From patchwork Tue Jan 8 13:26:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Wang X-Patchwork-Id: 1021902 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43YtN20wwkz9sCr for ; Wed, 9 Jan 2019 00:27:12 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 4FE133FFA82 for ; Tue, 8 Jan 2019 14:26:59 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-3.smtp.seeweb.it (in-3.smtp.seeweb.it [217.194.8.3]) by picard.linux.it (Postfix) with ESMTP id 022633ED1C3 for ; Tue, 8 Jan 2019 14:26:27 +0100 (CET) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-3.smtp.seeweb.it (Postfix) with ESMTPS id BC0571A00EB7 for ; Tue, 8 Jan 2019 14:26:26 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 64B4D89AE6; Tue, 8 Jan 2019 13:26:24 +0000 (UTC) Received: from dhcp-12-173.nay.redhat.com (dhcp-12-173.nay.redhat.com [10.66.12.173]) by smtp.corp.redhat.com (Postfix) with ESMTP id 282ED5DAA0; Tue, 8 Jan 2019 13:26:22 +0000 (UTC) From: Li Wang To: ltp@lists.linux.it Date: Tue, 8 Jan 2019 21:26:18 +0800 Message-Id: <20190108132618.25965-1-liwang@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 08 Jan 2019 13:26:24 +0000 (UTC) X-Virus-Scanned: clamav-milter 0.99.2 at in-3.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-3.smtp.seeweb.it Cc: Richard Palethorpe Subject: [LTP] [PATCH v2] fzsync: revoke thread_B when parent hit accidental break X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" For system(rhel7.6, s390x) without __NR_recvmmsg supported, run cve-2016-7117 result in timeout and killed by LTP framework. The root reason is tst_syscall break with cleanup() function calling in this trace path: tst_syscall(__NR_recvmmsg, ...) tst_brk() cleanup() tst_fzsync_pair_cleanup() SAFE_PTHREAD_JOIN(pair->thread_b, NULL); cve-2016-7117 hung at here to wait for thread_b send_and_close() finishing. But thread_b fall into infinite loop because of tst_fzsync_wait_b without an extra condition to exit. Eventually, test get timeout error like: cve-2016-7117.c:145: CONF: syscall(-1) __NR_recvmmsg not supported Test timeouted, sending SIGKILL! tst_test.c:1125: INFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1126: BROK: Test killed! (timeout?) To solve this problem, we're trying to use pthread_kill with an realtime signal and a signal handler to revoke the thread_B at abonormal situation. Also, we wrap thread B's main function 'run_b' as function 'wrap_run_b' to sets the singal handler at the start of the thread. Signed-off-by: Li Wang Cc: Richard Palethorpe --- include/tst_fuzzy_sync.h | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/include/tst_fuzzy_sync.h b/include/tst_fuzzy_sync.h index de0402c9b..6814d8d34 100644 --- a/include/tst_fuzzy_sync.h +++ b/include/tst_fuzzy_sync.h @@ -63,6 +63,8 @@ #include #include #include +#include +#include #include "tst_atomic.h" #include "tst_timer.h" #include "tst_safe_pthread.h" @@ -156,7 +158,7 @@ struct tst_fzsync_pair { int a_cntr; /** Internal; Atomic counter used by fzsync_pair_wait() */ int b_cntr; - /** Internal; Used by tst_fzsync_pair_exit() and fzsync_pair_wait() */ + /** Internal; Used by tst_fzsync_run_b() to exit normally */ int exit; /** * The maximum desired execution time as a proportion of the timeout @@ -217,13 +219,30 @@ static void tst_fzsync_pair_init(struct tst_fzsync_pair *pair) */ static void tst_fzsync_pair_cleanup(struct tst_fzsync_pair *pair) { + int kill_ret; + if (pair->thread_b) { tst_atomic_store(1, &pair->exit); + + kill_ret = pthread_kill(pair->thread_b, 0); + if (kill_ret == 0) + pthread_kill(pair->thread_b, SIGUSR1); + else if (kill_ret == ESRCH) + tst_res(TINFO, "thread_b is not exist"); + else if (kill_ret == EINVAL) + tst_res(TINFO, "Invalid signal was specified"); + SAFE_PTHREAD_JOIN(pair->thread_b, NULL); pair->thread_b = 0; } } +static void sighandler(int sig) +{ + if (sig == SIGUSR1) + pthread_exit(NULL); +} + /** * Zero some stat fields * @@ -235,6 +254,22 @@ static void tst_init_stat(struct tst_fzsync_stat *s) s->avg_dev = 0; } +/** + * Wrap run_b for tst_fzsync_pair_reset to set the singal handler + * at the start of the thread B. + */ +static void *wrap_run_b(void * run_b) +{ + void *(*real_run_b)(void *) = run_b; + + if (real_run_b) { + SAFE_SIGNAL(SIGUSR1, sighandler); + (*real_run_b)(NULL); + } + + return NULL; +} + /** * Reset or initialise fzsync. * @@ -272,7 +307,7 @@ static void tst_fzsync_pair_reset(struct tst_fzsync_pair *pair, pair->b_cntr = 0; pair->exit = 0; if (run_b) - SAFE_PTHREAD_CREATE(&pair->thread_b, 0, run_b, 0); + SAFE_PTHREAD_CREATE(&pair->thread_b, 0, wrap_run_b, run_b); pair->exec_time_start = (float)tst_timeout_remaining(); }