From: Noah Goldstein <goldstein.w.n@gmail.com>
To: libc-alpha@sourceware.org
Cc: hjl.tools@gmail.com, carlos@systemhalted.org
Subject: Re: [PATCH v1 2/2] nptl: Add a testcase for inputs racey to {w}memcmp{eq} BZ #29863
Date: Tue, 10 Jan 2023 15:03:00 -0800 [thread overview]
Message-ID: <CAFUsyfKmPDqq1iF6f+AjRjyEoWfyqJ6EoGVBVdatZ01qWzuxFw@mail.gmail.com> (raw)
In-Reply-To: <CAFUsyfLUVtQYNnqr8549h3gXPNU1=cyg3aYuqr2wcTxj-EPOqg@mail.gmail.com>
On Thu, Dec 29, 2022 at 8:41 AM Noah Goldstein <goldstein.w.n@gmail.com> wrote:
>
> On Mon, Dec 19, 2022 at 11:28 AM Noah Goldstein <goldstein.w.n@gmail.com> wrote:
> >
> > On Mon, Dec 19, 2022 at 11:27 AM Noah Goldstein <goldstein.w.n@gmail.com> wrote:
> > >
> > > Add test that modifies data as {w}memcmp{eq} runs (creating a race
> > > condition). Failures from this tests do not inherently mean the
> > > {w}memcmp{eq} implementation is buggy, but is at the very least
> > > something we should be aware of.
> > >
> > > Success is no SIGSEGV. Failure is a SIGSEGV.
> > >
> > > Verified test failed 10/10 times without:
> > >
> > > commit b712be52645282c706a5faa038242504feb06db5
> > > Author: Noah Goldstein <goldstein.w.n@gmail.com>
> > > Date: Wed Dec 14 10:52:10 2022 -0800
> > >
> > > x86: Prevent SIGSEGV in memcmp-sse2 when data is concurrently modified [BZ #29863]
> > >
> > > And passes with the fix.
> >
> > NB: Forget tag "Co-authored-by: H.J. Lu <hjl.tools@gmail.com>",
> > will add before commit or next version if more revisions are needed.
> > > ---
> > > nptl/Makefile | 7 ++
> > > nptl/tst-memcmp-race.c | 149 +++++++++++++++++++++++++++++++++++++++
> > > nptl/tst-memcmpeq-race.c | 19 +++++
> > > nptl/tst-wmemcmp-race.c | 20 ++++++
> > > 4 files changed, 195 insertions(+)
> > > create mode 100644 nptl/tst-memcmp-race.c
> > > create mode 100644 nptl/tst-memcmpeq-race.c
> > > create mode 100644 nptl/tst-wmemcmp-race.c
> > >
> > > diff --git a/nptl/Makefile b/nptl/Makefile
> > > index fc955cd604..5f56bdc80a 100644
> > > --- a/nptl/Makefile
> > > +++ b/nptl/Makefile
> > > @@ -285,6 +285,8 @@ tests = \
> > > tst-exec4 \
> > > tst-exec5 \
> > > tst-initializers1 $(addprefix tst-initializers1-,c89 gnu89 c99 gnu99 c11 gnu11) \
> > > + tst-memcmp-race \
> > > + tst-memcmpeq-race \
> > > tst-minstack-cancel \
> > > tst-minstack-exit \
> > > tst-minstack-throw \
> > > @@ -348,8 +350,13 @@ tests = \
> > > tst-thread_local1 \
> > > tst-tsd3 \
> > > tst-tsd4 \
> > > + tst-wmemcmp-race \
> > > # tests
> > >
> > > +CFLAGS-tst-memcmp-race.c += -O0
> > > +CFLAGS-tst-memcmpeq-race.c += -O0
> > > +CFLAGS-tst-wmemcmp-race.c += -O0
> > > +
> > > tests-nolibpthread = \
> > > tst-pthread_exit-nothreads \
> > > tst-pthread_exit-nothreads-static \
> > > diff --git a/nptl/tst-memcmp-race.c b/nptl/tst-memcmp-race.c
> > > new file mode 100644
> > > index 0000000000..56e62b2f7b
> > > --- /dev/null
> > > +++ b/nptl/tst-memcmp-race.c
> > > @@ -0,0 +1,149 @@
> > > +/* Test case for memcmp with race condition.
> > > + Copyright (C) 2022 Free Software Foundation, Inc.
