From patchwork Mon Jul 12 15:34:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 1504055 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=swcogqDw; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GNnv03WZNz9sV8 for ; Tue, 13 Jul 2021 01:37:00 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 53BCA388CC21 for ; Mon, 12 Jul 2021 15:36:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 53BCA388CC21 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1626104218; bh=Qmg/riI4cShZckRekiEGwho+yCrLUhW3yESaNwj4JSY=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=swcogqDwrl68uCTwQgzfEGiI8PpRSaWbeNZb1myDmSs0Gji5ZXNtAYf1R/EIzyfI+ tF3lO0nmxlkBgLUxY5P0pxk3ndo3HbuwvDnlmRR3OSn0kavPLvoMUqi2qJ+iWxcdeP Kw4QPrFDzLf/tWTgzRlIIkY/3jUymlk/IDCAbc1Y= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from black.elm.relay.mailchannels.net (black.elm.relay.mailchannels.net [23.83.212.19]) by sourceware.org (Postfix) with ESMTPS id 4EA02388C03E for ; Mon, 12 Jul 2021 15:34:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4EA02388C03E X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id E5D51122537; Mon, 12 Jul 2021 15:34:19 +0000 (UTC) Received: from pdx1-sub0-mail-a10.g.dreamhost.com (100-98-55-150.trex-nlb.outbound.svc.cluster.local [100.98.55.150]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 7B470122878; Mon, 12 Jul 2021 15:34:19 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a10.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.98.55.150 (trex/6.3.3); Mon, 12 Jul 2021 15:34:19 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Cooperative-Abaft: 40345af41213980b_1626104059756_2059854071 X-MC-Loop-Signature: 1626104059756:417875648 X-MC-Ingress-Time: 1626104059756 Received: from pdx1-sub0-mail-a10.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a10.g.dreamhost.com (Postfix) with ESMTP id 390E57EFCE; Mon, 12 Jul 2021 08:34:19 -0700 (PDT) Received: from rhbox.intra.reserved-bit.com (unknown [1.186.101.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a10.g.dreamhost.com (Postfix) with ESMTPSA id 83F097E66C; Mon, 12 Jul 2021 08:34:16 -0700 (PDT) X-DH-BACKEND: pdx1-sub0-mail-a10 To: libc-alpha@sourceware.org Subject: [PATCH] tst-safe-linking: make false positives even more improbable Date: Mon, 12 Jul 2021 21:04:02 +0530 Message-Id: <20210712153402.3966528-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-Spam-Status: No, score=-3494.2 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NEUTRAL, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" There is a 1 in 16 chance of a corruption escaping safe-linking and to guard against spurious failures, tst-safe-linking runs each subtest 10 times to ensure that the chance is reduced to 1 in 2^40. However, in the 1 in 16 chance that a corruption does escape safe linking, it could well be caught by other sanity checks we do in malloc, which then results in spurious test failures like below: test test_fastbin_consolidate failed with a different error expected: malloc_consolidate(): unaligned fastbin chunk detected actual: malloc_consolidate(): invalid chunk size This failure is seen more frequently on i686; I was able to reproduce it in about 5 min of running it in a loop. Guard against such failures by recording them and retrying the test. Also, do not fail the test if we happened to get defeated by the 1 in 2^40 odds if in at least one of the instances it was detected by other checks. Finally, bolster the odds to 2^64 by running 16 times instead of 10. The test still has a chance (about 1 in 2^40) of failure so it is still flaky in theory. However in practice if we see a failure here then it's more likely that there's a bug than it being an issue with the test. Add more printfs and also dump them to stdout so that in the event the test actually fails, we will have some data to try and understand why it may have failed. Reviewed-by: Carlos O'Donell --- malloc/tst-safe-linking.