From: Noah Goldstein <goldstein.w.n@gmail.com>
To: libc-alpha@sourceware.org
Cc: hjl.tools@gmail.com, carlos@systemhalted.org
Subject: Re: [PATCH v1 2/2] nptl: Add a testcase for inputs racey to {w}memcmp{eq} BZ #29863
Date: Mon, 19 Dec 2022 11:28:41 -0800 [thread overview]
Message-ID: <CAFUsyf+TnFrYKpr+aXc5GLtkYGNTVtB8S23Jf3CePmeX9Rcfsg@mail.gmail.com> (raw)
In-Reply-To: <20221219192726.999818-2-goldstein.w.n@gmail.com>
On Mon, Dec 19, 2022 at 11:27 AM Noah Goldstein <goldstein.w.n@gmail.com> wrote:
>
> Add test that modifies data as {w}memcmp{eq} runs (creating a race
> condition). Failures from this tests do not inherently mean the
> {w}memcmp{eq} implementation is buggy, but is at the very least
> something we should be aware of.
>
> Success is no SIGSEGV. Failure is a SIGSEGV.
>
> Verified test failed 10/10 times without:
>
> commit b712be52645282c706a5faa038242504feb06db5
> Author: Noah Goldstein <goldstein.w.n@gmail.com>
> Date: Wed Dec 14 10:52:10 2022 -0800
>
> x86: Prevent SIGSEGV in memcmp-sse2 when data is concurrently modified [BZ #29863]
>
> And passes with the fix.
NB: Forget tag "Co-authored-by: H.J. Lu <hjl.tools@gmail.com>",
will add before commit or next version if more revisions are needed.
> ---
> nptl/Makefile | 7 ++
> nptl/tst-memcmp-race.c | 149 +++++++++++++++++++++++++++++++++++++++
> nptl/tst-memcmpeq-race.c | 19 +++++
> nptl/tst-wmemcmp-race.c | 20 ++++++
> 4 files changed, 195 insertions(+)
> create mode 100644 nptl/tst-memcmp-race.c
> create mode 100644 nptl/tst-memcmpeq-race.c
> create mode 100644 nptl/tst-wmemcmp-race.c
>
> diff --git a/nptl/Makefile b/nptl/Makefile
> index fc955cd604..5f56bdc80a 100644
> --- a/nptl/Makefile
> +++ b/nptl/Makefile
> @@ -285,6 +285,8 @@ tests = \
> tst-exec4 \
> tst-exec5 \
> tst-initializers1 $(addprefix tst-initializers1-,c89 gnu89 c99 gnu99 c11 gnu11) \
> + tst-memcmp-race \
> + tst-memcmpeq-race \
> tst-minstack-cancel \
> tst-minstack-exit \
> tst-minstack-throw \
> @@ -348,8 +350,13 @@ tests = \
> tst-thread_local1 \
> tst-tsd3 \
> tst-tsd4 \
> + tst-wmemcmp-race \
> # tests
>
> +CFLAGS-tst-memcmp-race.c += -O0
> +CFLAGS-tst-memcmpeq-race.c += -O0
> +CFLAGS-tst-wmemcmp-race.c += -O0
> +
> tests-nolibpthread = \
> tst-pthread_exit-nothreads \
> tst-pthread_exit-nothreads-static \
> diff --git a/nptl/tst-memcmp-race.c b/nptl/tst-memcmp-race.c
> new file mode 100644
> index 0000000000..56e62b2f7b
> --- /dev/null
> +++ b/nptl/tst-memcmp-race.c
> @@ -0,0 +1,149 @@
> +/* Test case for memcmp with race condition.
> + Copyright (C) 2022 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +/* Verify that there is no segfault when one thread is updating the
> + memory block of memcmp and the other thread is doing memcmp.
> +
> + NOTE: This test failing does not automatically mean the
> + {w}memcmp{eq} is incorrect. This is testing UB and behavior that
> + is supported. That being said, users may expect that the mem*
> + functions never access out of bounds data (even with data races)
> + and we should be aware of the cases when we do. */
> +
> +#define TEST_MAIN
> +#define MIN_PAGE_SIZE 4096
> +
> +#ifdef TEST_MEMCMPEQ
> +# define MEMCMP __memcmpeq
> +# define TEST_NAME "__memcmpeq"
> +#elif defined WIDE
> +# define MEMCMP wmemcmp
> +# define TEST_NAME "wmemcmp"
> +#else
> +# define MEMCMP memcmp
> +# define TEST_NAME "memcmp"
> +#endif
> +
> +#ifdef WIDE
> +# define MEMSET wmemset
> +# define CHAR wchar_t
> +#else
> +# define MEMSET memset
> +# define CHAR char
> +#endif
> +
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <string.h>
> +#include <string/test-string.h>
> +#include <support/xthread.h>
> +
> +#define NUM_THREADS 2
> +#define LOOP1 10000
> +#define LOOP2 1000000
> +
> +typedef int (*proto_t) (const CHAR *, const CHAR *, size_t);
> +
> +IMPL (MEMCMP, 1)
> +
> +struct arg
> +{
> + proto_t func;
> + CHAR *a;
> + CHAR *b;
> + size_t len;
> + size_t wpos;
> + int todo;
> +};
> +
> +static void *
> +childThread (void *tArgs)
> +{
> + struct arg *args = (struct arg *) tArgs;
> + int i;
> + if (0 == args->todo % 2)
> + {
> + for (i = 0; i < LOOP1; i++)
> + {
> + volatile int result = args->func (args->a, args->b, args->len);
> + (void)(result);
> + }
> + }
> + else
> + {
> + for (i = 0; i < LOOP2; i++)
> + args->a[args->wpos] = i & 1;
> + args->a[args->wpos] = 1;
> + }
> + return NULL;
> +}
> +
> +static void
> +do_one_test (proto_t func, size_t len)
> +{
> + int r;
> + if (len * sizeof (CHAR) > page_size)
> + return;
> + for (r = 0; r < 2; ++r)
> + {
> + size_t wpos;
> + for (wpos = 1; wpos < 128 && wpos <= len; wpos = wpos + wpos + 1)
> + {
> + int i;
> + size_t off;
> + pthread_t threads[NUM_THREADS];
> + struct arg a[NUM_THREADS];
> +
> + off = r ? (page_size - len * sizeof (CHAR)) : 0;
> + for (i = 0; i < NUM_THREADS; ++i)
> + {
> + a[i].func = func;
> + a[i].a = (CHAR *) (buf1 + off);
> + a[i].b = (CHAR *) (buf2 + off);
> + a[i].len = len;
> + a[i].wpos = len - wpos;
> + a[i].todo = i;
> + threads[i] = xpthread_create (NULL, childThread, (void *) &a[i]);
> + }
> +
> + for (i = 0; i < NUM_THREADS; ++i)
> + xpthread_join (threads[i]);
> + }
> + }
> +}
> +
> +int
> +test_main (void)
> +{
> + test_init ();
> +
> + MEMSET ((CHAR *) buf1, 1, page_size / sizeof (CHAR));
> + MEMSET ((CHAR *) buf2, 1, page_size / sizeof (CHAR));
> + for (size_t i = 1; i <= 1024; i += i)
> + {
> + FOR_EACH_IMPL (impl, 0)
> + {
> + do_one_test ((proto_t) impl->fn, i);
> + do_one_test ((proto_t) impl->fn, i + 1);
> + do_one_test ((proto_t) impl->fn, i - 1);
> + }
> + }
> + return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/nptl/tst-memcmpeq-race.c b/nptl/tst-memcmpeq-race.c
> new file mode 100644
> index 0000000000..7088928f49
> --- /dev/null
> +++ b/nptl/tst-memcmpeq-race.c
> @@ -0,0 +1,19 @@
> +/* Test case for __memcmpeq with race condition.
> + Copyright (C) 2022 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +#define TEST_MEMCMPEQ 1
> +#include "tst-memcmp-race.c"
> diff --git a/nptl/tst-wmemcmp-race.c b/nptl/tst-wmemcmp-race.c
> new file mode 100644
> index 0000000000..8278f71842
> --- /dev/null
> +++ b/nptl/tst-wmemcmp-race.c
> @@ -0,0 +1,20 @@
> +/* Test case for wmemcmp with race condition.
> + Copyright (C) 2022 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +#include <wchar.h>
> +#define WIDE 1
> +#include "tst-memcmp-race.c"
> --
> 2.34.1
>
next prev parent reply other threads:[~2022-12-19 19:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-19 19:27 [PATCH v1 1/2] nptl: Changes tests to be 1/line and sorted Noah Goldstein
2022-12-19 19:27 ` [PATCH v1 2/2] nptl: Add a testcase for inputs racey to {w}memcmp{eq} BZ #29863 Noah Goldstein
2022-12-19 19:28 ` Noah Goldstein [this message]
2022-12-29 16:41 ` Noah Goldstein
2023-01-10 23:03 ` Noah Goldstein
2022-12-29 16:40 ` [PATCH v1 1/2] nptl: Changes tests to be 1/line and sorted Noah Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFUsyf+TnFrYKpr+aXc5GLtkYGNTVtB8S23Jf3CePmeX9Rcfsg@mail.gmail.com \
--to=goldstein.w.n@gmail.com \
--cc=carlos@systemhalted.org \
--cc=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).