diff options
author | rwatson <rwatson@FreeBSD.org> | 2009-02-11 13:44:27 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2009-02-11 13:44:27 +0000 |
commit | 67e0c1a7505996ee05c0b9efe0b6cea95d82d244 (patch) | |
tree | fb00e41a994d95a66b51d17a39d1d5442c4181ec /tools | |
parent | e1484b460d583e3aa74247fc1d27b269548bd9e2 (diff) | |
download | FreeBSD-src-67e0c1a7505996ee05c0b9efe0b6cea95d82d244.zip FreeBSD-src-67e0c1a7505996ee05c0b9efe0b6cea95d82d244.tar.gz |
Add a regresion test to determine whether or not a file descriptor is
allocated in a fork(2)-inheritable way at the beginning or end of an
accept(2) system call. This test creates a test thread and blocks it
in accept(2), then forks a child process which tests to see if the
next available file descriptor is defined or not (EBADF vs EINVAL for
ftruncate(2)).
This detects a regression introduced during the network stack locking
work, in which a very narrow race during which fork(2) from one
thread during accept(2) in a second thread lead to an extra inherited
file descriptor turned into a very wide race ensuring that a
descriptor was leaked into the child even though it hadn't been
returned.
PR: kern/130348
Diffstat (limited to 'tools')
-rw-r--r-- | tools/regression/file/newfileops_on_fork/Makefile | 8 | ||||
-rw-r--r-- | tools/regression/file/newfileops_on_fork/newfileops_on_fork.c | 121 |
2 files changed, 129 insertions, 0 deletions
diff --git a/tools/regression/file/newfileops_on_fork/Makefile b/tools/regression/file/newfileops_on_fork/Makefile new file mode 100644 index 0000000..6ea44429 --- /dev/null +++ b/tools/regression/file/newfileops_on_fork/Makefile @@ -0,0 +1,8 @@ +# $FreeBSD$ + +PROG= newfileops_on_fork +NO_MAN= +WARNS?= 6 +LDFLAGS= -lpthread + +.include <bsd.prog.mk> diff --git a/tools/regression/file/newfileops_on_fork/newfileops_on_fork.c b/tools/regression/file/newfileops_on_fork/newfileops_on_fork.c new file mode 100644 index 0000000..42a6af7 --- /dev/null +++ b/tools/regression/file/newfileops_on_fork/newfileops_on_fork.c @@ -0,0 +1,121 @@ +/*- + * Copyright (c) 2009 Robert N. M. Watson + * All rights reserved. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +/* + * When a multi-threaded application calls fork(2) from one thread while + * another thread is blocked in accept(2), we prefer that the file descriptor + * to be returned by accept(2) not appear in the child process. Test this by + * creating a thread blocked in accept(2), then forking a child and seeing if + * the fd it would have returned is defined in the child or not. + */ + +#include <sys/socket.h> +#include <sys/wait.h> + +#include <netinet/in.h> + +#include <err.h> +#include <errno.h> +#include <pthread.h> +#include <signal.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define PORT 9000 + +static int listen_fd; + +static void * +do_accept(__unused void *arg) +{ + int accept_fd; + + accept_fd = accept(listen_fd, NULL, NULL); + if (accept_fd < 0) + err(-1, "accept"); + + return (NULL); +} + +static void +do_fork(void) +{ + int pid; + + pid = fork(); + if (pid < 0) + err(-1, "fork"); + if (pid > 0) { + waitpid(pid, NULL, 0); + exit(0); + } + + /* + * We will call ftruncate(2) on the next available file descriptor, + * listen_fd+1, and get back EBADF if it's not a valid descriptor, + * and EINVAL if it is. This (currently) works fine in practice. + */ + if (ftruncate(listen_fd + 1, 0 < 0)) { + if (errno == EBADF) + exit(0); + else if (errno == EINVAL) + errx(-1, "file descriptor still open in child"); + else + err(-1, "unexpected error"); + } else + errx(-1, "ftruncate succeeded"); +} + +int +main(__unused int argc, __unused char *argv[]) +{ + struct sockaddr_in sin; + pthread_t accept_thread; + + listen_fd = socket(PF_INET, SOCK_STREAM, 0); + if (listen_fd < 0) + err(-1, "socket"); + bzero(&sin, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_len = sizeof(sin); + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin.sin_port = htons(PORT); + if (bind(listen_fd, (struct sockaddr *)&sin, sizeof(sin)) < 0) + err(-1, "bind"); + if (listen(listen_fd, -1) <0) + err(-1, "listen"); + if (pthread_create(&accept_thread, NULL, do_accept, NULL) < 0) + err(-1, "pthread_create"); + sleep(1); /* Easier than using a CV. */; + do_fork(); + exit(0); +} |