kern/pipe/test-close.c

*f82cc820Santon/*	$OpenBSD: test-close.c,v 1.1 2020/06/29 18:25:37 anton Exp $	*/
*f82cc820Santon
*f82cc820Santon/*
*f82cc820Santon * Copyright (c) 2019 Anton Lindqvist <anton@openbsd.org>
*f82cc820Santon *
*f82cc820Santon * Permission to use, copy, modify, and distribute this software for any
*f82cc820Santon * purpose with or without fee is hereby granted, provided that the above
*f82cc820Santon * copyright notice and this permission notice appear in all copies.
*f82cc820Santon *
*f82cc820Santon * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
*f82cc820Santon * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
*f82cc820Santon * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
*f82cc820Santon * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
*f82cc820Santon * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
*f82cc820Santon * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
*f82cc820Santon * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*f82cc820Santon */
*f82cc820Santon
*f82cc820Santon#include <err.h>
*f82cc820Santon#include <pthread.h>
*f82cc820Santon#include <signal.h>
*f82cc820Santon#include <unistd.h>
*f82cc820Santon
*f82cc820Santon#include "pipe.h"
*f82cc820Santon
*f82cc820Santonstruct context {
*f82cc820Santon	volatile sig_atomic_t *c_alive;
*f82cc820Santon	int c_fd;
*f82cc820Santon};
*f82cc820Santon
*f82cc820Santonstatic void *close_thread(void *);
*f82cc820Santonstatic void sighandler(int);
*f82cc820Santon
*f82cc820Santonstatic volatile sig_atomic_t alive = 1;
*f82cc820Santon
*f82cc820Santon/*
*f82cc820Santon * Regression during close(2) causing a use-after-free.
*f82cc820Santon * The main thread repeatedly creates a new pipe which two other threads tries
*f82cc820Santon * to close. By default, 100 iterations is performed.
*f82cc820Santon */
*f82cc820Santonint
*f82cc820Santontest_close_race(void)
*f82cc820Santon{
*f82cc820Santon	pthread_t th1, th2;
*f82cc820Santon	struct context ctx1, ctx2;
*f82cc820Santon	int nrounds = 100;
*f82cc820Santon	int pip[2];
*f82cc820Santon	int error;
*f82cc820Santon
*f82cc820Santon	if (signal(SIGINT, sighandler) == SIG_ERR)
*f82cc820Santon		err(1, "signal");
*f82cc820Santon
*f82cc820Santon	ctx1.c_alive = &alive;
*f82cc820Santon	ctx1.c_fd = 3;
*f82cc820Santon	error = pthread_create(&th1, NULL, close_thread, &ctx1);
*f82cc820Santon	if (error)
*f82cc820Santon		errc(1, error, "pthread_create");
*f82cc820Santon	ctx2.c_alive = &alive;
*f82cc820Santon	ctx2.c_fd = 4;
*f82cc820Santon	error = pthread_create(&th2, NULL, close_thread, &ctx2);
*f82cc820Santon	if (error)
*f82cc820Santon		errc(1, error, "pthread_create");
*f82cc820Santon
*f82cc820Santon	while (alive) {
*f82cc820Santon		if (!infinity && nrounds-- == 0)
*f82cc820Santon			alive = 0;
*f82cc820Santon
*f82cc820Santon		if (pipe(pip) == -1)
*f82cc820Santon			err(1, "pipe");
*f82cc820Santon		if (pip[0] != 3)
*f82cc820Santon			close(pip[0]);
*f82cc820Santon		if (pip[1] != 4)
*f82cc820Santon			close(pip[1]);
*f82cc820Santon	}
*f82cc820Santon
*f82cc820Santon	error = pthread_join(th1, NULL);
*f82cc820Santon	if (error)
*f82cc820Santon		errc(1, error, "pthread_join");
*f82cc820Santon	error = pthread_join(th2, NULL);
*f82cc820Santon	if (error)
*f82cc820Santon		errc(1, error, "pthread_join");
*f82cc820Santon
*f82cc820Santon	return 0;
*f82cc820Santon}
*f82cc820Santon
*f82cc820Santonstatic void *
*f82cc820Santonclose_thread(void *arg)
*f82cc820Santon{
*f82cc820Santon	const struct context *ctx = arg;
*f82cc820Santon
*f82cc820Santon	while (*ctx->c_alive)
*f82cc820Santon		close(ctx->c_fd);
*f82cc820Santon
*f82cc820Santon	return NULL;
*f82cc820Santon}
*f82cc820Santon
*f82cc820Santonstatic void
*f82cc820Santonsighandler(int signo)
*f82cc820Santon{
*f82cc820Santon
*f82cc820Santon	alive = 0;
*f82cc820Santon}