ++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/test/units/testsuite-64.sh b/test/units/testsuite-64.sh
index cabbad2db5..3d0995b2f2 100755
--- a/test/units/testsuite-64.sh
+++ b/test/units/testsuite-64.sh
@@ -153,7 +153,7 @@ EOF
 }
 
 testcase_simultaneous_events() {
-    local blockdev part partscript
+    local blockdev iterations part partscript timeout
 
     blockdev="$(readlink -f /dev/disk/by-id/scsi-*_deadbeeftest)"
     partscript="$(mktemp)"
@@ -176,12 +176,19 @@ EOF
     #
     # On unpatched udev versions the delete-recreate cycle may trigger a race
     # leading to dead symlinks in /dev/disk/
-    for i in {1..100}; do
+    iterations=100
+    timeout=30
+    if [[ -n "${ASAN_OPTIONS:-}" ]]; then
+        iterations=10
+        timeout=180
+    fi
+
+    for ((i = 1; i <= iterations; i++)); do
         udevadm lock --device="$blockdev" sfdisk -q --delete "$blockdev"
         udevadm lock --device="$blockdev" sfdisk -q -X gpt "$blockdev" <"$partscript"
 
         if ((i % 10 == 0)); then
-            udevadm wait --settle --timeout=30 "$blockdev"
+            udevadm wait --settle --timeout="$timeout" "$blockdev"
             helper_check_device_symlinks
         fi
     done
@@ -190,12 +197,13 @@ EOF
 }
 
 testcase_lvm_basic() {
-    local i part
+    local i iterations part timeout
     local vgroup="MyTestGroup$RANDOM"
     local devices=(
         /dev/disk/by-id/ata-foobar_deadbeeflvm{0..3}
     )
 
+    [[ -n "${ASAN_OPTIONS:-}" ]] && timeout=180 || timeout=30
     # Make sure all the necessary soon-to-be-LVM devices exist
     ls -l "${devices[@]}"
 
@@ -209,42 +217,44 @@ testcase_lvm_basic() {
     lvm lvcreate -y -L 4M "$vgroup" -n mypart1
     lvm lvcreate -y -L 8M "$vgroup" -n mypart2
     lvm lvs
-    udevadm wait --settle --timeout=30 "/dev/$vgroup/mypart1" "/dev/$vgroup/mypart2"
+    udevadm wait --settle --timeout="$timeout" "/dev/$vgroup/mypart1" "/dev/$vgroup/mypart2"
     mkfs.ext4 -L mylvpart1 "/dev/$vgroup/mypart1"
-    udevadm wait --settle --timeout=30 "/dev/disk/by-label/mylvpart1"
+    udevadm wait --settle --timeout="$timeout" "/dev/disk/by-label/mylvpart1"
     helper_check_device_symlinks "/dev/disk" "/dev/$vgroup"
 
     # Disable the VG and check symlinks...
     lvm vgchange -an "$vgroup"
-    udevadm wait --settle --timeout=30 --removed "/dev/$vgroup" "/dev/disk/by-label/mylvpart1"
+    udevadm wait --settle --timeout="$timeout" --removed "/dev/$vgroup" "/dev/disk/by-label/mylvpart1"
     helper_check_device_symlinks "/dev/disk"
 
     # reenable the VG and check the symlinks again if all LVs are properly activated
     lvm vgchange -ay "$vgroup"
-    udevadm wait --settle --timeout=30 "/dev/$vgroup/mypart1" "/dev/$vgroup/mypart2" "/dev/disk/by-label/mylvpart1"
+    udevadm wait --settle --timeout="$timeout" "/dev/$vgroup/mypart1" "/dev/$vgroup/mypart2" "/dev/disk/by-label/mylvpart1"
     helper_check_device_symlinks "/dev/disk" "/dev/$vgroup"
 
     # Same as above, but now with more "stress"
-    for i in {1..50}; do
+    [[ -n "${ASAN_OPTIONS:-}" ]] && iterations=10 || iterations=50
+    for ((i = 1; i <= iterations; i++)); do
         lvm vgchange -an "$vgroup"
         lvm vgchange -ay "$vgroup"
 
         if ((i % 5 == 0)); then
-            udevadm wait --settle --timeout=30 "/dev/$vgroup/mypart1" "/dev/$vgroup/mypart2" "/dev/disk/by-label/mylvpart1"
+            udevadm wait --settle --timeout="$timeout" "/dev/$vgroup/mypart1" "/dev/$vgroup/mypart2" "/dev/disk/by-label/mylvpart1"
             helper_check_device_symlinks "/dev/disk" "/dev/$vgroup"
         fi
     done
 
     # Remove the first LV
     lvm lvremove -y "$vgroup/mypart1"
-    udevadm wait --settle --timeout=30 --removed "/dev/$vgroup/mypart1"
+    udevadm wait --settle --timeout="$timeout" --removed "/dev/$vgroup/mypart1"
     udevadm wait --timeout=0 "/dev/$vgroup/mypart2"
     helper_check_device_symlinks "/dev/disk" "/dev/$vgroup"
 
     # Create & remove LVs in a loop, i.e. with more "stress"
-    for i in {1..16}; do
+    [[ -n "${ASAN_OPTIONS:-}" ]] && iterations=8 || iterations=16
+    for ((i = 1; i <= iterations; i++)); do
         # 1) Create 16 logical volumes
-        for part in {0..15}; do
+        for ((part = 0; part < 16; part++)); do
             lvm lvcreate -y -L 4M "$vgroup" -n "looppart$part"
         done
 
@@ -254,8 +264,8 @@ testcase_lvm_basic() {
         # 3) On every 4th iteration settle udev and check if all partitions are
         #    indeed gone, and if all symlinks are still valid
         if ((i % 4 == 0)); then
-            for part in {0..15}; do
-                udevadm wait --settle --timeout=30 --removed "/dev/$vgroup/looppart$part"
+            for ((part = 0; part < 16; part++)); do
+                udevadm wait --settle --timeout="$timeout" --removed "/dev/$vgroup/looppart$part"
             done
             helper_check_device_symlinks "/dev/disk" "/dev/$vgroup"
         fi

From 8fec14a7d397f52b93024bf3417de8f77b0d85e6 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 7 Jul 2022 17:16:31 +0200
Subject: [PATCH 4/4] test: use PBKDF2 with capped iterations instead of Argon2

to reduce the amount of resources the test needs (similarly to TEST-24
where we do the same thing).
---
 test/units/testsuite-70.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh
index f395ef4e5e..09f78a0226 100755
--- a/test/units/testsuite-70.sh
+++ b/test/units/testsuite-70.sh
@@ -9,7 +9,7 @@ export SYSTEMD_LOG_LEVEL=debug
 img="/var/tmp/test.img"
 dd if=/dev/zero of=$img bs=1024k count=20 status=none
 echo -n passphrase >/tmp/passphrase
-cryptsetup luksFormat -q --use-urandom $img /tmp/passphrase
+cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom $img /tmp/passphrase
 
 # Enroll unlock with default PCR policy
 env PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto $img