[PATCH v1 2/2] nptl: Add a testcase for inputs racey to {w}memcmp{eq} BZ #29863

[Noah Goldstein <goldstein.w.n@gmail.com>]

Add test that modifies data as {w}memcmp{eq} runs (creating a race
condition).  Failures from this tests do not inherently mean the
{w}memcmp{eq} implementation is buggy, but is at the very least
something we should be aware of.

Success is no SIGSEGV. Failure is a SIGSEGV.

Verified test failed 10/10 times without:

commit b712be52645282c706a5faa038242504feb06db5
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date:   Wed Dec 14 10:52:10 2022 -0800

    x86: Prevent SIGSEGV in memcmp-sse2 when data is concurrently modified [BZ #29863]

And passes with the fix.
---
 nptl/Makefile            |   7 ++
 nptl/tst-memcmp-race.c   | 149 +++++++++++++++++++++++++++++++++++++++
 nptl/tst-memcmpeq-race.c |  19 +++++
 nptl/tst-wmemcmp-race.c  |  20 ++++++
 4 files changed, 195 insertions(+)
 create mode 100644 nptl/tst-memcmp-race.c
 create mode 100644 nptl/tst-memcmpeq-race.c
 create mode 100644 nptl/tst-wmemcmp-race.c

diff --git a/nptl/Makefile b/nptl/Makefile
index fc955cd604..5f56bdc80a 100644
--- a/nptl/Makefile
+++ b/nptl/Makefile
@@ -285,6 +285,8 @@ tests = \
 	tst-exec4 \
 	tst-exec5 \
 	tst-initializers1 $(addprefix tst-initializers1-,c89 gnu89 c99 gnu99 c11 gnu11) \
+	tst-memcmp-race \
+	tst-memcmpeq-race \
 	tst-minstack-cancel \
 	tst-minstack-exit \
 	tst-minstack-throw \
@@ -348,8 +350,13 @@ tests = \
 	tst-thread_local1 \
 	tst-tsd3 \
 	tst-tsd4 \
+	tst-wmemcmp-race \
 # tests
 
+CFLAGS-tst-memcmp-race.c += -O0
+CFLAGS-tst-memcmpeq-race.c += -O0
+CFLAGS-tst-wmemcmp-race.c += -O0
+
 tests-nolibpthread = \
   tst-pthread_exit-nothreads \
   tst-pthread_exit-nothreads-static \
diff --git a/nptl/tst-memcmp-race.c b/nptl/tst-memcmp-race.c
new file mode 100644
index 0000000000..56e62b2f7b
--- /dev/null
+++ b/nptl/tst-memcmp-race.c
@@ -0,0 +1,149 @@
+/* Test case for memcmp with race condition.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+/* Verify that there is no segfault when one thread is updating the
+   memory block of memcmp and the other thread is doing memcmp.
+
+   NOTE: This test failing does not automatically mean the
+   {w}memcmp{eq} is incorrect.  This is testing UB and behavior that
+   is supported.  That being said, users may expect that the mem*
+   functions never access out of bounds data (even with data races)
+   and we should be aware of the cases when we do. */
+
+#define TEST_MAIN
+#define MIN_PAGE_SIZE 4096
+
+#ifdef TEST_MEMCMPEQ
+# define MEMCMP __memcmpeq
+# define TEST_NAME "__memcmpeq"
+#elif defined WIDE
+# define MEMCMP wmemcmp
+# define TEST_NAME "wmemcmp"
+#else
+# define MEMCMP memcmp
+# define TEST_NAME "memcmp"
+#endif
+
+#ifdef WIDE
+# define MEMSET wmemset
+# define CHAR wchar_t
+#else
+# define MEMSET memset
+# define CHAR char
+#endif
+
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <string/test-string.h>
+#include <support/xthread.h>
+
+#define NUM_THREADS 2
+#define LOOP1 10000
+#define LOOP2 1000000
+
+typedef int (*proto_t) (const CHAR *, const CHAR *, size_t);
+
+IMPL (MEMCMP, 1)
+
+struct arg
+{
+  proto_t func;
+  CHAR *a;
+  CHAR *b;
+  size_t len;
+  size_t wpos;
+  int todo;
+};
+
+static void *
+childThread (void *tArgs)
+{
+  struct arg *args = (struct arg *) tArgs;
+  int i;
+  if (0 == args->todo % 2)
+    {
+      for (i = 0; i < LOOP1; i++)
+	{
+	  volatile int result = args->func (args->a, args->b, args->len);
+      (void)(result);
+	}
+    }
+  else
+    {
+      for (i = 0; i < LOOP2; i++)
+	args->a[args->wpos] = i & 1;
+      args->a[args->wpos] = 1;
+    }
+  return NULL;
+}
+
+static void
+do_one_test (proto_t func, size_t len)
+{
+  int r;
+  if (len * sizeof (CHAR) > page_size)
+    return;
+  for (r = 0; r < 2; ++r)
+    {
+      size_t wpos;
+      for (wpos = 1; wpos < 128 && wpos <= len; wpos = wpos + wpos + 1)
+	{
+	  int i;
+	  size_t off;
+	  pthread_t threads[NUM_THREADS];
+	  struct arg a[NUM_THREADS];
+
+	  off = r ? (page_size - len * sizeof (CHAR)) : 0;
+	  for (i = 0; i < NUM_THREADS; ++i)
+	    {
+	      a[i].func = func;
+	      a[i].a = (CHAR *) (buf1 + off);
+	      a[i].b = (CHAR *) (buf2 + off);
+	      a[i].len = len;
+	      a[i].wpos = len - wpos;
+	      a[i].todo = i;
+	      threads[i] = xpthread_create (NULL, childThread, (void *) &a[i]);
+	    }
+
+	  for (i = 0; i < NUM_THREADS; ++i)
+	    xpthread_join (threads[i]);
+	}
+    }
+}
+
+int
+test_main (void)
+{
+  test_init ();
+
+  MEMSET ((CHAR *) buf1, 1, page_size / sizeof (CHAR));
+  MEMSET ((CHAR *) buf2, 1, page_size / sizeof (CHAR));
+  for (size_t i = 1; i <= 1024; i += i)
+    {
+      FOR_EACH_IMPL (impl, 0)
+	{
+	  do_one_test ((proto_t) impl->fn, i);
+	  do_one_test ((proto_t) impl->fn, i + 1);
+	  do_one_test ((proto_t) impl->fn, i - 1);
+	}
+    }
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/nptl/tst-memcmpeq-race.c b/nptl/tst-memcmpeq-race.c
new file mode 100644
index 0000000000..7088928f49
--- /dev/null
+++ b/nptl/tst-memcmpeq-race.c
@@ -0,0 +1,19 @@
+/* Test case for __memcmpeq with race condition.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+#define TEST_MEMCMPEQ 1
+#include "tst-memcmp-race.c"
diff --git a/nptl/tst-wmemcmp-race.c b/nptl/tst-wmemcmp-race.c
new file mode 100644
index 0000000000..8278f71842
--- /dev/null
+++ b/nptl/tst-wmemcmp-race.c
@@ -0,0 +1,20 @@
+/* Test case for wmemcmp with race condition.
+   Copyright (C) 2022 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+#include <wchar.h>
+#define WIDE 1
+#include "tst-memcmp-race.c"
-- 
2.34.1