| Message ID | 1369140202-5848-1-git-send-email-stefanha@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 05/21/2013 06:43 AM, Stefan Hajnoczi wrote: > glibc wipes malloc(3) memory when the MALLOC_PERTURB_ environment > variable is set. The value of the environment variable determines the > bit pattern used to wipe memory. For more information, see > http://udrepper.livejournal.com/11429.html. > > Set MALLOC_PERTURB_ for gtester and qemu-iotests. Note we pick a random > value from 1 to 255 to expose more bugs. If you need to reproduce a > crash use 'show environment' in gdb to extract the MALLOC_PERTURB_ > value from a core dump. > > Both make check and qemu-iotests pass with MALLOC_PERTURB_ enabled. > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > tests/Makefile | 5 ++++- > tests/qemu-iotests/check | 3 ++- > 2 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/tests/Makefile b/tests/Makefile > index a307d5a..24880c6 100644 > --- a/tests/Makefile > +++ b/tests/Makefile > @@ -171,6 +171,7 @@ GCOV_OPTIONS = -n $(if $(V),-f,) > $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y) > $(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,) > $(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \ > + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ This is a Makefile; don't you need to use $$ instead of $ (three instances)? $RANDOM is a bash-ism. If make is run with SHELL as /bin/sh on a platform where dash is the primary shell, it will fail: $ dash -c 'echo $(($RANDOM % 255))' dash: 1: arithmetic expression: expecting primary: " % 255" HOWEVER: you can exploit the fact that inside $(()), you don't need $ to use the value of a defined variable, and also the fact that unless set -u is in effect, an undefined variable name silently evaluates as 0: $ dash -c 'echo $((RANDOM % 255))' 0 then you could write the shell code: MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))} or the Makefile code: MALLOC_PERTURB_=$${MALLOC_PERTURB_:-$$((RANDOM % 255 + 1))} and things will at least work on /bin/sh as dash (even though there will be no randomness and you are always testing with 1 in that case). > @@ -180,7 +181,9 @@ $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y) > .PHONY: $(patsubst %, check-%, $(check-unit-y)) > $(patsubst %, check-%, $(check-unit-y)): check-%: % > $(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,) > - $(call quiet-command,gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*") > + $(call quiet-command, \ > + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ More missing $$, and a case where RANDOM is better than $RANDOM for dash. > + gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*") > $(if $(CONFIG_GCOV),@for f in $(gcov-files-$(subst tests/,,$*)-y); do \ > echo Gcov report for $$f:;\ > $(GCOV) $(GCOV_OPTIONS) $$f -o `dirname $$f`; \ > diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check > index 432732c..74628ae 100755 > --- a/tests/qemu-iotests/check > +++ b/tests/qemu-iotests/check > @@ -214,7 +214,8 @@ do > start=`_wallclock` > $timestamp && echo -n " ["`date "+%T"`"]" > [ ! -x $seq ] && chmod u+x $seq # ensure we can run it > - ./$seq >$tmp.out 2>&1 > + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ > + ./$seq >$tmp.out 2>&1 THIS file requires /bin/bash, so using a bashism here is just fine.
