matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
25a0ce5eb1
sonic-buildimage/dockers/docker-orchagent/Dockerfile.j2
Oleksandr Ivantsiv 25a0ce5eb1
[asan] Add address sanitizer support. (#9857) 
Implement infrastructure that allows enabling address sanitizer
for docker containers. Enable address sanitizer for SWSS container.

- Why I did it
To add a possibility to compile SONiC applications with address sanitizer (ASAN).
ASAN is a memory error detector for C/C++. It finds:
1. Use after free (dangling pointer dereference)
2. Heap buffer overflow
3. Stack buffer overflow
4. Global buffer overflow
5. Use after return
6. Use after the scope
7. Initialization order bugs
8. Memory leaks

- How I did it
By adding new ENABLE_ASAN configuration option.

- How to verify it
By default ASAN is disabled and the SONiC image is not affected.
When ASAN is enabled it inspects all allocation, deallocation, and memory usage that the application does in run time. To verify whether the application has memory errors tests that trigger memory usage of the application should be run. Ideally, the whole regression tests should be run. Memory leaks reports will be placed in /var/log/asan/ directory of SONiC host OS.

Signed-off-by: Oleksandr Ivantsiv <oivantsiv@nvidia.com>
2022-02-09 13:29:18 +02:00

84 lines
2.8 KiB
Django/Jinja
Executable File
Raw Blame History

{% from "dockers/dockerfile-macros.j2" import install_debian_packages, install_python_wheels, copy_files %}
FROM docker-swss-layer-buster
ARG docker_container_name
RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf
# Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
apt-get install -f -y \
ifupdown \
arping \
iproute2 \
ndisc6 \
tcpdump \
libelf1 \
libmnl0 \
bridge-utils \
conntrack \
ndppd \
pciutils \
# Needed for installing netifaces Python package
build-essential \
python3-dev
{% if ( CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" ) %}
# Fix for gcc/python/iputils-ping not found in arm docker
RUN apt-get install -f -y python2.7 python2.7-dev
RUN apt-get install -y \
gcc-8 \
iputils-ping
{% endif %}
{% if CONFIGURED_ARCH == "armhf" %}
RUN ln -s -f /usr/bin/gcc-8 /usr/bin/arm-linux-gnueabihf-gcc
{% endif %}
{% if CONFIGURED_ARCH == "arm64" %}
RUN ln -s -f /usr/bin/gcc-8 /usr/bin/aarch64-linux-gnu-gcc
{% endif %}
# Dependencies of restore_neighbors.py
RUN pip3 install \
scapy==2.4.4 \
pyroute2==0.5.14 \
netifaces==0.10.9
{% if ( CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" ) %}
# Remove installed gcc
RUN apt-get remove -y gcc-8
{% endif %}
{% if docker_orchagent_debs.strip() -%}
# Copy locally-built Debian package dependencies
{{ copy_files("debs/", docker_orchagent_debs.split(' '), "/debs/") }}
# Install locally-built Debian packages and implicitly install their dependencies
{{ install_debian_packages(docker_orchagent_debs.split(' ')) }}
{%- endif %}
# Clean up
RUN apt-get purge -y \
build-essential \
python3-dev && \
apt-get clean -y && \
apt-get autoclean -y && \
apt-get autoremove -y && \
rm -rf /debs
COPY ["files/arp_update", "/usr/bin"]
COPY ["arp_update.conf", "files/arp_update_vars.j2", "/usr/share/sonic/templates/"]
COPY ["ndppd.conf", "/usr/share/sonic/templates/"]
COPY ["enable_counters.py", "tunnel_packet_handler.py", "/usr/bin/"]
COPY ["orchagent.sh", "swssconfig.sh", "buffermgrd.sh", "/usr/bin/"]
COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
# Copy all Jinja2 template files into the templates folder
COPY ["*.j2", "/usr/share/sonic/templates/"]
RUN sonic-cfggen -a "{\"ENABLE_ASAN\":\"{{ENABLE_ASAN}}\"}" -t /usr/share/sonic/templates/docker-init.j2 > /usr/bin/docker-init.sh
RUN rm -f /usr/share/sonic/templates/docker-init.j2
RUN chmod 755 /usr/bin/docker-init.sh
ENTRYPOINT ["/usr/bin/docker-init.sh"]
Reference in New Issue View Git Blame Copy Permalink