mbox series

[ovs-dev,RFC,0/8] RCU: Add blocking mode for debugging

Message ID cover.1619106089.git.grive@u256.net
Headers show
Series RCU: Add blocking mode for debugging | expand

Message

Gaetan Rivet April 22, 2021, 3:54 p.m. UTC 
This series adds a compilation option that changes the behavior of the RCU
module. Once enabled, RCU reclamation by user threads becomes blocking until
the RCU threads has executed the scheduled callbacks.

Tools such as AddressSanitizer are useful to detect memory errors e.g. user-after-free.
Such tool can become ineffective if the RCU library is used to defer memory reclamation.
While this is the intended function of the RCU lib, nothing protects developers
from mistakes i.e. keeping references to memory scheduled for reclamation accross
quiescent periods.

Such error that should be detectable with ASAN, are made less likely to occur
due to RCU and thus harder to fix. However, if the RCU is modified so that user
threads are waiting on the RCU thread to execute the scheduled callbacks, they
should be forced to happen.

Unit tests have been written that should trigger a use-after-free from ASAN.
They are however thwarted by the RCU, until the blocking mode is enabled.
In that case, they will always abort on the expected error.

The full test-suite can be passed with the blocking RCU mode enabled.
An entry in the CI matrix is created for it. No error has been observed.

Gaetan Rivet (8):
  configure: add --enable-asan option
  tests: Add ovs-barrier unit test
  tests: Add RCU postpone test
  tests: Add ASAN use-after-free validation with RCU
  ovs-thread: Fix barrier use-after-free
  ovs-thread: Quiesce when joining pthreads
  rcu: Remove unused perthread mutex
  rcu: Add blocking RCU mode

 .ci/linux-build.sh                   |   8 +-
 .github/workflows/build-and-test.yml |   7 +
 NEWS                                 |   2 +
 acinclude.m4                         |  31 ++++
 configure.ac                         |   2 +
 lib/ovs-rcu.c                        |  89 ++++++++-
 lib/ovs-thread.c                     |  77 ++++++--
 lib/ovs-thread.h                     |   6 +-
 tests/atlocal.in                     |   2 +
 tests/automake.mk                    |   2 +
 tests/library.at                     |  49 ++++-
 tests/test-barrier.c                 | 264 +++++++++++++++++++++++++++
 tests/test-rcu-uaf.c                 |  98 ++++++++++
 tests/test-rcu.c                     |  59 ++++++
 14 files changed, 673 insertions(+), 23 deletions(-)
 create mode 100644 tests/test-barrier.c
 create mode 100644 tests/test-rcu-uaf.c

--
2.31.1

Comments

Gaetan Rivet April 22, 2021, 4:13 p.m. UTC | #1 
On Thu, Apr 22, 2021, at 17:54, Gaetan Rivet wrote:
> This series adds a compilation option that changes the behavior of the RCU
> module. Once enabled, RCU reclamation by user threads becomes blocking until
> the RCU threads has executed the scheduled callbacks.
> 
> Tools such as AddressSanitizer are useful to detect memory errors e.g. 
> user-after-free.
> Such tool can become ineffective if the RCU library is used to defer 
> memory reclamation.
> While this is the intended function of the RCU lib, nothing protects 
> developers
> from mistakes i.e. keeping references to memory scheduled for 
> reclamation accross
> quiescent periods.
> 
> Such error that should be detectable with ASAN, are made less likely to occur
> due to RCU and thus harder to fix. However, if the RCU is modified so that user
> threads are waiting on the RCU thread to execute the scheduled callbacks, they
> should be forced to happen.
> 
> Unit tests have been written that should trigger a use-after-free from ASAN.
> They are however thwarted by the RCU, until the blocking mode is enabled.
> In that case, they will always abort on the expected error.
> 
> The full test-suite can be passed with the blocking RCU mode enabled.
> An entry in the CI matrix is created for it. No error has been observed.
> 
> Gaetan Rivet (8):
>   configure: add --enable-asan option
>   tests: Add ovs-barrier unit test
>   tests: Add RCU postpone test
>   tests: Add ASAN use-after-free validation with RCU
>   ovs-thread: Fix barrier use-after-free
>   ovs-thread: Quiesce when joining pthreads
>   rcu: Remove unused perthread mutex
>   rcu: Add blocking RCU mode
> 
>  .ci/linux-build.sh                   |   8 +-
>  .github/workflows/build-and-test.yml |   7 +
>  NEWS                                 |   2 +
>  acinclude.m4                         |  31 ++++
>  configure.ac                         |   2 +
>  lib/ovs-rcu.c                        |  89 ++++++++-
>  lib/ovs-thread.c                     |  77 ++++++--
>  lib/ovs-thread.h                     |   6 +-
>  tests/atlocal.in                     |   2 +
>  tests/automake.mk                    |   2 +
>  tests/library.at                     |  49 ++++-
>  tests/test-barrier.c                 | 264 +++++++++++++++++++++++++++
>  tests/test-rcu-uaf.c                 |  98 ++++++++++
>  tests/test-rcu.c                     |  59 ++++++
>  14 files changed, 673 insertions(+), 23 deletions(-)
>  create mode 100644 tests/test-barrier.c
>  create mode 100644 tests/test-rcu-uaf.c
> 
> --
> 2.31.1
> 
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> 

I forgot to link the CI result: https://github.com/grivet/ovs/actions/runs/774814772