From patchwork Mon Dec 19 19:27:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Noah Goldstein X-Patchwork-Id: 62167 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2A5023857C5A for ; Mon, 19 Dec 2022 19:27:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2A5023857C5A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1671478077; bh=L/ERi+JJPpxiN1t6RvqfBnenJEdl8GuGNMxDAD2nz0M=; h=To:Cc:Subject:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=ZtXd/oD1gGec+TRZKrGlGzo9WUpIRU1NjB70WKI4RiYvnWhsFyD+cu/pNGw+hz3Ac QMGck8z+XPYb/YpXDgpj6WzKwYdhTxqfDnPYsOvBBglEmcxORShoDgfdX2mGjBWU0s 4ZcteJIRuQ9fqxGny/dpqeKUCeFOK4g5Ab6LJWLY= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id 71D8E3858436 for ; Mon, 19 Dec 2022 19:27:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 71D8E3858436 Received: by mail-ej1-x629.google.com with SMTP id kw15so23949827ejc.10 for ; Mon, 19 Dec 2022 11:27:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=L/ERi+JJPpxiN1t6RvqfBnenJEdl8GuGNMxDAD2nz0M=; b=hBONeeDfp+RZ1u9/lovihCJSRcs/lMNI1bAJb6HTCkOMMD8ObkJX03k34fVVBPgHCy uqeT5ki3knXl8Mnyf/VIUxkMPWyQC2bz9iYQkUXx7tKyMosPJyHHtqgOEhZr935mdatq G+WmOh8XMxep1erzKWf4AJ3V+ZZUn8gUFEoKqZyqNp6vpoF57FO08E967JQWAHPKUDmJ vVHYoJWqRrf6cuDvC4JRU/T6GYHEurNNJr/1209mP9RczXp1K/w1+wJj6+QERIlkNOkV 1i+ZBYTjH1cGFjK9j3Mli5zSKVZdo73Y7DgB1gUWWECzKkEz76l33QfKg5rplMMRcgP+ /eTA== X-Gm-Message-State: ANoB5pk4bOVcqB4G/LYa9qVVcbFpeZxFaeBiMgnFOK4AONswaMB+SnPC JOBnqnFy817OcuhjVdABl4rzw3ND6CU= X-Google-Smtp-Source: AA0mqf4Hl1uoJ8aTFqoyBcL34NRsO2ovLvi50EVOg+hoCtjV5AE4YUJF1ieHW5SPs2uieBOwaDFOug== X-Received: by 2002:a17:907:c586:b0:7c1:700:9c4b with SMTP id tr6-20020a170907c58600b007c107009c4bmr47297353ejc.75.1671478052914; Mon, 19 Dec 2022 11:27:32 -0800 (PST) Received: from noahgold-desk.webpass.net ([192.55.55.54]) by smtp.gmail.com with ESMTPSA id rs13-20020a170907036d00b0077a1dd3e7b7sm4766208ejb.102.2022.12.19.11.27.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Dec 2022 11:27:32 -0800 (PST) To: libc-alpha@sourceware.org Cc: goldstein.w.n@gmail.com, hjl.tools@gmail.com, carlos@systemhalted.org Subject: [PATCH v1 2/2] nptl: Add a testcase for inputs racey to {w}memcmp{eq} BZ #29863 Date: Mon, 19 Dec 2022 11:27:26 -0800 Message-Id: <20221219192726.999818-2-goldstein.w.n@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221219192726.999818-1-goldstein.w.n@gmail.com> References: <20221219192726.999818-1-goldstein.w.n@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-11.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_NUMSUBJECT, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Noah Goldstein via Libc-alpha From: Noah Goldstein Reply-To: Noah Goldstein Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Add test that modifies data as {w}memcmp{eq} runs (creating a race condition). Failures from this tests do not inherently mean the {w}memcmp{eq} implementation is buggy, but is at the very least something we should be aware of. Success is no SIGSEGV. Failure is a SIGSEGV. Verified test failed 10/10 times without: commit b712be52645282c706a5faa038242504feb06db5 Author: Noah Goldstein Date: Wed Dec 14 10:52:10 2022 -0800 x86: Prevent SIGSEGV in memcmp-sse2 when data is concurrently modified [BZ #29863] And passes with the fix. --- nptl/Makefile | 7 ++ nptl/tst-memcmp-race.c | 149 +++++++++++++++++++++++++++++++++++++++ nptl/tst-memcmpeq-race.c | 19 +++++ nptl/tst-wmemcmp-race.c | 20 ++++++ 4 files changed, 195 insertions(+) create mode 100644 nptl/tst-memcmp-race.c create mode 100644 nptl/tst-memcmpeq-race.c create mode 100644 nptl/tst-wmemcmp-race.c diff --git a/nptl/Makefile b/nptl/Makefile index fc955cd604..5f56bdc80a 100644 --- a/nptl/Makefile +++ b/nptl/Makefile @@ -285,6 +285,8 @@ tests = \ tst-exec4 \ tst-exec5 \ tst-initializers1 $(addprefix tst-initializers1-,c89 gnu89 c99 gnu99 c11 gnu11) \ + tst-memcmp-race \ + tst-memcmpeq-race \ tst-minstack-cancel \ tst-minstack-exit \ tst-minstack-throw \ @@ -348,8 +350,13 @@ tests = \ tst-thread_local1 \ tst-tsd3 \ tst-tsd4 \ + tst-wmemcmp-race \ # tests +CFLAGS-tst-memcmp-race.c += -O0 +CFLAGS-tst-memcmpeq-race.c += -O0 +CFLAGS-tst-wmemcmp-race.c += -O0 + tests-nolibpthread = \ tst-pthread_exit-nothreads \ tst-pthread_exit-nothreads-static \ diff --git a/nptl/tst-memcmp-race.c b/nptl/tst-memcmp-race.c new file mode 100644 index 0000000000..56e62b2f7b --- /dev/null +++ b/nptl/tst-memcmp-race.c @@ -0,0 +1,149 @@ +/* Test case for memcmp with race condition. + Copyright (C) 2022 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* Verify that there is no segfault when one thread is updating the + memory block of memcmp and the other thread is doing memcmp. + + NOTE: This test failing does not automatically mean the + {w}memcmp{eq} is incorrect. This is testing UB and behavior that + is supported. That being said, users may expect that the mem* + functions never access out of bounds data (even with data races) + and we should be aware of the cases when we do. */ + +#define TEST_MAIN +#define MIN_PAGE_SIZE 4096 + +#ifdef TEST_MEMCMPEQ +# define MEMCMP __memcmpeq +# define TEST_NAME "__memcmpeq" +#elif defined WIDE +# define MEMCMP wmemcmp +# define TEST_NAME "wmemcmp" +#else +# define MEMCMP memcmp +# define TEST_NAME "memcmp" +#endif + +#ifdef WIDE +# define MEMSET wmemset +# define CHAR wchar_t +#else +# define MEMSET memset +# define CHAR char +#endif + +#include +#include +#include +#include +#include + +#define NUM_THREADS 2 +#define LOOP1 10000 +#define LOOP2 1000000 + +typedef int (*proto_t) (const CHAR *, const CHAR *, size_t); + +IMPL (MEMCMP, 1) + +struct arg +{ + proto_t func; + CHAR *a; + CHAR *b; + size_t len; + size_t wpos; + int todo; +}; + +static void * +childThread (void *tArgs) +{ + struct arg *args = (struct arg *) tArgs; + int i; + if (0 == args->todo % 2) + { + for (i = 0; i < LOOP1; i++) + { + volatile int result = args->func (args->a, args->b, args->len); + (void)(result); + } + } + else + { + for (i = 0; i < LOOP2; i++) + args->a[args->wpos] = i & 1; + args->a[args->wpos] = 1; + } + return NULL; +} + +static void +do_one_test (proto_t func, size_t len) +{ + int r; + if (len * sizeof (CHAR) > page_size) + return; + for (r = 0; r < 2; ++r) + { + size_t wpos; + for (wpos = 1; wpos < 128 && wpos <= len; wpos = wpos + wpos + 1) + { + int i; + size_t off; + pthread_t threads[NUM_THREADS]; + struct arg a[NUM_THREADS]; + + off = r ? (page_size - len * sizeof (CHAR)) : 0; + for (i = 0; i < NUM_THREADS; ++i) + { + a[i].func = func; + a[i].a = (CHAR *) (buf1 + off); + a[i].b = (CHAR *) (buf2 + off); + a[i].len = len; + a[i].wpos = len - wpos; + a[i].todo = i; + threads[i] = xpthread_create (NULL, childThread, (void *) &a[i]); + } + + for (i = 0; i < NUM_THREADS; ++i) + xpthread_join (threads[i]); + } + } +} + +int +test_main (void) +{ + test_init (); + + MEMSET ((CHAR *) buf1, 1, page_size / sizeof (CHAR)); + MEMSET ((CHAR *) buf2, 1, page_size / sizeof (CHAR)); + for (size_t i = 1; i <= 1024; i += i) + { + FOR_EACH_IMPL (impl, 0) + { + do_one_test ((proto_t) impl->fn, i); + do_one_test ((proto_t) impl->fn, i + 1); + do_one_test ((proto_t) impl->fn, i - 1); + } + } + return 0; +} + +#include diff --git a/nptl/tst-memcmpeq-race.c b/nptl/tst-memcmpeq-race.c new file mode 100644 index 0000000000..7088928f49 --- /dev/null +++ b/nptl/tst-memcmpeq-race.c @@ -0,0 +1,19 @@ +/* Test case for __memcmpeq with race condition. + Copyright (C) 2022 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ +#define TEST_MEMCMPEQ 1 +#include "tst-memcmp-race.c" diff --git a/nptl/tst-wmemcmp-race.c b/nptl/tst-wmemcmp-race.c new file mode 100644 index 0000000000..8278f71842 --- /dev/null +++ b/nptl/tst-wmemcmp-race.c @@ -0,0 +1,20 @@ +/* Test case for wmemcmp with race condition. + Copyright (C) 2022 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ +#include +#define WIDE 1 +#include "tst-memcmp-race.c"