On Tue, May 21, 2013 at 06:56:07AM -0600, Eric Blake wrote: > On 05/21/2013 06:43 AM, Stefan Hajnoczi wrote: > > glibc wipes malloc(3) memory when the MALLOC_PERTURB_ environment > > variable is set. The value of the environment variable determines the > > bit pattern used to wipe memory. For more information, see > > http://udrepper.livejournal.com/11429.html. > > > > Set MALLOC_PERTURB_ for gtester and qemu-iotests. Note we pick a random > > value from 1 to 255 to expose more bugs. If you need to reproduce a > > crash use 'show environment' in gdb to extract the MALLOC_PERTURB_ > > value from a core dump. > > > > Both make check and qemu-iotests pass with MALLOC_PERTURB_ enabled. > > > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > > --- > > tests/Makefile | 5 ++++- > > tests/qemu-iotests/check | 3 ++- > > 2 files changed, 6 insertions(+), 2 deletions(-) > > > > diff --git a/tests/Makefile b/tests/Makefile > > index a307d5a..24880c6 100644 > > --- a/tests/Makefile > > +++ b/tests/Makefile > > @@ -171,6 +171,7 @@ GCOV_OPTIONS = -n $(if $(V),-f,) > > $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y) > > $(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,) > > $(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \ > > + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ > > This is a Makefile; don't you need to use $$ instead of $ (three instances)? > > $RANDOM is a bash-ism. If make is run with SHELL as /bin/sh on a > platform where dash is the primary shell, it will fail: > > $ dash -c 'echo $(($RANDOM % 255))' > dash: 1: arithmetic expression: expecting primary: " % 255" > > HOWEVER: you can exploit the fact that inside $(()), you don't need $ to > use the value of a defined variable, and also the fact that unless set > -u is in effect, an undefined variable name silently evaluates as 0: > > $ dash -c 'echo $((RANDOM % 255))' > 0 > > then you could write the shell code: > > MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM % 255 + 1))} > > or the Makefile code: > > MALLOC_PERTURB_=$${MALLOC_PERTURB_:-$$((RANDOM % 255 + 1))} > > and things will at least work on /bin/sh as dash (even though there will > be no randomness and you are always testing with 1 in that case). Silly me. I did test it but it silently "worked". Will resend. Stefan
On 05/21/2013 09:17 AM, Stefan Hajnoczi wrote: >>> + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ >> >> This is a Makefile; don't you need to use $$ instead of $ (three instances)? >> > > Silly me. I did test it but it silently "worked". Yep, quite a fluke. GNU Make expands it to: MALLOC_PERTURB_= which meant you were setting it to the empty variable; and thus had no randomness but no syntax error to tell you your mistake.
diff --git a/tests/Makefile b/tests/Makefile index a307d5a..24880c6 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -171,6 +171,7 @@ GCOV_OPTIONS = -n $(if $(V),-f,) $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y) $(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,) $(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \ + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ gtester $(GTESTER_OPTIONS) -m=$(SPEED) $(check-qtest-$*-y),"GTESTER $@") $(if $(CONFIG_GCOV),@for f in $(gcov-files-$*-y); do \ echo Gcov report for $$f:;\ @@ -180,7 +181,9 @@ $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): check-qtest-%: $(check-qtest-y) .PHONY: $(patsubst %, check-%, $(check-unit-y)) $(patsubst %, check-%, $(check-unit-y)): check-%: % $(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,) - $(call quiet-command,gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*") + $(call quiet-command, \ + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ + gtester $(GTESTER_OPTIONS) -m=$(SPEED) $*,"GTESTER $*") $(if $(CONFIG_GCOV),@for f in $(gcov-files-$(subst tests/,,$*)-y); do \ echo Gcov report for $$f:;\ $(GCOV) $(GCOV_OPTIONS) $$f -o `dirname $$f`; \ diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check index 432732c..74628ae 100755 --- a/tests/qemu-iotests/check +++ b/tests/qemu-iotests/check @@ -214,7 +214,8 @@ do start=`_wallclock` $timestamp && echo -n " ["`date "+%T"`"]" [ ! -x $seq ] && chmod u+x $seq # ensure we can run it - ./$seq >$tmp.out 2>&1 + MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(($RANDOM % 255 + 1))} \ + ./$seq >$tmp.out 2>&1 sts=$? $timestamp && _timestamp stop=`_wallclock`
glibc wipes malloc(3) memory when the MALLOC_PERTURB_ environment variable is set. The value of the environment variable determines the bit pattern used to wipe memory. For more information, see http://udrepper.livejournal.com/11429.html. Set MALLOC_PERTURB_ for gtester and qemu-iotests. Note we pick a random value from 1 to 255 to expose more bugs. If you need to reproduce a crash use 'show environment' in gdb to extract the MALLOC_PERTURB_ value from a core dump. Both make check and qemu-iotests pass with MALLOC_PERTURB_ enabled. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> --- tests/Makefile | 5 ++++- tests/qemu-iotests/check | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-)