> > > + This file is part of the GNU C Library.
> > > +
> > > + The GNU C Library is free software; you can redistribute it and/or
> > > + modify it under the terms of the GNU Lesser General Public
> > > + License as published by the Free Software Foundation; either
> > > + version 2.1 of the License, or (at your option) any later version.
> > > +
> > > + The GNU C Library is distributed in the hope that it will be useful,
> > > + but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > + Lesser General Public License for more details.
> > > +
> > > + You should have received a copy of the GNU Lesser General Public
> > > + License along with the GNU C Library; if not, see
> > > + <https://www.gnu.org/licenses/>. */
> > > +
> > > +/* Verify that there is no segfault when one thread is updating the
> > > + memory block of memcmp and the other thread is doing memcmp.
> > > +
> > > + NOTE: This test failing does not automatically mean the
> > > + {w}memcmp{eq} is incorrect. This is testing UB and behavior that
> > > + is supported. That being said, users may expect that the mem*
> > > + functions never access out of bounds data (even with data races)
> > > + and we should be aware of the cases when we do. */
> > > +
> > > +#define TEST_MAIN
> > > +#define MIN_PAGE_SIZE 4096
> > > +
> > > +#ifdef TEST_MEMCMPEQ
> > > +# define MEMCMP __memcmpeq
> > > +# define TEST_NAME "__memcmpeq"
> > > +#elif defined WIDE
> > > +# define MEMCMP wmemcmp
> > > +# define TEST_NAME "wmemcmp"
> > > +#else
> > > +# define MEMCMP memcmp
> > > +# define TEST_NAME "memcmp"
> > > +#endif
> > > +
> > > +#ifdef WIDE
> > > +# define MEMSET wmemset
> > > +# define CHAR wchar_t
> > > +#else
> > > +# define MEMSET memset
> > > +# define CHAR char
> > > +#endif
> > > +
> > > +#include <stdio.h>
> > > +#include <stdint.h>
> > > +#include <string.h>
> > > +#include <string/test-string.h>
> > > +#include <support/xthread.h>
> > > +
> > > +#define NUM_THREADS 2
> > > +#define LOOP1 10000
> > > +#define LOOP2 1000000
> > > +
> > > +typedef int (*proto_t) (const CHAR *, const CHAR *, size_t);
> > > +
> > > +IMPL (MEMCMP, 1)
> > > +
> > > +struct arg
> > > +{
> > > + proto_t func;
> > > + CHAR *a;
> > > + CHAR *b;
> > > + size_t len;
> > > + size_t wpos;
> > > + int todo;
> > > +};
> > > +
> > > +static void *
> > > +childThread (void *tArgs)
> > > +{
> > > + struct arg *args = (struct arg *) tArgs;
> > > + int i;
> > > + if (0 == args->todo % 2)
> > > + {
> > > + for (i = 0; i < LOOP1; i++)
> > > + {
> > > + volatile int result = args->func (args->a, args->b, args->len);
> > > + (void)(result);
> > > + }
> > > + }
> > > + else
> > > + {
> > > + for (i = 0; i < LOOP2; i++)
> > > + args->a[args->wpos] = i & 1;
> > > + args->a[args->wpos] = 1;
> > > + }
> > > + return NULL;
> > > +}
> > > +
> > > +static void
> > > +do_one_test (proto_t func, size_t len)
> > > +{
> > > + int r;
> > > + if (len * sizeof (CHAR) > page_size)
> > > + return;
> > > + for (r = 0; r < 2; ++r)
> > > + {
> > > + size_t wpos;
> > > + for (wpos = 1; wpos < 128 && wpos <= len; wpos = wpos + wpos + 1)
> > > + {
> > > + int i;
> > > + size_t off;
> > > + pthread_t threads[NUM_THREADS];
> > > + struct arg a[NUM_THREADS];
> > > +
> > > + off = r ? (page_size - len * sizeof (CHAR)) : 0;
> > > + for (i = 0; i < NUM_THREADS; ++i)
> > > + {
> > > + a[i].func = func;
> > > + a[i].a = (CHAR *) (buf1 + off);
> > > + a[i].b = (CHAR *) (buf2 + off);
> > > + a[i].len = len;
> > > + a[i].wpos = len - wpos;
> > > + a[i].todo = i;
> > > + threads[i] = xpthread_create (NULL, childThread, (void *) &a[i]);
> > > + }
> > > +
> > > + for (i = 0; i < NUM_THREADS; ++i)
> > > + xpthread_join (threads[i]);
> > > + }
> > > + }
> > > +}
> > > +
> > > +int
> > > +test_main (void)
> > > +{
> > > + test_init ();
> > > +
> > > + MEMSET ((CHAR *) buf1, 1, page_size / sizeof (CHAR));
> > > + MEMSET ((CHAR *) buf2, 1, page_size / sizeof (CHAR));
> > > + for (size_t i = 1; i <= 1024; i += i)
> > > + {
> > > + FOR_EACH_IMPL (impl, 0)
> > > + {
> > > + do_one_test ((proto_t) impl->fn, i);
> > > + do_one_test ((proto_t) impl->fn, i + 1);
> > > + do_one_test ((proto_t) impl->fn, i - 1);
> > > + }
> > > + }
> > > + return 0;
> > > +}
> > > +
> > > +#include <support/test-driver.c>
> > > diff --git a/nptl/tst-memcmpeq-race.c b/nptl/tst-memcmpeq-race.c
> > > new file mode 100644
> > > index 0000000000..7088928f49
> > > --- /dev/null
> > > +++ b/nptl/tst-memcmpeq-race.c
> > > @@ -0,0 +1,19 @@
> > > +/* Test case for __memcmpeq with race condition.
> > > + Copyright (C) 2022 Free Software Foundation, Inc.
> > > + This file is part of the GNU C Library.
> > > +
> > > + The GNU C Library is free software; you can redistribute it and/or
> > > + modify it under the terms of the GNU Lesser General Public
> > > + License as published by the Free Software Foundation; either
> > > + version 2.1 of the License, or (at your option) any later version.
> > > +
> > > + The GNU C Library is distributed in the hope that it will be useful,
> > > + but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > + Lesser General Public License for more details.
> > > +
> > > + You should have received a copy of the GNU Lesser General Public
> > > + License along with the GNU C Library; if not, see
> > > + <https://www.gnu.org/licenses/>. */
> > > +#define TEST_MEMCMPEQ 1
> > > +#include "tst-memcmp-race.c"
> > > diff --git a/nptl/tst-wmemcmp-race.c b/nptl/tst-wmemcmp-race.c
> > > new file mode 100644
> > > index 0000000000..8278f71842
> > > --- /dev/null
> > > +++ b/nptl/tst-wmemcmp-race.c
> > > @@ -0,0 +1,20 @@
> > > +/* Test case for wmemcmp with race condition.
> > > + Copyright (C) 2022 Free Software Foundation, Inc.
> > > + This file is part of the GNU C Library.
> > > +
> > > + The GNU C Library is free software; you can redistribute it and/or
> > > + modify it under the terms of the GNU Lesser General Public
> > > + License as published by the Free Software Foundation; either
> > > + version 2.1 of the License, or (at your option) any later version.
> > > +
> > > + The GNU C Library is distributed in the hope that it will be useful,
> > > + but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > + Lesser General Public License for more details.
> > > +
> > > + You should have received a copy of the GNU Lesser General Public
> > > + License along with the GNU C Library; if not, see
> > > + <https://www.gnu.org/licenses/>. */
> > > +#include <wchar.h>
> > > +#define WIDE 1
> > > +#include "tst-memcmp-race.c"
> > > --
> > > 2.34.1
> > >
> ping.
ping2.
next prev parent reply other threads:[~2023-01-10 23:03 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-19 19:27 [PATCH v1 1/2] nptl: Changes tests to be 1/line and sorted Noah Goldstein
2022-12-19 19:27 ` [PATCH v1 2/2] nptl: Add a testcase for inputs racey to {w}memcmp{eq} BZ #29863 Noah Goldstein
2022-12-19 19:28 ` Noah Goldstein
2022-12-29 16:41 ` Noah Goldstein
2023-01-10 23:03 ` Noah Goldstein [this message]
2022-12-29 16:40 ` [PATCH v1 1/2] nptl: Changes tests to be 1/line and sorted Noah Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFUsyfKmPDqq1iF6f+AjRjyEoWfyqJ6EoGVBVdatZ01qWzuxFw@mail.gmail.com \
--to=goldstein.w.n@gmail.com \
--cc=carlos@systemhalted.org \
--cc=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).