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/malloc/tst-safe-linking.c b/malloc/tst-safe-linking.c index 97cc108be6..959ba59704 100644 --- a/malloc/tst-safe-linking.c +++ b/malloc/tst-safe-linking.c @@ -33,32 +33,39 @@ check (const char *test, void (*callback) (void *), const char *expected) { int i, rand_mask; - bool success = false; + int success = 0; /* 0 == fail, 1 == other check 2 == safe linking */ /* There is a chance of 1/16 that a corrupted pointer will be aligned. Try multiple times so that statistical failure will be improbable. */ - for (i = 0; i < 10 && !success; ++i) + for (i = 0; i < 16; ++i) { rand_mask = rand () & 0xFF; struct support_capture_subprocess result = support_capture_subprocess (callback, &rand_mask); + printf ("%s\n", result.out.buffer); /* Did not crash, could happen. Try again. */ if (strlen (result.err.buffer) == 0) continue; - /* Crashed, must be the expected result. */ + /* Crashed, it may either be safe linking or some other check. If it's + not safe linking then try again. */ if (strcmp (result.err.buffer, expected) != 0) { - support_record_failure (); - printf ("error: test %s unexpected standard error data\n" + printf ("test %s failed with a different error\n" " expected: %s\n" " actual: %s\n", test, expected, result.err.buffer); + success = 1; + continue; } TEST_VERIFY (WIFSIGNALED (result.status)); if (WIFSIGNALED (result.status)) TEST_VERIFY (WTERMSIG (result.status) == SIGABRT); support_capture_subprocess_free (&result); - success = true; + success = 2; + break; } + /* The test fails only if the corruption was not caught by any of the malloc + mechanisms in all those iterations. This has a lower than 1 in 2^64 + chance of a false positive. */ TEST_VERIFY (success); } @@ -74,10 +81,13 @@ test_tcache (void *closure) int mask = ((int *)closure)[0]; size_t size = TCACHE_ALLOC_SIZE; + printf ("++ tcache ++\n"); + /* Populate the tcache list. */ void * volatile a = malloc (size); void * volatile b = malloc (size); void * volatile c = malloc (size); + printf ("a=%p, b=%p, c=%p\n", a, b, c); free (a); free (b); free (c); @@ -88,6 +98,7 @@ test_tcache (void *closure) printf ("After: c=%p, c[0]=%p\n", c, ((void **)c)[0]); c = malloc (size); + printf ("Allocated: c=%p\n", c); /* This line will trigger the Safe-Linking check. */ b = malloc (size); printf ("b=%p\n", b); @@ -101,10 +112,13 @@ test_fastbin (void *closure) int mask = ((int *)closure)[0]; size_t size = TCACHE_ALLOC_SIZE; + printf ("++ fastbin ++\n"); + /* Take the tcache out of the game. */ for (i = 0; i < TCACHE_FILL_COUNT; ++i) { void * volatile p = calloc (1, size); + printf ("p=%p\n", p); free (p); } @@ -112,6 +126,7 @@ test_fastbin (void *closure) void * volatile a = calloc (1, size); void * volatile b = calloc (1, size); void * volatile c = calloc (1, size); + printf ("a=%p, b=%p, c=%p\n", a, b, c); free (a); free (b); free (c); @@ -122,6 +137,7 @@ test_fastbin (void *closure) printf ("After: c=%p, c[0]=%p\n", c, ((void **)c)[0]); c = calloc (1, size); + printf ("Allocated: c=%p\n", c); /* This line will trigger the Safe-Linking check. */ b = calloc (1, size); printf ("b=%p\n", b); @@ -135,6 +151,8 @@ test_fastbin_consolidate (void *closure) int mask = ((int*)closure)[0]; size_t size = TCACHE_ALLOC_SIZE; + printf ("++ fastbin consolidate ++\n"); + /* Take the tcache out of the game. */ for (i = 0; i < TCACHE_FILL_COUNT; ++i) { @@ -146,6 +164,7 @@ test_fastbin_consolidate (void *closure) void * volatile a = calloc (1, size); void * volatile b = calloc (1, size); void * volatile c = calloc (1, size); + printf ("a=%p, b=%p, c=%p\n", a, b, c); free (a); free (b); free (c);