aboutsummaryrefslogtreecommitdiff
blob: 03f02dc3bca10e8cbd3376b1e061f8ad44024c66 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
/* Test cancellation of getpwuid_r.
   Copyright (C) 2016-2019 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

/* Test if cancellation of getpwuid_r incorrectly leaves internal
   function state locked resulting in hang of subsequent calls to
   getpwuid_r.  The main thread creates a second thread which will do
   the calls to getpwuid_r.  A semaphore is used by the second thread to
   signal to the main thread that it is as close as it can be to the
   call site of getpwuid_r.  The goal of the semaphore is to avoid any
   cancellable function calls between the sem_post and the call to
   getpwuid_r.  The main thread then attempts to cancel the second
   thread.  Without the fixes the cancellation happens at any number of
   calls to cancellable functions in getpuid_r, but with the fix the
   cancellation either does not happen or happens only at expected
   points where the internal state is consistent.  We use an explicit
   pthread_testcancel call to terminate the loop in a timely fashion
   if the implementation does not have a cancellation point.  */

#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>
#include <pwd.h>
#include <nss.h>
#include <sys/types.h>
#include <unistd.h>
#include <semaphore.h>
#include <errno.h>
#include <support/support.h>

sem_t started;
char *wbuf;
long wbufsz;

void
worker_free (void *arg)
{
  free (arg);
}

static void *
worker (void *arg)
{
  int ret;
  unsigned int iter = 0;
  struct passwd pwbuf, *pw;
  uid_t uid;

  uid = geteuid ();

  /* Use a reasonable sized buffer.  Note that _SC_GETPW_R_SIZE_MAX is
     just a hint and not any kind of maximum value.  */
  wbufsz = sysconf (_SC_GETPW_R_SIZE_MAX);
  if (wbufsz == -1)
    wbufsz = 1024;
  wbuf = xmalloc (wbufsz);

  pthread_cleanup_push (worker_free, wbuf);
  sem_post (&started);
  while (1)
    {
      iter++;

      ret = getpwuid_r (uid, &pwbuf, wbuf, wbufsz, &pw);

      /* The call to getpwuid_r may not cancel so we need to test
	 for cancellation after some number of iterations of the
	 function.  Choose an arbitrary 100,000 iterations of running
	 getpwuid_r in a tight cancellation loop before testing for
	 cancellation.  */
      if (iter > 100000)
	pthread_testcancel ();

      if (ret == ERANGE)
	{
	  /* Increase the buffer size.  */
	  free (wbuf);
	  wbufsz = wbufsz * 2;
	  wbuf = xmalloc (wbufsz);
	}

    }
  pthread_cleanup_pop (1);

  return NULL;
}

static int
do_test (void)
{
  int ret;
  char *buf;
  long bufsz;
  void *retval;
  struct passwd pwbuf, *pw;
  pthread_t thread;

  /* Configure the test to only use files. We control the files plugin
     as part of glibc so we assert that it should be deferred
     cancellation safe.  */
  __nss_configure_lookup ("passwd", "files");

  /* Use a reasonable sized buffer.  Note that  _SC_GETPW_R_SIZE_MAX is
     just a hint and not any kind of maximum value.  */
  bufsz = sysconf (_SC_GETPW_R_SIZE_MAX);
  if (bufsz == -1)
    bufsz = 1024;
  buf = xmalloc (bufsz);

  sem_init (&started, 0, 0);

  pthread_create (&thread, NULL, worker, NULL);

  do
  {
    ret = sem_wait (&started);
    if (ret == -1 && errno != EINTR)
      {
        printf ("FAIL: Failed to wait for second thread to start.\n");
	exit (EXIT_FAILURE);
      }
  }
  while (ret != 0);

  printf ("INFO: Cancelling thread\n");
  if ((ret = pthread_cancel (thread)) != 0)
    {
      printf ("FAIL: Failed to cancel thread. Returned %d\n", ret);
      exit (EXIT_FAILURE);
    }

  printf ("INFO: Joining...\n");
  pthread_join (thread, &retval);
  if (retval != PTHREAD_CANCELED)
    {
      printf ("FAIL: Thread was not cancelled.\n");
      exit (EXIT_FAILURE);
    }
  printf ("INFO: Joined, trying getpwuid_r call\n");

  /* Before the fix in 312be3f9f5eab1643d7dcc7728c76d413d4f2640 for this
     issue the cancellation point could happen in any number of internal
     calls, and therefore locks would be left held and the following
     call to getpwuid_r would block and the test would time out.  */
  do
    {
      ret = getpwuid_r (geteuid (), &pwbuf, buf, bufsz, &pw);
      if (ret == ERANGE)
	{
	  /* Increase the buffer size.  */
	  free (buf);
	  bufsz = bufsz * 2;
	  buf = xmalloc (bufsz);
	}
    }
  while (ret == ERANGE);

  free (buf);

  /* Before the fix we would never get here.  */
  printf ("PASS: Canceled getpwuid_r successfully"
	  " and called it again without blocking.\n");

  return 0;
}

#define TIMEOUT 900
#include <support/test-driver.c>